← 返回 Skills 市场
1936
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install azure-identity-py
功能描述
Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching.
Triggers: "azure-identity", "DefaultAzureCredential", "authentication", "managed identity", "service principal", "credential".
使用说明 (SKILL.md)
Azure Identity SDK for Python
Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).
Installation
pip install azure-identity
Environment Variables
# Service Principal (for production/CI)
AZURE_TENANT_ID=\x3Cyour-tenant-id>
AZURE_CLIENT_ID=\x3Cyour-client-id>
AZURE_CLIENT_SECRET=\x3Cyour-client-secret>
# User-assigned Managed Identity (optional)
AZURE_CLIENT_ID=\x3Cmanaged-identity-client-id>
DefaultAzureCredential
The recommended credential for most scenarios. Tries multiple authentication methods in order:
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient
# Works in local dev AND production without code changes
credential = DefaultAzureCredential()
client = BlobServiceClient(
account_url="https://\x3Caccount>.blob.core.windows.net",
credential=credential
)
Credential Chain Order
| Order | Credential | Environment |
|---|---|---|
| 1 | EnvironmentCredential | CI/CD, containers |
| 2 | WorkloadIdentityCredential | Kubernetes |
| 3 | ManagedIdentityCredential | Azure VMs, App Service, Functions |
| 4 | SharedTokenCacheCredential | Windows only |
| 5 | VisualStudioCodeCredential | VS Code with Azure extension |
| 6 | AzureCliCredential | az login |
| 7 | AzurePowerShellCredential | Connect-AzAccount |
| 8 | AzureDeveloperCliCredential | azd auth login |
Customizing DefaultAzureCredential
# Exclude credentials you don't need
credential = DefaultAzureCredential(
exclude_environment_credential=True,
exclude_shared_token_cache_credential=True,
managed_identity_client_id="\x3Cuser-assigned-mi-client-id>" # For user-assigned MI
)
# Enable interactive browser (disabled by default)
credential = DefaultAzureCredential(
exclude_interactive_browser_credential=False
)
Specific Credential Types
ManagedIdentityCredential
For Azure-hosted resources (VMs, App Service, Functions, AKS):
from azure.identity import ManagedIdentityCredential
# System-assigned managed identity
credential = ManagedIdentityCredential()
# User-assigned managed identity
credential = ManagedIdentityCredential(
client_id="\x3Cuser-assigned-mi-client-id>"
)
ClientSecretCredential
For service principal with secret:
from azure.identity import ClientSecretCredential
credential = ClientSecretCredential(
tenant_id=os.environ["AZURE_TENANT_ID"],
client_id=os.environ["AZURE_CLIENT_ID"],
client_secret=os.environ["AZURE_CLIENT_SECRET"]
)
AzureCliCredential
Uses the account from az login:
from azure.identity import AzureCliCredential
credential = AzureCliCredential()
ChainedTokenCredential
Custom credential chain:
from azure.identity import (
ChainedTokenCredential,
ManagedIdentityCredential,
AzureCliCredential
)
# Try managed identity first, fall back to CLI
credential = ChainedTokenCredential(
ManagedIdentityCredential(client_id="\x3Cuser-assigned-mi-client-id>"),
AzureCliCredential()
)
Credential Types Table
| Credential | Use Case | Auth Method |
|---|---|---|
DefaultAzureCredential |
Most scenarios | Auto-detect |
ManagedIdentityCredential |
Azure-hosted apps | Managed Identity |
ClientSecretCredential |
Service principal | Client secret |
ClientCertificateCredential |
Service principal | Certificate |
AzureCliCredential |
Local development | Azure CLI |
AzureDeveloperCliCredential |
Local development | Azure Developer CLI |
InteractiveBrowserCredential |
User sign-in | Browser OAuth |
DeviceCodeCredential |
Headless/SSH | Device code flow |
Getting Tokens Directly
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()
# Get token for a specific scope
token = credential.get_token("https://management.azure.com/.default")
print(f"Token expires: {token.expires_on}")
# For Azure Database for PostgreSQL
token = credential.get_token("https://ossrdbms-aad.database.windows.net/.default")
Async Client
from azure.identity.aio import DefaultAzureCredential
from azure.storage.blob.aio import BlobServiceClient
async def main():
credential = DefaultAzureCredential()
async with BlobServiceClient(
account_url="https://\x3Caccount>.blob.core.windows.net",
credential=credential
) as client:
# ... async operations
pass
await credential.close()
Best Practices
- Use DefaultAzureCredential for code that runs locally and in Azure
- Never hardcode credentials — use environment variables or managed identity
- Prefer managed identity in production Azure deployments
