TrademarkTrademark
Features
Documentation
Pricing
About
Get Started
All articles

Setting up Scalr & Azure DevOps Part 3 - Add Azure credentials

Learn how to authenticate with Microsoft Azure using Scalr provider credentials. Part 3.
Jack RoperMarch 21, 2022
Setting up Scalr & Azure DevOps Part 3 - Add Azure credentials
Key takeaways
  • Authenticating Scalr with Microsoft Azure requires creating an Azure Active Directory app registration, generating a client secret, and assigning it a subscription role such as contributor.
  • Provider credentials are stored encrypted in a central Scalr location and can be shared across workspaces and environments, then passed to runs as shell variables.
  • After adding the app registration details to Scalr, you link the provider credentials to the required environments via the environment's Provider Credentials tab.
  • Storing credentials centrally lets a team restrict who can access them while new workspaces automatically inherit them.

This was written by Jack Roper, a guest blogger.

Getting Scalr working with Azure DevOps takes three stages. This series of three posts walks through each one step by step.

This is the second post in the series that will focus on stage 2 — how to add Azure credentials and link them to an environment.

If you missed the first post in the series, check it out here — picking a workflow.

Post 3 covers how to execute your Terraform code and create a workspace, both with PR automation and by plugging the CLI into Azure DevOps. There is a third way to create a workspace using the module registry, but that still relies on the VCS connection.

Provider credentials

To authenticate with our cloud provider (Microsoft Azure), we need to give Scalr some credentials. Scalr stores credentials in a central location so you can share them across workspaces. They can also be shared across environments, and with provider configurations you can define multiple configurations of the same provider type within an environment. The credentials are encrypted and are stored securely. Credentials are passed to all workspaces in the environment as shell variables. That way the team can restrict who has access to the credentials, and new workspaces inherit them automatically.

This post also covers how to create those credentials in Azure as an Azure Active Directory app registration and assign it an appropriate role.

We will be using Terraform with Scalr to deploy infrastructure to Azure. In the third and final post, we will show how, when a Terraform run is executed within a workspace, the provider credentials are passed to the run automatically as a shell variable.

Adding Credentials to Scalr

  1. Log into Scalr and hit the icon top left. Select 'Manage Account' in the drop-down menu.

Scalr account dropdown menu with Manage Account option

  1. If this is the first set of credentials you will be adding, you will be presented with the 'getting started' screen, and the 'add cloud credentials' button.

Scalr getting started screen with add cloud credentials button

Alternatively, if you already have credentials added, hit the icon top left again, and select 'provider credentials' from the drop-down.

Scalr top left menu showing provider credentials option

  1. Choose 'add credentials' then choose the Azure provider from the drop-down menu. Note that if you want to use a provider that does not have an option in Scalr, you can use the shell variable option to achieve similar functionality.

Scalr add credentials button on provider credentials page

Scalr provider dropdown menu with Azure selected

  1. At this point jump over to the Azure portal and log in to your account. Click on Azure Active Directory → App Registrations.

Azure portal Azure Active Directory App Registrations menu

Press register. On the next screen copy the details shown in the essentials section.

Azure App Registration essentials section with application IDs

Next click on secrets -> new client secret

Azure App Registration certificates and secrets new client secret option

Enter the description and the expiry date.

Azure add a client secret dialog with description and expiry fields

Press add, then copy the secret value. You will only be able to see this once.

Next, we need to give the app registration permission to the Azure Subscription we want to use with Scalr. Browse to your subscription, and click on Access Control (IAM).

Azure subscription with Access Control IAM menu highlighted

Click role assignments, then add -> add role assignment.

Azure IAM role assignments tab with add role assignment option

Here I choose contributor (has full access to the subscription but cannot change permissions) then hit next.

Choose 'Select members and in the search bar type the name of the app registration you set up earlier.

Azure role assignment Select members search for the app registration

Azure role assignment showing the selected app registration as a member

Press select, then review & assign.

Azure role assignment review and assign confirmation screen

  1. Back in Scalr, add the details you copied from the app registration:

Scalr Azure provider credentials form with app registration details

Press save. If the connection is successful, your subscription will show in the drop-down subscription menu. Select it and press Save.

  1. Link the provider credentials to the required environments by clicking on the Scalr icon top left, then environments.

Scalr top left icon menu with Environments option

Scalr environments list page

Select the environment, and then the Provider Credentials tab.

Scalr environment Provider Credentials tab

Across from the Azure provider, hit Link, then select the tickbox next to the provider credential we created earlier.

Scalr Link credentials button next to the Azure provider row

Scalr link credential dialog with provider credential tickbox selected

Lastly, press save!

Summary

In this post, we have shown how to create an App Registration in Azure, assign it a role in the subscription, and successfully add it to Scalr as a provider credential. We then linked the provider credential to the Scalr environment.

In the previous post, we linked Scalr to our Azure DevOps VCS provider.

In the next post, we will execute some Terraform code to deploy infrastructure to Azure!

Cheers! 🍻

About the author
Jack RoperDevOps engineer
Jack Roper is a DevOps engineer and technical writer specializing in Terraform and cloud infrastructure.
Part of
Thumbnail of CI/CD and GitOps for Terraform & OpenTofu

CI/CD and GitOps for Terraform & OpenTofu

Comprehensive guide to building reliable CI/CD pipelines and implementing GitOps workflows for Terraform and OpenTofu infrastructure automation.
Sebastian Stadil
March 31, 2026
More on this topic
Integrating Terraform with Backstage
The No-Nonsense Guide to ArgoCD
Top 10 Continuous Delivery Tools of June 2025
Top 10 GitOps Tools for 2025: A Comprehensive Guide
Everything you need to know about using Terraform or OpenTofu with Slack
Using Terraform with GitLab
Key DevOps Metrics You Should Be Tracking in 2025
Terraform and OpenTofu with Dependabot
Terraform Notifications in Microsoft Teams
The Complete Guide to DevOps Monitoring Tools in 2025: Choosing the Right Solution for Your Infrastructure
Top Jenkins Alternatives & Specialized IaC Tools
Why You Should Use Dependabot with Terraform and OpenTofu
Mastering Terraform at Scale: A Developer's Guide to Reliable Infrastructure
Integrating Terraform Events w/ AWS EventBridge
How to use the Azure DevOps Terraform Provider
Deploying your infrastructure with Scalr and GitHub Actions
Terraform Configuration Ingestion
Setting up Scalr & Azure DevOps Part 3 - Execute Your Terraform Code and Create a Workspace
Setting up Scalr & Azure DevOps Part 1 - Picking a Workflow
Terraform Cost Estimation in 2021: The Definitive Guide