azure: mention that we search azure config (#2703)

* azure: mention that we search azure config * ref: specify which options and when are taken from Azure config per #2703 (comment) * ref: explain Azure auth routes from the beginning of section per #2703 (review) Co-authored-by: Jorge Orpinel <[email protected]>
iterative · Aug 18, 2021 · 3643e6d · 3643e6d
1 parent e86a479
commit 3643e6d
Showing 1 changed file with 22 additions and 5 deletions.
diff --git a/content/docs/command-reference/remote/modify.md b/content/docs/command-reference/remote/modify.md
@@ -369,16 +369,22 @@ $ dvc remote modify --system myremote
 
 </details>
 
+To use a custom authentication method, you can either use this command to
+configure the appropriate auth params, use environment variables, or rely on an
+Azure config file (in that order). More details below.
+
 > See some [Azure auth examples](#example-some-azure-authentication-methods).
 
-To use a custom authentication method, use the following parameters (listed in
-order of precedence):
+#### Authenticate with DVC config parameters
+
+The following parameters are listed in the order they are used by DVC when
+attempting to authenticate with Azure:
 
 1. `connection_string` is used for authentication if given (`account_name` is
    ignored).
 2. If `tenant_id` and `client_id`, `client_secret` are given, Active Directory
    (AD) [service principal] auth is performed.
-3. DVC will try next to connect with `account_key` or `sas_token` (in this
+3. DVC will next try to connect with `account_key` or `sas_token` (in this
    order) if either are provided.
 4. If `allow_anonymous_login` is set to `True`, then DVC will try to connect
    [anonymously].
@@ -442,8 +448,10 @@ order of precedence):
   $ dvc remote modify myremote allow_anonymous_login true
   ```
 
-Note that Azure remotes can also authenticate via environment variables (instead
-of `dvc remote modify`). These are tried if none of the params above are set.
+#### Authenticate with environment variables
+
+Azure remotes can also authenticate via env vars (instead of
+`dvc remote modify`). These are tried if none of the params above are set.
 
 For Azure connection string:
 
@@ -481,6 +489,15 @@ $ export AZURE_PASSWORD='mysecret'
 > [env vars](https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential)
 > available.
 
+#### Authenticate with an Azure config file
+
+As a final option (if no params or env vars are set), some of the auth methods
+can propagate from an Azure configuration file (typically managed with
+[az config](https://docs.microsoft.com/en-us/cli/azure/config)):
+`connection_string`, `account_name`, `account_key`, `sas_token` and
+`container_name`. The default directory where it will be searched for is
+`~/.azure` but this can be customized with the `AZURE_CONFIG_DIR` env var.
+
 </details>
 
 <details>