[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-7535211a-25af-4df7-9a35-f58b1c53f277":3,"$f0HQ6OzhMXR7eaEBlsw9UlP90iQAr7HJlr0mOM9OYenU":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"7535211a-25af-4df7-9a35-f58b1c53f277","azure-identity-py","Azure Identity SDK for Python身份验证。用于DefaultAzureCredential、托管标识、服务主体和令牌缓存。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: azure-identity-py\ndescription: Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching.\nrisk: unknown\nsource: community\ndate_added: '2026-02-27'\n---\n\n# Azure Identity SDK for Python\n\nAuthentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).\n\n## Installation\n\n```bash\npip install azure-identity\n```\n\n## Environment Variables\n\n```bash\n# Service Principal (for production\u002FCI)\nAZURE_TENANT_ID=\u003Cyour-tenant-id>\nAZURE_CLIENT_ID=\u003Cyour-client-id>\nAZURE_CLIENT_SECRET=\u003Cyour-client-secret>\n\n# User-assigned Managed Identity (optional)\nAZURE_CLIENT_ID=\u003Cmanaged-identity-client-id>\n```\n\n## DefaultAzureCredential\n\nThe recommended credential for most scenarios. Tries multiple authentication methods in order:\n\n```python\nfrom azure.identity import DefaultAzureCredential\nfrom azure.storage.blob import BlobServiceClient\n\n# Works in local dev AND production without code changes\ncredential = DefaultAzureCredential()\n\nclient = BlobServiceClient(\n    account_url=\"https:\u002F\u002F\u003Caccount>.blob.core.windows.net\",\n    credential=credential\n)\n```\n\n### Credential Chain Order\n\n| Order | Credential | Environment |\n|-------|-----------|-------------|\n| 1 | EnvironmentCredential | CI\u002FCD, containers |\n| 2 | WorkloadIdentityCredential | Kubernetes |\n| 3 | ManagedIdentityCredential | Azure VMs, App Service, Functions |\n| 4 | SharedTokenCacheCredential | Windows only |\n| 5 | VisualStudioCodeCredential | VS Code with Azure extension |\n| 6 | AzureCliCredential | `az login` |\n| 7 | AzurePowerShellCredential | `Connect-AzAccount` |\n| 8 | AzureDeveloperCliCredential | `azd auth login` |\n\n### Customizing DefaultAzureCredential\n\n```python\n# Exclude credentials you don't need\ncredential = DefaultAzureCredential(\n    exclude_environment_credential=True,\n    exclude_shared_token_cache_credential=True,\n    managed_identity_client_id=\"\u003Cuser-assigned-mi-client-id>\"  # For user-assigned MI\n)\n\n# Enable interactive browser (disabled by default)\ncredential = DefaultAzureCredential(\n    exclude_interactive_browser_credential=False\n)\n```\n\n## Specific Credential Types\n\n### ManagedIdentityCredential\n\nFor Azure-hosted resources (VMs, App Service, Functions, AKS):\n\n```python\nfrom azure.identity import ManagedIdentityCredential\n\n# System-assigned managed identity\ncredential = ManagedIdentityCredential()\n\n# User-assigned managed identity\ncredential = ManagedIdentityCredential(\n    client_id=\"\u003Cuser-assigned-mi-client-id>\"\n)\n```\n\n### ClientSecretCredential\n\nFor service principal with secret:\n\n```python\nfrom azure.identity import ClientSecretCredential\n\ncredential = ClientSecretCredential(\n    tenant_id=os.environ[\"AZURE_TENANT_ID\"],\n    client_id=os.environ[\"AZURE_CLIENT_ID\"],\n    client_secret=os.environ[\"AZURE_CLIENT_SECRET\"]\n)\n```\n\n### AzureCliCredential\n\nUses the account from `az login`:\n\n```python\nfrom azure.identity import AzureCliCredential\n\ncredential = AzureCliCredential()\n```\n\n### ChainedTokenCredential\n\nCustom credential chain:\n\n```python\nfrom azure.identity import (\n    ChainedTokenCredential,\n    ManagedIdentityCredential,\n    AzureCliCredential\n)\n\n# Try managed identity first, fall back to CLI\ncredential = ChainedTokenCredential(\n    ManagedIdentityCredential(client_id=\"\u003Cuser-assigned-mi-client-id>\"),\n    AzureCliCredential()\n)\n```\n\n## Credential Types Table\n\n| Credential | Use Case | Auth Method |\n|------------|----------|-------------|\n| `DefaultAzureCredential` | Most scenarios | Auto-detect |\n| `ManagedIdentityCredential` | Azure-hosted apps | Managed Identity |\n| `ClientSecretCredential` | Service principal | Client secret |\n| `ClientCertificateCredential` | Service principal | Certificate |\n| `AzureCliCredential` | Local development | Azure CLI |\n| `AzureDeveloperCliCredential` | Local development | Azure Developer CLI |\n| `InteractiveBrowserCredential` | User sign-in | Browser OAuth |\n| `DeviceCodeCredential` | Headless\u002FSSH | Device code flow |\n\n## Getting Tokens Directly\n\n```python\nfrom azure.identity import DefaultAzureCredential\n\ncredential = DefaultAzureCredential()\n\n# Get token for a specific scope\ntoken = credential.get_token(\"https:\u002F\u002Fmanagement.azure.com\u002F.default\")\nprint(f\"Token expires: {token.expires_on}\")\n\n# For Azure Database for PostgreSQL\ntoken = credential.get_token(\"https:\u002F\u002Fossrdbms-aad.database.windows.net\u002F.default\")\n```\n\n## Async Client\n\n```python\nfrom azure.identity.aio import DefaultAzureCredential\nfrom azure.storage.blob.aio import BlobServiceClient\n\nasync def main():\n    credential = DefaultAzureCredential()\n    \n    async with BlobServiceClient(\n        account_url=\"https:\u002F\u002F\u003Caccount>.blob.core.windows.net\",\n        credential=credential\n    ) as client:\n        # ... async operations\n        pass\n    \n    await credential.close()\n```\n\n## Best Practices\n\n1. **Use DefaultAzureCredential** for code that runs locally and in Azure\n2. **Never hardcode credentials** — use environment variables or managed identity\n3. **Prefer managed identity** in production Azure deployments\n4. **Use ChainedTokenCredential** when you need a custom credential order\n5. **Close async credentials** explicitly or use context managers\n6. **Set AZURE_CLIENT_ID** for user-assigned managed identities\n7. **Exclude unused credentials** to speed up authentication\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,209,630,"2026-05-16 13:06:30",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"eb264ed4-f60b-409d-94b0-a2f3820217a8","1.0.0","azure-identity-py.zip",2126,"uploads\u002Fskills\u002F7535211a-25af-4df7-9a35-f58b1c53f277\u002Fazure-identity-py.zip","290377651616a86cf1561785a9d5a81275e52be291b41c29d9092688e62ee7fc","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":5738}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]