I cannot authenticate rclone, running on an ec2 instance in AWS, with a storage account in Azure using a certificate. I have managed this using a secret however in order to meet security requirements- a certificate was required. Hence, I created a cert using SSL and attached it to the service principal the rclone instance was using to get read access to the storage account. However I am unable to connect to the Azure Storage Account.
This is the error command I am receiving
command: rclone lsd <azure-storage-account>:
error: Failed to create file system for "<azure-storage-account>:": error parsing service principal credentials file: missing fields in credentials file
Where should I be looking in order to resolve this?
can you answer the questions in the help and support template.
--- the redacted config file
--- full output of rclone version
--- full output of rclone lsd <azure-storage-account>: --dump headers
rclone lsd edgeprddataarchivestr: --dump headers
2023/05/05 14:21:49 NOTICE: Automatically setting -vv as --dump is enabled
2023/05/05 14:21:49 DEBUG : rclone: Version "v1.62.2" starting with parameters ["rclone" "lsd" "edgeprddataarchivestr:" "--dump" "headers"]
2023/05/05 14:21:49 DEBUG : Creating backend with remote "edgeprddataarchivestr:"
2023/05/05 14:21:49 DEBUG : Using config file from "/root/.config/rclone/rclone.conf"
2023/05/05 14:21:49 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2023/05/05 14:21:49 Failed to create file system for "edgeprddataarchivestr:": error parsing service principal credentials file: missing fields in credentials file
I dont think the azure-principal.json parser is expecting anything other than a password.
I think this will work if you put this in the config file as detailed in this section in the docs:
Service principal with certificate
If these variables are set, rclone will authenticate with a service principal with certificate.
tenant: ID of the service principal's tenant. Also called its "directory" ID.
client_id: the service principal's client ID
client_certificate_path: path to a PEM or PKCS12 certificate file including the private key.
client_certificate_password: (optional) password for the certificate file.
client_send_certificate_chain: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
NBclient_certificate_password must be obscured - see rclone obscure.
Thanks
The Service Principal credentials were initially created via a cli using a secret
however since then, the certificate was attached to the same Service Principal
{
"tenant": "tenant-id",
"appid": "app-id",
"client_certificate_path": "path to cert"
}
Used the app id as I've been told this should work
No password has been set on the certificate as it is optional, also tried setting the variable to an empty string but it didn't work.