Class EnvironmentCredential

Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.

Required environment variables:

• AZURE_TENANT_ID: The Microsoft Entra tenant (directory) ID.
• AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.

If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants

• AZURE_ADDITIONALLY_ALLOWED_TENANTS: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.

Environment variables used for client credential authentication:

• AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.
• AZURE_CLIENT_CERTIFICATE_PATH: The path to a PEM certificate to use during the authentication, instead of the client secret.
• AZURE_CLIENT_CERTIFICATE_PASSWORD: (optional) password for the certificate file.
• AZURE_CLIENT_SEND_CERTIFICATE_CHAIN: (optional) indicates that the certificate chain should be set in x5c header to support subject name / issuer based authentication.

Username and password authentication is deprecated, since it doesn't support multifactor authentication (MFA). See https://aka.ms/azsdk/identity/mfa for more details. Users can still provide environment variables for this authentication method:

• AZURE_USERNAME: Username to authenticate with.
• AZURE_PASSWORD: Password to authenticate with.

If the environment variables required to perform the authentication are missing, a CredentialUnavailableError will be thrown. If the authentication fails, or if there's an unknown error, an AuthenticationError will be thrown.

Authenticates with Microsoft Entra ID and returns an access token if successful.