frank-luongt/skills/codex/azure-identity-ts
skills/codex/azure-identity-ts/SKILL.md
<!-- AUTO-GENERATED by export-skills.py — DO NOT EDIT --> --- name: azure-identity-ts description: Authenticate to Azure services using Azure Identity SDK for JavaScript (@azure/identity). Use when configuring authentication with DefaultAzureCredential, managed identity, service principals, or interactive browser login. --- # Azure Identity SDK for TypeScript Authenticate to Azure services with various credential types. ## Installation ```bash npm install @azure/identity ``` ## Environment
$ install --global
skillsauthnpx skillsauth add frank-luongt/faos-skills-marketplace skills/codex/azure-identity-tsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:05 PM35.7s5 files scanned
SKILL.md
<!-- AUTO-GENERATED by export-skills.py — DO NOT EDIT -->
name: azure-identity-ts description: Authenticate to Azure services using Azure Identity SDK for JavaScript (@azure/identity). Use when configuring authentication with DefaultAzureCredential, managed identity, service principals, or interactive browser login.
Azure Identity SDK for TypeScript
Authenticate to Azure services with various credential types.
Installation
npm install @azure/identity
Environment Variables
Service Principal (Secret)
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_CLIENT_SECRET=<client-secret>
Service Principal (Certificate)
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_CLIENT_CERTIFICATE_PATH=/path/to/cert.pem
AZURE_CLIENT_CERTIFICATE_PASSWORD=<optional-password>
Workload Identity (Kubernetes)
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/tokens/azure-identity
DefaultAzureCredential (Recommended)
import { DefaultAzureCredential } from "@azure/identity";
const credential = new DefaultAzureCredential();
// Use with any Azure SDK client
import { BlobServiceClient } from "@azure/storage-blob";
const blobClient = new BlobServiceClient(
"https://<account>.blob.core.windows.net",
credential
);
Credential Chain Order:
- EnvironmentCredential
- WorkloadIdentityCredential
- ManagedIdentityCredential
- VisualStudioCodeCredential
- AzureCliCredential
- AzurePowerShellCredential
- AzureDeveloperCliCredential
Managed Identity
System-Assigned
import { ManagedIdentityCredential } from "@azure/identity";
const credential = new ManagedIdentityCredential();
User-Assigned (by Client ID)
const credential = new ManagedIdentityCredential({
clientId: "<user-assigned-client-id>"
});
User-Assigned (by Resource ID)
const credential = new ManagedIdentityCredential({
resourceId: "/subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name>"
});
Service Principal
Client Secret
import { ClientSecretCredential } from "@azure/identity";
const credential = new ClientSecretCredential(
"<tenant-id>",
"<client-id>",
"<client-secret>"
);
Client Certificate
import { ClientCertificateCredential } from "@azure/identity";
const credential = new ClientCertificateCredential(
"<tenant-id>",
"<client-id>",
{ certificatePath: "/path/to/cert.pem" }
);
// With password
const credentialWithPwd = new ClientCertificateCredential(
"<tenant-id>",
"<client-id>",
{
certificatePath: "/path/to/cert.pem",
certificatePassword: "<password>"
}
);
Interactive Authentication
Browser-Based Login
import { InteractiveBrowserCredential } from "@azure/identity";
const credential = new InteractiveBrowserCredential({
clientId: "<client-id>",
tenantId: "<tenant-id>",
loginHint: "[email protected]"
});
Device Code Flow
import { DeviceCodeCredential } from "@azure/identity";
const credential = new DeviceCodeCredential({
clientId: "<client-id>",
tenantId: "<tenant-id>",
userPromptCallback: (info) => {
console.log(info.message);
// "To sign in, use a web browser to open..."
