Log In
Start for Free
Start for Free

Documentation

Integrations

CLI

API Reference

SDKs

Changelog

Infrastructure Integrations

Ansible
Apache Airflow
Container orchestrators
Docker
Infisical Agent
Packer
Pulumi
Terraform

App Connections

Overview
Connections

Secret Syncs

Overview
Syncs

Native Integrations

AWS
Vercel
Azure Key Vault
Azure App Configuration
Azure DevOps
GCP Secret Manager
Cloudflare
Terraform Cloud
Databricks
View more

CI/CD Integrations

Jenkins Plugin
GitHub Actions
GitLab
Bitbucket
TeamCity
View more

Framework Integrations

Spring Boot with Maven
React
Vue
Express, Fastify, Koa
View more

Build Tool Integrations

Gradle

Others

Backstage Infisical Plugin

On this page

Setup Azure Connection in Infisical

Connections

Azure Client Secrets Connection

Learn how to configure an Azure Client Secrets Connection for Infisical.

Infisical currently only supports two methods for connecting to Azure, which are OAuth and Client Secrets.

Self-Hosted Instance

Using the Azure Client Secrets connection on a self-hosted instance of Infisical requires configuring an application in Azure and registering your instance with it.Prerequisites:

Set up Azure.

Create an application in Azure

Navigate to Azure Active Directory > App registrations to create a new application.

Azure Active Directory is now Microsoft Entra ID.

Create the application. As part of the form, set the Redirect URI to https://your-domain.com/organization/app-connections/azure/oauth/callback.

The domain you defined in the Redirect URI should be equivalent to the SITE_URL configured in your Infisical instance.

Assign API permissions to the application

For the Azure Connection to work with Client Secrets, you need to assign the following permission to the application.

Azure Client Secrets permissions

Set the API permissions of the Azure application to include the following permissions:

Microsoft Graph
- Application.ReadWrite.All
- Application.ReadWrite.OwnedBy
- Application.ReadWrite.All (Delegated)
- Directory.ReadWrite.All (Delegated)
- User.Read (Delegated)

Add your application credentials to Infisical

Obtain the Application (Client) ID and Directory (Tenant) ID (this will be used later in the Infisical connection) in Overview and generate a Client Secret in Certificate & secrets for your Azure application. Azure client secrets

Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.

INF_APP_CONNECTION_AZURE_CLIENT_SECRETS_CLIENT_ID: The Application (Client) ID of your Azure application.
INF_APP_CONNECTION_AZURE_CLIENT_SECRETS_CLIENT_SECRET: The Client Secret of your Azure application.

Once added, restart your Infisical instance and use the Azure Client Secrets connection.

Client Secret Authentication

Ensure your Azure application has the required permissions that Infisical needs for the Azure Client Secrets connection to work.Prerequisites:

An active Azure setup.

Assign API permissions to the application

For the Azure Client Secrets connection to work, assign the following permissions to your Azure application:

Required API Permissions

Microsoft Graph

Application.ReadWrite.All
Application.ReadWrite.OwnedBy
Application.ReadWrite.All (Delegated)
Directory.ReadWrite.All (Delegated)
User.Read (Delegated)

Setup Azure Connection in Infisical

Navigate to App Connections

Navigate to the App Connections tab on the Organization Settings page. App Connections
Tab

Add Connection

Select the Azure Connection option from the connection options modal. Select Azure Connection

Create Connection

Authorize Connection

Fill in the Tenant ID field with the Directory (Tenant) ID you obtained in the previous step.Now select the OAuth method and click Connect to Azure. Connect via Azure OAUth

Grant Access

You will then be redirected to Azure to grant Infisical access to your Azure account. Once granted, you will be redirected back to Infisical’s App Connections page. Azure Client Secrets
Authorization