Protecting the Azure credential provider
In the previous recipe, we studied how to automatically authenticate the Terraform context in Azure Cloud Shell with our personal account and permissions. However, in a company context, as well as in production, it is very bad practice to use your personal account as this could expire, be deleted, or, even worse, be misused.
Therefore, one of the options we have when running Terraform in Azure is to use an app registration account (also known as a service principal) that is not linked to a physical person.
In this recipe, we will first study the creation of this service principal and then we will see how to use it securely to run a Terraform configuration.
Getting ready
To apply the first part of this recipe, you must have user account creation permissions in Azure Active Directory. Moreover, to create this service principal, we will do it using the command line with the Azure CLI tool, documentation relating to which is available...
