diff --git a/content/docs/command-reference/remote/modify.md b/content/docs/command-reference/remote/modify.md index 90d4a53608..3af18b853a 100644 --- a/content/docs/command-reference/remote/modify.md +++ b/content/docs/command-reference/remote/modify.md @@ -369,16 +369,22 @@ $ dvc remote modify --system myremote +To use a custom authentication method, you can either use this command to +configure the appropriate auth params, use environment variables, or rely on an +Azure config file (in that order). More details below. + > See some [Azure auth examples](#example-some-azure-authentication-methods). -To use a custom authentication method, use the following parameters (listed in -order of precedence): +#### Authenticate with DVC config parameters + +The following parameters are listed in the order they are used by DVC when +attempting to authenticate with Azure: 1. `connection_string` is used for authentication if given (`account_name` is ignored). 2. If `tenant_id` and `client_id`, `client_secret` are given, Active Directory (AD) [service principal] auth is performed. -3. DVC will try next to connect with `account_key` or `sas_token` (in this +3. DVC will next try to connect with `account_key` or `sas_token` (in this order) if either are provided. 4. If `allow_anonymous_login` is set to `True`, then DVC will try to connect [anonymously]. @@ -442,8 +448,10 @@ order of precedence): $ dvc remote modify myremote allow_anonymous_login true ``` -Note that Azure remotes can also authenticate via environment variables (instead -of `dvc remote modify`). These are tried if none of the params above are set. +#### Authenticate with environment variables + +Azure remotes can also authenticate via env vars (instead of +`dvc remote modify`). These are tried if none of the params above are set. For Azure connection string: @@ -481,6 +489,15 @@ $ export AZURE_PASSWORD='mysecret' > [env vars](https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential) > available. +#### Authenticate with an Azure config file + +As a final option (if no params or env vars are set), some of the auth methods +can propagate from an Azure configuration file (typically managed with +[az config](https://docs.microsoft.com/en-us/cli/azure/config)): +`connection_string`, `account_name`, `account_key`, `sas_token` and +`container_name`. The default directory where it will be searched for is +`~/.azure` but this can be customized with the `AZURE_CONFIG_DIR` env var. +