Environment Credential

Authenticates using environment variables for service principal credentials, supporting both client secret and client certificate authentication.

Capabilities

Environment Variable Authentication

Reads credential information from environment variables to authenticate service principals.

/**
 * Authenticates using environment variables for service principal credentials
 */
class EnvironmentCredential implements TokenCredential {
    Mono<AccessToken> getToken(TokenRequestContext request);
    AccessToken getTokenSync(TokenRequestContext request);
}

class EnvironmentCredentialBuilder extends CredentialBuilderBase<EnvironmentCredentialBuilder> {
    EnvironmentCredentialBuilder authorityHost(String authorityHost);
    EnvironmentCredentialBuilder executorService(ExecutorService executorService);
    EnvironmentCredential build();
}

Supported Environment Variables:

For Client Secret Authentication:

• AZURE_CLIENT_ID - The application (client) ID
• AZURE_CLIENT_SECRET - The client secret
• AZURE_TENANT_ID - The tenant ID
• AZURE_AUTHORITY_HOST (optional) - The authority host URL

For Client Certificate Authentication:

• AZURE_CLIENT_ID - The application (client) ID
• AZURE_CLIENT_CERTIFICATE_PATH - Path to PEM or PFX certificate file
• AZURE_CLIENT_CERTIFICATE_PASSWORD - Certificate password (if required)
• AZURE_TENANT_ID - The tenant ID
• AZURE_AUTHORITY_HOST (optional) - The authority host URL

Usage Examples:

import com.azure.identity.EnvironmentCredential;
import com.azure.identity.EnvironmentCredentialBuilder;

// Create credential using environment variables
TokenCredential credential = new EnvironmentCredentialBuilder()
    .build();

// Use with Azure SDK clients
SecretClient client = new SecretClientBuilder()
    .vaultUrl("https://myvault.vault.azure.net/")
    .credential(credential)
    .buildClient();

Exception Handling

Throws CredentialUnavailableException when required environment variables are not set or invalid.