1. Database Net Services Reference
  2. Centralized Configuration Provider Naming Parameters
  3. Azure App Configuration Store Parameters

7.3 Azure App Configuration Store Parameters

These are the parameters that you can specify for a key-name in the Azure App Configuration store.

Parameter Name and Description Allowed Value Default Value

AUTHENTICATION

Controls how the Centralized Configuration Provider component authenticates with the Azure App Configuration store.

  • DEFAULT

    Provides the default token credential authentication flow.

    This flow tries the following credential types (if enabled) in an order:

    1. Environment variables: Uses the AZURE_TENANT_ID, AZURE_CLIENT_CERTIFICATE_PATH, AZURE_CLIENT_SEND_CERTIFICATE_CHAIN, AZURE_CLIENT_ID, and AZURE_SECRET_ID environment variables if set. When all of these variables are available, then AZURE_CLIENT_ID and AZURE_SECRET_ID are used.

    2. Managed Identity credentials: If the database client application is running on an Azure instance, then it tries to use its managed identity credentials. If the instance is configured to access the Azure App Configuration instance, then authentication succeeds.

  • AZURE_SERVICE_PRINCIPAL

    Enables authentication to Azure Active Directory (Azure AD) using a client secret. This is the value that is generated during app registration.

    This option also enables authentication to Azure Active Directory using an X509 certificate that is assigned to its app registration.

    Additional parameters are needed to complete authentication based on this method.

    To use a client secret, specify the AZURE_CLIENT_ID and AZURE_CLIENT_SECRET values.

    To use a certificate, specify the AZURE_CLIENT_CERTIFICATE parameter.

    When both the client secret and certificate are specified, then client certificate authentication is used.

  • AZURE_MANAGED_IDENTITY

    Attempts authentication using a managed identity that has been assigned to the deployment environment.

    This authentication type works for Azure Virtual Machines, App Service, Azure Functions applications, and the Azure Cloud Shell.

    To use Managed User Identity for authentication, you must also set the AZURE_MANAGED_IDENTITY_CLIENT_ID parameter.

DEFAULT

AZURE_TENANT_ID

Tenant ID associated with an Azure subscription. Azure AD is trusted to authenticate users, services, and devices for the subscription.

Tenant ID associated with an Azure subscription.

None

AZURE_CLIENT_ID

Client ID associated with an Azure application registration for authenticating to Azure AD.

Application (client) ID value that appears on the registered application essentials page.

None

AZURE_CLIENT_SECRET

Credentials enable confidential applications to identify themselves to the authentication service when receiving tokens at a web address location (using an HTTPS scheme).

Client Secret associated with Azure Application registration for authenticating to Azure Active Directory.

This value appears when you create a new client secret. This value is shown only at the time of creating the secret.

None

AZURE_CLIENT_CERTIFICATE

Enables authentication of a service principal to Azure AD using an X509 certificate that is assigned during app registration.

File system path of the certificate.

Specify the following additional parameters, as required:

  • https_proxy and https_proxy_port: Set these parameters when the client is behind a corporate https proxy.

  • timeout: Specifies timeout on each HTTP call, in seconds. Set this parameter to avoid long network delays or indefinite waiting for a server's response.

None

Parent topic: Centralized Configuration Provider Naming Parameters