Share via


CredentialSource Enum

Definition

Source for a credential. Credentials are used to prove the identity of the application (See ClientCredentials), or to decrypt tokens (See TokenDecryptionCredentials). Credentials can be secrets (client secrets), certificates, or signed assertions. They can be stored or provided in a variety of ways, and this enumeration describes these ways. It's used in the SourceType property.

public enum CredentialSource
type CredentialSource = 
Public Enum CredentialSource
Inheritance
CredentialSource

Fields

Name Value Description
Certificate 0

Use this value if you provide a certificate yourself. When setting the SourceType property to this value, you will also provide the Certificate.

KeyVault 1

Use this value when the certificate is stored in Azure Key Vault. When setting the SourceType property to this value, you'll also provide the KeyVaultUrl and KeyVaultCertificateName properties.

Base64Encoded 2

Use this value when you provide a Base64 encoded string. When setting the SourceType property to this value, you'll also provide the Base64EncodedValue property and optionally, the CertificatePassword.

Path 3

Use this value when you provide a path to a file containing the certificate on disk. When setting the SourceType property to this value, you'll also provide the CertificateDiskPath property, and optionally, the CertificatePassword

StoreWithThumbprint 4

Use this value when you provide a certificate from the certificate store, described by its thumbprint. When setting the SourceType property to this value, you'll also provide the CertificateThumbprint and CertificateStorePath properties.

StoreWithDistinguishedName 5

Use this value when you provide a certificate from the certificate store, described by its distinguished name. When setting the SourceType property to this value, you'll also provide the CertificateDistinguishedName and CertificateStorePath properties.

ClientSecret 6

Use this value when you provide a client secret. When setting the SourceType property to this value, you'll also provide the ClientSecret.

SignedAssertionFromManagedIdentity 7

Use this value for a Certificateless client credentials using workload identity federation with managed identity. When setting the SourceType property to this value, you can also provide a user assigned managed identity using the ManagedIdentityClientId. If you don't the client credential will be based on the system assigned managed identity.

SignedAssertionFilePath 8

Use this value for a Certificateless client credentials using workload identity federation with Azure Kubernetes Services (AKS). When setting the SourceType property to this value, you can also optionally provide a path containing the signed assertion. If you don't the credential will be searched in files contained in the following environment variables: AZURE_FEDERATED_TOKEN_FILE and AZURE_ACCESS_TOKEN_FILE.

SignedAssertionFromVault 9

Use this value for a certificateless client credentials generated from another vault. When setting the SourceType property to this value, you can also optionally provide the name of a certificate used to compute the signed assertion using the KeyVaultCertificateName property.

AutoDecryptKeys 10

Use this value for automatic decrypt keys used by a web API to decrypt an encrypted token. When setting the SourceType property to this value, also use the DecryptKeysAuthenticationOptions to provide the tenant used by the web API to get a token to get the decrypt keys. This value only applies to TokenDecryptionCredentials, but the client credentials are used to get the token to acquire the decrypt keys.

Applies to