Focus

Prisma Cloud Compute Edition Administrator’s Guide

Azure Credentials

Table of Contents

Azure Credentials

This section discusses Azure credentials.

Authenticate with Azure using a certificate

You can authenticate with Azure using a certificate as a secret. As with password authentication, the certificate is stored with the Azure service principal. For more information, see the Microsoft docs here.

Log into Compute Console.

Go to Manage > Cloud accounts

Click Add account
.

In Select cloud provider
, choose Azure
.

Enter a name for the credential.

In Subtype
, select Certificate
.

In Certificate
, enter your service principal’s certificate in PEM format.

The certificate must include the private key. Concatenate public cert with private key (e.g., cat client-cert.pem client-key.pem).

Enter a tenant ID.

Enter a client ID.

Enter a subscription ID.

Click Next
.

In Scan account
, disable Agentless scanning
.

Click Next
.

Click Add account
.

Validate the credential.

Your Azure credential is now available to be used in the various integration points in the product, including registry scanning, serverless function scanning, and so on. If authentication with a certificate is supported, it’s shown in the credential drop-down in the setup dialog. For example, the following screenshot shows the setup dialog for scanning Azure Container Registry:

After setting up your integrations, you can review how and where the credential is being used by going to Manage > Authentication > Credentials store
and clicking on the credential.

Create an Azure Service Principal

Create an Azure Service Principal so that Prisma Cloud Console can scan your Azure tenant for microservices. To get a service key:

Download and install the Azure CLI.

Create a service principal and configure its access to Azure resources.

$ az ad sp create-for-rbac \
  --name <user>-twistlock-azure-cloud-discovery-<contributor|reader> \
  --role <reader|contributor> \
  --scopes /subscriptions/<yourSubscriptionID> \
  --sdk-auth

The --role
value depends upon the type of scanning:

contributor = Cloud Discovery + Azure Container Registry Scanning + Azure Function Apps Scanning

reader = Cloud Discovery + Azure Container Registry Scanning

Copy the output of the command and save it to a text file. You will use the output as the Service Key
when creating an Azure credential.

{
  "clientId": "bc968c1e-67g3-4ba5-8d05-f807abb54a57",
  "clientSecret": "5ce0f4ec-5291-42f8-gbe3-90bb3f42ba14",
  "subscriptionId": "ae01981e-e1bf-49ec-ad81-80rf157a944e",
  "tenantId": "d189c61b-6c27-41d3-9749-ca5c9cc4a622",
  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
  "resourceManagerEndpointUrl": "https://management.azure.com/",
  "activeDirectoryGraphResourceId": "https://graph.windows.net/",
  "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
  "galleryEndpointUrl": "https://gallery.azure.com/",
  "managementEndpointUrl": "https://management.core.windows.net/"
}

Storing the credential in Prisma Cloud

Store the service principal’s credentials in Console so that Prisma Cloud can authenticate with Azure for scanning.

Open Console, and go to Manage > Authentication > Credentials Store
.

Click Add credential
, and enter the following values:

Enter a descriptive Name
for the credential.

In the Type
field, select Azure
.

Enter the Service Key
.

Copy and paste the contents of the text file you saved earlier when you created the service principal.

Save
your changes.

Amazon Web Services (AWS) Credentials

Google Cloud Platform (GCP) Credentials

Prisma Cloud Compute Edition Administrator’s Guide

Azure Credentials

Azure Credentials

Authenticate with Azure using a certificate

Create an Azure Service Principal

Storing the credential in Prisma Cloud

Recommended For You