Authentication Configuration
This section describes the authentication configuration used to connect to the Schema Registry service. In a later release, this scheme will be used for authentication to other services
The Authentication element has several settings, with a mandatory Type specifying the kind of credentials to use, along with additional type‑specific values.
Authentication Types
The Type for Schema Registry can be one of the following.
| Value | Uses... |
|---|---|
| AzureLogin |
AzureCliCredentials, requiring the az login command to be run. |
| AzureClientSecret | AzureClientSecretCredentials. |
| AzureEnvironment | AzureEnvironmentCredentials, which relies on AZURE_xxx environment variables. |
Type-Specific Parameters
Some authentication types require additional parameters, as follows.
AzureClientSecret
For AzureClientSecret, you must provide the following credential values for your Azure subscription.
| Credential | Description |
|---|---|
| TenantId | Azure Active Directory (AD) tenant ID associated with your subscription. |
| ClientId | Client ID of an Azure AD application that has access to the Schema Registry. |
| ClientSecret | Client secret for the Azure AD application specified by ClientId. |
AzureEnvironment
For AzureEnvironment, the same credential values as those in the previous table under "AzureClientSecret" are used but they are read from fixed environment variables, as follows.
| Fixed Environment Variable | Description |
|---|---|
| AZURE_TENANT_ID | Azure Active Directory (AD) tenant ID. |
| AZURE_CLIENT_ID | Client ID of the Azure AD application. |
| AZURE_CLIENT_SECRET | Client secret for the Azure AD application. |
Example Configuration
The following is an example "Authentication" configuration.
"Authentication": {
"Type": "AzureClientSecret",
"TenantId": "99998888-ffff-7777-eeee-6666dddd5555",
"ClientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"ClientSecret": "abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEFGHIJKLMNOP==" }
Environment Variable Placeholders
To avoid storing secret credentials directly in configuration files, environment variables are often used to inject these values into the application process. This technique is especially useful in Cloud environments.
Instead of specifying actual values in the configuration, you can use environment variable placeholders, which follow the following convention in which EnvironmentVariable is the name of the environment variable to use. By convention, these are typically written in uppercase characters.
"${EnvironmentVariable}"
The following is a configuration example that uses environment variables.
"Authentication": {
"Type": "${ENV-AUTH-TYPE}",
"TenantId": "${ENV-TENANT-ID}",
"ClientId": "${ENV-CLIENT-ID}",
"ClientSecret": "${ENV-CLIENT-SECRET}" }
Usage Note
It is recommended that you use Azure Key Vault or another secure secret management solution to store sensitive information such as ConnectionString and ClientSecret, rather than including them directly in configuration files.
