Hello,
Perhaps this is unsupported or I have a bad configuration; I’m trying to configure the statefile to be stored on an Azure storage blob where both the azurerm provider and the backend is configured for certificate authentication (AAD). I can only however get the remote statefile configured with the access_key configured.
# Aim to use the latest version of Terraform and the azurerm provider where possible.
terraform {
required_version = ">= 1.6.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.0.0"
}
}
backend "azurerm" {
resource_group_name = "myresourcegroup"
storage_account_name = "mystorageaccount"
container_name = "tfstate"
key = "terraform.tfstate"
use_azuread_auth = true
}
}
# Configure the Microsoft Azure Provider:
provider "azurerm" {
features {}
tenant_id = var.tenant_id
client_id = "client_id"
subscription_id = "sub_id"
client_certificate_path = "/bath/to/pfx"
client_certificate_password = var.client_certificate_password
}
When running terraform apply I get:
Initializing the backend...
╷
│ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
│
│ To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
│ auth method - instructions for which can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
│
│ Alternatively you can authenticate using the Azure CLI by using a User Account.
│
│
╵