}
});
Custom Credential Chain
import {
ChainedTokenCredential,
ManagedIdentityCredential,
AzureCliCredential
} from "@azure/identity";
// Try managed identity first, fall back to CLI
const credential = new ChainedTokenCredential(
new ManagedIdentityCredential(),
new AzureCliCredential()
);
Developer Credentials
Azure CLI
import { AzureCliCredential } from "@azure/identity";
const credential = new AzureCliCredential();
// Uses: az login
Azure Developer CLI
import { AzureDeveloperCliCredential } from "@azure/identity";
const credential = new AzureDeveloperCliCredential();
// Uses: azd auth login
Azure PowerShell
import { AzurePowerShellCredential } from "@azure/identity";
const credential = new AzurePowerShellCredential();
// Uses: Connect-AzAccount
Sovereign Clouds
import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
// Azure Government
const credential = new ClientSecretCredential(
"<tenant>", "<client>", "<secret>",
{ authorityHost: AzureAuthorityHosts.AzureGovernment }
);
// Azure China
const credentialChina = new ClientSecretCredential(
"<tenant>", "<client>", "<secret>",
{ authorityHost: AzureAuthorityHosts.AzureChina }
);
Bearer Token Provider
import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
const credential = new DefaultAzureCredential();
// Create a function that returns tokens
const getAccessToken = getBearerTokenProvider(
credential,
"https://cognitiveservices.azure.com/.default"
);
// Use with APIs that need bearer tokens
const token = await getAccessToken();
Key Types
import type {
TokenCredential,
AccessToken,
GetTokenOptions
} from "@azure/core-auth";
import {
DefaultAzureCredential,
DefaultAzureCredentialOptions,
ManagedIdentityCredential,
ClientSecretCredential,
ClientCertificateCredential,
InteractiveBrowserCredential,
ChainedTokenCredential,
AzureCliCredential,
AzurePowerShellCredential,
AzureDeveloperCliCredential,
DeviceCodeCredential,
AzureAuthorityHosts
} from "@azure/identity";
Custom Credential Implementation
import type { TokenCredential, AccessToken, GetTokenOptions } from "@azure/core-auth";
class CustomCredential implements TokenCredential {
async getToken(
scopes: string | string[],
options?: GetTokenOptions
): Promise<AccessToken | null> {
// Custom token acquisition logic
return {
token: "<access-token>",
expiresOnTimestamp: Date.now() + 3600000
};
}
}
Debugging
import { setLogLevel, AzureLogger } from "@azure/logger";
setLogLevel("verbose");
// Custom log handler
AzureLogger.log = (...args) => {
console.log("[Azure]", ...args);
};
Best Practices
- Use DefaultAzureCredential - Works in development (CLI) and production (managed identity)
- Never hardcode credentials - Use environment variables or managed identity
- Prefer managed identity - No secrets to manage in production
- Scope credentials appropriately - Use user-assigned identity for multi-tenant scenarios
- Handle token refresh - Azure SDK handles this automatically
- Use ChainedTokenCredential - For custom fallback scenarios
Related Skills
frank-luongt/skills/codex/databricks-mlflow-evaluation
development
VerifiedTrustedCommunity
<!-- AUTO-GENERATED by export-skills.py — DO NOT EDIT --> --- name: databricks-mlflow-evaluation --- # MLflow 3 GenAI Evaluation ## Before Writing Any Code 1. **Read GOTCHAS.md** - 15+ common mistakes that cause failures 2. **Read CRITICAL-interfaces.md** - Exact API signatures and data schemas ## End-to-End Workflows Follow these workflows based on your goal. Each step indicates which reference files to read. ### Workflow 1: First-Time Evaluation Setup For users new to MLflow GenAI evalu
12SKILL.mdUpdated Apr 21, 2026
frank-luongt/skills/codex/databricks-lakebase-provisioned
development
VerifiedTrustedCommunity
<!-- AUTO-GENERATED by export-skills.py — DO NOT EDIT --> --- name: databricks-lakebase-provisioned --- # Lakebase Provisioned Patterns and best practices for using Lakebase Provisioned (Databricks managed PostgreSQL) for OLTP workloads. ## When to Use Use this skill when: - Building applications that need a PostgreSQL database for transactional workloads - Adding persistent state to Databricks Apps - Implementing reverse ETL from Delta Lake to an operational database - Storing chat/agent m
12SKILL.mdUpdated Apr 21, 2026
frank-luongt/skills/codex/databricks-jobs
tools
VerifiedTrustedCommunity
<!-- AUTO-GENERATED by export-skills.py — DO NOT EDIT --> --- name: databricks-jobs --- # Databricks Lakeflow Jobs ## Overview Databricks Jobs orchestrate data workflows with multi-task DAGs, flexible triggers, and comprehensive monitoring. Jobs support diverse task types and can be managed via Python SDK, CLI, or Asset Bundles. ## Reference Files | Use Case | Reference File | | ----------------------
12SKILL.mdUpdated Apr 21, 2026
frank-luongt/skills/codex/databricks-genie
development
VerifiedTrustedCommunity
<!-- AUTO-GENERATED by export-skills.py — DO NOT EDIT --> --- name: databricks-genie --- # Databricks Genie Create and query Databricks Genie Spaces - natural language interfaces for SQL-based data exploration. ## Overview Genie Spaces allow users to ask natural language questions about structured data in Unity Catalog. The system translates questions into SQL queries, executes them on a SQL warehouse, and presents results conversationally. ## When to Use This Skill Use this skill when: -
12SKILL.mdUpdated Apr 21, 2026