<subscription-id>
with your own subscription ID:spacelift-sp
, and grants it the Contributor role on your subscription. It also outputs the appId
, password
and tenant
for the Service Principal. Make a note of these because you'll need them later.ARM_CLIENT_ID
- the appId
returned when you created your Service Principal. This is known as the Application ID or Client ID within Azure.ARM_CLIENT_SECRET
- the password
returned when you created your Service Principal.ARM_SUBSCRIPTION_ID
- your subscription ID.ARM_TENANT_ID
- the tenant
returned when you created your Service Principal.ARM_CLIENT_ID
- the appId
returned when you created your Service Principal. This is known as the Application ID or Client ID within Azure.ARM_CLIENT_CERTIFICATE_PATH
- the path to the certificate you uploaded in the previous step.ARM_CLIENT_CERTIFICATE_PASSWORD
- the password for your certificate.ARM_SUBSCRIPTION_ID
- your subscription ID.ARM_TENANT_ID
- the tenant
returned when you created your Service Principal.az ad sp create-for-rbac
command, the client secret returned by the command will expire in 1 year. At that point, any stacks using that client secret will stop working until a new one is added and the Spacelift environment updated.ARM_USE_MSI
- set to true
to indicate you want to use a managed identity.ARM_SUBSCRIPTION_ID
- your subscription ID.ARM_TENANT_ID
- your Azure AD tenant.ARM_CLIENT_ID
- the client ID of your user-assigned identity.