{"id":22318,"date":"2025-11-05T02:04:28","date_gmt":"2025-11-05T02:04:28","guid":{"rendered":"https:\/\/pokecon.jp\/job\/?p=22318"},"modified":"2025-11-05T02:04:28","modified_gmt":"2025-11-05T02:04:28","slug":"github-actions%e2%86%92azure-%e8%aa%8d%e8%a8%bc%e3%81%ae%e5%ae%9f%e8%a3%85%e6%89%8b%e9%a0%86%ef%bc%81oidcxazure-cli-%e3%81%a7%e7%88%86%e9%80%9f%e3%82%bb%e3%83%83%e3%83%88%e3%82%a2%e3%83%83","status":"publish","type":"post","link":"https:\/\/pokecon.jp\/job\/22318\/","title":{"rendered":"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248"},"content":{"rendered":"\n<\/p>\n<div id=\"\">\n<h2 class=\"wp-block-heading\"><span id=\"hajimeni\">\u306f\u3058\u3081\u306b<\/span><\/h2>\n<p>\u3069\u3082\uff01\u4e45\u3057\u3076\u308a\u306b\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u3042\u3055\u3063\u3066\u3044\u305f\u3089\u3001\u81ea\u5206\u304c\u4f7f\u3063\u3066\u3044\u305f\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u8a8d\u8a3c\u304c\u300cnot recommended\u300d\u3068\u8a18\u8f09\u3055\u308c\u3066\u3044\u3066\u30d3\u30c3\u30af\u30ea\u4ef0\u5929\u3057\u305f\u9f8d\u3061\u3083\u3093\u3067\u3059\u3002<\/p>\n<p>\u7686\u3055\u3093\u3001GitHub Actions \u304b\u3089 Azure \u30ea\u30bd\u30fc\u30b9\u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u969b\u3001\u3069\u306e\u8a8d\u8a3c\u65b9\u5f0f\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u304b?<\/p>\n<p>\u300c\u3048\u3001\u63a8\u5968\u3055\u308c\u306a\u3044\u65b9\u5f0f\u3060\u3063\u305f\u306e!?\u300d\u3063\u3066\u5927\u7126\u308a\u3067\u8abf\u3079\u305f\u3089\u3001<strong>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306f\u73fe\u5728\u3082\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b<\/strong>\u3082\u306e\u306e\u3001<strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3068\u3057\u3066 OIDC \u8a8d\u8a3c\u3078\u306e\u79fb\u884c\u304c\u5f37\u304f\u63a8\u5968\u3055\u308c\u3066\u3044\u308b<\/strong> \u3053\u3068\u304c\u5224\u660e\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u7279\u306b\u4ee5\u4e0b\u306e\u7406\u7531\u304b\u3089\u3001Microsoft \u306f OIDC \u8a8d\u8a3c\u3092\u63a8\u5968\u3057\u3066\u3044\u307e\u3059\uff1a<\/p>\n<ul class=\"wp-block-list is-style-sango-list-yubi\">\n<li>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306f Basic \u8a8d\u8a3c\u3092\u4f7f\u7528\u3057\u3066\u304a\u308a\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u61f8\u5ff5\u304c\u3042\u308b<\/li>\n<li>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306b\u306f\u5e73\u6587\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u542b\u307e\u308c\u308b<\/li>\n<li>OIDC \u8a8d\u8a3c\u306f\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u4e0d\u8981\u3067\u3001\u3088\u308a\u5b89\u5168<\/li>\n<\/ul>\n<p>\u305d\u3053\u3067\u3001<strong>Microsoft \u516c\u5f0f\u304c\u63a8\u5968\u3059\u308b OIDC\uff08OpenID Connect\uff09\u8a8d\u8a3c\u306b\u76f4\u63a5\u79fb\u884c<\/strong>\u3057\u305f\u3093\u3067\u3059\u304c\u3001\u8a2d\u5b9a\u3067\u304d\u308b\u306a\u3089\u3053\u3063\u3061\u306e\u307b\u3046\u304c\u826f\u3044\u306a\u3068\u306a\u3063\u305f\u306e\u3067\u307e\u3068\u3081\u3066\u3044\u304d\u307e\u3059!