Learn how to configure an Azure Client Secrets Connection for Infisical.
Infisical currently only supports one method for connecting to Azure, which is OAuth.
Using the Azure Client Secrets connection on a self-hosted instance of Infisical requires configuring an application in Azure
and registering your instance with it.
Prerequisites:
Set up Azure.
1
Create an application in Azure
Navigate to Azure Active Directory > App registrations to create a new application.
Azure Active Directory is now Microsoft Entra ID.
Create the application. As part of the form, set the Redirect URI to https://your-domain.com/organization/app-connections/azure/oauth/callback.
The domain you defined in the Redirect URI should be equivalent to the SITE_URL configured in your Infisical instance.
2
Assign API permissions to the application
For the Azure Connection to work with Client Secrets, you need to assign the following permission to the application.
Set the API permissions of the Azure application to include the following permissions:
Microsoft Graph
Application.ReadWrite.All
Application.ReadWrite.OwnedBy
Application.ReadWrite.All (Delegated)
Directory.ReadWrite.All (Delegated)
User.Read (Delegated)
Azure App Configuration
KeyValue.Delete (Delegated)
KeyValue.Read (Delegated)
KeyValue.Write (Delegated)
Access Key Vault
user_impersonation (Delegated)
3
Add your application credentials to Infisical
Obtain the Application (Client) ID and Directory (Tenant) ID (this will be used later in the Infisical connection) in Overview and generate a Client Secret in Certificate & secrets for your Azure application.
Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.
INF_APP_CONNECTION_AZURE_CLIENT_ID: The Application (Client) ID of your Azure application.
INF_APP_CONNECTION_AZURE_CLIENT_SECRET: The Client Secret of your Azure application.
Once added, restart your Infisical instance and use the Azure Client Secrets connection.
Navigate to the App Connections tab on the Organization Settings page.
2
Add Connection
Select the Azure Connection option from the connection options modal.
3
Authorize Connection
Fill in the Tenant ID field with the Directory (Tenant) ID you obtained in the previous step.
Now select the OAuth method and click Connect to Azure.
4
Grant Access
You will then be redirected to Azure to grant Infisical access to your Azure account. Once granted,
you will be redirected back to Infisical’s App Connections page.
5
Connection Created
Your Azure Client Secrets Connection is now available for use.