Backend statefile authenticate with certificate


Perhaps this is unsupported or I have a bad configuration; I’m trying to configure the statefile to be stored on an Azure storage blob where both the azurerm provider and the backend is configured for certificate authentication (AAD). I can only however get the remote statefile configured with the access_key configured.

# Aim to use the latest version of Terraform and the azurerm provider where possible.
terraform {
  required_version = ">= 1.6.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
   backend "azurerm" {
    resource_group_name = "myresourcegroup"
    storage_account_name = "mystorageaccount"
    container_name  = "tfstate"
    key = "terraform.tfstate"
    use_azuread_auth = true
# Configure the Microsoft Azure Provider:
provider "azurerm" {
  features {}
  tenant_id       = var.tenant_id
  client_id       = "client_id"
  subscription_id = "sub_id"
  client_certificate_path = "/bath/to/pfx"
  client_certificate_password = var.client_certificate_password

When running terraform apply I get:

Initializing the backend...
│ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
│ To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
│ auth method - instructions for which can be found here:
│ Alternatively you can authenticate using the Azure CLI by using a User Account.