- Use ChainedTokenCredential when you need a custom credential order
- Close async credentials explicitly or use context managers
- Set AZURE_CLIENT_ID for user-assigned managed identities
- Exclude unused credentials to speed up authentication
安全使用建议
This SKILL.md appears to be a straightforward guide for the official azure-identity Python SDK, but the skill metadata does not declare the sensitive environment variables the document uses. Before installing or enabling this skill: 1) Confirm the skill's source/author (no homepage or repository is provided). 2) Only provide AZURE_* credentials when you trust the skill and the runtime environment — avoid pasting secrets into chat. 3) Prefer managed identities in production (avoid long-lived client secrets). 4) Ask the skill author to declare required env vars in metadata so you can make an informed decision. 5) If an agent will run this skill autonomously, be extra cautious because obtained tokens could grant access to Azure resources; restrict the agent's Azure permissions (least privilege) and monitor token use.
功能分析
Type: OpenClaw Skill
Name: azure-identity-py
Version: 0.1.0
The skill bundle provides documentation and code examples for the `azure-identity` Python SDK. It instructs the agent to install the legitimate `azure-identity` package via `pip install`. The content describes standard practices for Azure authentication, including reading credentials from environment variables, which is appropriate for an identity library. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. All actions are clearly aligned with the stated purpose of facilitating Azure authentication.
能力评估
Purpose & Capability
The skill's name, description, and instructions match: it's a usage guide for the Azure Identity SDK for Python. The examples and credential types shown are appropriate for that purpose. However, the metadata declares no required environment variables even though the README shows service-principal and managed-identity environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET).
Instruction Scope
SKILL.md only shows usage examples for DefaultAzureCredential and other Azure credentials and how to call get_token; it does not instruct the agent to read unrelated system files, post tokens to external endpoints, or perform actions outside of authentication usage. Examples reference environment variables (and os.environ) which is expected for this library.
Install Mechanism
This is an instruction-only skill with no install spec or code files. The document tells users to run `pip install azure-identity`, which is normal; nothing in the skill instructs downloading arbitrary or untrusted code.
Credentials
The SKILL.md shows and uses sensitive environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and user-assigned managed identity client IDs) but the skill metadata lists no required env vars or primary credential. That mismatch could lead an unsuspecting user or agent to provide secrets without realizing the skill expects them. The credential usage itself is appropriate for the described purpose, but the metadata omission reduces transparency about sensitive data needs.
Persistence & Privilege
The skill does not request persistent presence (always:false) and contains no instructions to modify other skills or system-wide configurations. Autonomous invocation is allowed by default on the platform but is not combined here with other elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install azure-identity-py - 安装完成后,直接呼叫该 Skill 的名称或使用
/azure-identity-py触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of azure-identity-py skill.
- Provides usage guidance for Azure Identity SDK authentication in Python.
- Documents DefaultAzureCredential, managed identity, service principals, and token caching.
- Includes credential chain order, environment variable setup, and async usage examples.
- Covers best practices and credential selection for local and cloud scenarios.
元数据
常见问题
Azure Identity Py 是什么?
Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching. Triggers: "azure-identity", "DefaultAzureCredential", "authentication", "managed identity", "service principal", "credential". 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1936 次。
如何安装 Azure Identity Py?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install azure-identity-py」即可一键安装,无需额外配置。
Azure Identity Py 是免费的吗?
是的,Azure Identity Py 完全免费(开源免费),可自由下载、安装和使用。
Azure Identity Py 支持哪些平台?
Azure Identity Py 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Azure Identity Py?
由 thegovind(@thegovind)开发并维护,当前版本 v0.1.0。
推荐 Skills