<\/p>\n<p><strong>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u4e0d\u8981\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u8a8d\u8a3c<\/strong>\u304c\u3067\u304d\u3066\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb\u304c\u5927\u5e45\u306b\u5411\u4e0a\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u4eca\u56de\u306f\u3001<strong>GitHub Actions \u304b\u3089 Azure \u3078\u306e 3 \u3064\u306e\u8a8d\u8a3c\u65b9\u5f0f\u3092\u6bd4\u8f03<\/strong>\u3057\u3001<strong>Azure CLI \u3067\u306e\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u65b9\u6cd5\u3092\u89e3\u8aac<\/strong>\u3057\u307e\u3059!<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"kono_ji_shidewakarukoto\">\u3053\u306e\u8a18\u4e8b\u3067\u308f\u304b\u308b\u3053\u3068<\/span><\/h2>\n<p>\u2705 <strong>Azure \u8a8d\u8a3c\u65b9\u5f0f 3 \u3064\u306e\u5fb9\u5e95\u6bd4\u8f03<\/strong>\uff08\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb vs Service Principal vs OIDC\uff09<br \/>\u2705 <strong>OIDC \u8a8d\u8a3c\u306e\u4ed5\u7d44\u307f<\/strong>\u3068\u4ed6\u65b9\u5f0f\u3068\u306e\u9055\u3044<br \/>\u2705 <strong>Azure CLI \u3067\u306e\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8a8d\u8a3c\u8a2d\u5b9a\u65b9\u6cd5<\/strong>\uff08\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\uff09<br \/>\u2705 <strong>GitHub Actions \u3067\u306e\u6c4e\u7528\u7684\u306a\u8a8d\u8a3c\u8a2d\u5b9a\u65b9\u6cd5<\/strong><br \/>\u2705 <strong>\u5fc5\u8981\u306a\u6a29\u9650<\/strong>\u3068\u305d\u306e\u78ba\u8a8d\u65b9\u6cd5\uff08\u8d85\u91cd\u8981!\uff09<br \/>\u2705 <strong>\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0<\/strong>\u306e\u5b9f\u4f8b\u3068\u89e3\u6c7a\u65b9\u6cd5<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"kono_ji_shino_dui_xiang_du_zhe\">\ud83c\udfaf \u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u8aad\u8005<\/span><\/h2>\n<p>\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u65b9\u306b\u304a\u52e7\u3081\u3067\u3059\u3002<\/p>\n<p>\u2705 Azure CLI \u306e\u57fa\u672c\u64cd\u4f5c\u304c\u3067\u304d\u308b\u65b9<br \/>\u2705 GitHub Actions \u304b\u3089 Azure \u306b\u30c7\u30d7\u30ed\u30a4\u3057\u305f\u3044\u65b9<br \/>\u2705 \u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u3063\u3066\u3044\u3066\u3001\u30bb\u30ad\u30e5\u30a2\u306a\u65b9\u5f0f\u306b\u79fb\u884c\u3057\u305f\u3044\u65b9<br \/>\u2705 \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u7ba1\u7406\u306e\u624b\u9593\u3092\u6e1b\u3089\u3057\u305f\u3044 DevOps \u30a8\u30f3\u30b8\u30cb\u30a2<br \/>\u2705 \u30bf\u30fc\u30df\u30ca\u30eb\u64cd\u4f5c\u306b\u62b5\u6297\u304c\u306a\u3044\u65b9<\/p>\n<p><strong>\u306a\u305c Azure CLI \u3092\u4f7f\u3046\u306e\u304b\uff1f<\/strong><\/p>\n<ul class=\"wp-block-list is-style-sango-list-yubi\">\n<li>\u26a1 <strong>\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/strong>: \u30b3\u30d4\u30da\u3067 5 \u5206\u3067\u5b8c\u4e86<\/li>\n<li>\ud83d\udd04 <strong>\u518d\u73fe\u6027\u304c\u9ad8\u3044<\/strong>: \u30b3\u30de\u30f3\u30c9\u3092\u30b9\u30af\u30ea\u30d7\u30c8\u5316\u3067\u304d\u308b<\/li>\n<li>\ud83d\udcdd <strong>IaC \u5316\u3057\u3084\u3059\u3044<\/strong>: Bicep\/Terraform \u3078\u306e\u79fb\u884c\u304c\u5bb9\u6613<\/li>\n<\/ul>\n<p>\u30dd\u30fc\u30bf\u30eb\u306e\u30dd\u30c1\u30dd\u30c1\u4f5c\u696d\u306f\u4e0d\u8981\u3067\u3059\uff01<\/p>\n<p>\u305d\u308c\u3067\u306f\u3001\u898b\u3066\u3044\u304d\u307e\u3057\u3087\u3046!<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"hajimeni_-_naze_OIDC_ren_zhengga_bi_yaonanoka\">\u306f\u3058\u3081\u306b \u2013 \u306a\u305c OIDC \u8a8d\u8a3c\u304c\u5fc5\u8981\u306a\u306e\u304b?<\/span><\/h2>\n<h3 class=\"wp-block-heading\"><span id=\"GitHub_Actions_kara_Azure_ren_zhengno_zhong_yao_xing\">GitHub Actions \u304b\u3089 Azure \u8a8d\u8a3c\u306e\u91cd\u8981\u6027<\/span><\/h3>\n<p>GitHub Actions \u304b\u3089 Azure Functions\u3001Web Apps\u3001Static Web Apps\u3001Container Apps \u306a\u3069\u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u969b\u3001<strong>Azure \u3078\u306e\u8a8d\u8a3c<\/strong>\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u8a8d\u8a3c\u65b9\u5f0f\u3001\u5b9f\u306f<strong>3 \u3064\u306e\u9078\u629e\u80a2<\/strong>\u304c\u3042\u308b\u3093\u3067\u3059\u3088\u306d:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb<\/strong>\uff08Publish Profile\uff09<\/li>\n<li><strong>Service Principal + \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc<\/strong><\/li>\n<li><strong>OIDC \u8a8d\u8a3c<\/strong>\uff08OpenID Connect\uff09<\/li>\n<\/ol>\n<p>\u4e26\u3079\u305f\u9806\u306b\u96e3\u3057\u304f\u306a\u3063\u3066\u3044\u304d\u307e\u3059\u3002\u7d50\u8ad6\u304b\u3089\u8a00\u3046\u3068\u3001<strong>Microsoft \u516c\u5f0f\u304c\u63a8\u5968\u3057\u3066\u3044\u308b\u306e\u306f OIDC \u8a8d\u8a3c<\/strong>\u3067\u3059\u3002<\/p>\n<p>\u306a\u305c OIDC \u8a8d\u8a3c\u304c\u63a8\u5968\u3055\u308c\u308b\u306e\u304b\u3001\u4ed6\u306e 2 \u3064\u306e\u65b9\u5f0f\u3068\u6bd4\u8f03\u3057\u306a\u304c\u3089\u898b\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"Azure_ren_zheng_fang_shi_3_tsuno_che_di_bi_jiao\">Azure \u8a8d\u8a3c\u65b9\u5f0f 3 \u3064\u306e\u5fb9\u5e95\u6bd4\u8f03<\/span><\/h2>\n<h3 class=\"wp-block-heading\"><span id=\"shi_ti_yanto_yi_xingno_jing_wei\">\u5b9f\u4f53\u9a13\u3068\u79fb\u884c\u306e\u7d4c\u7def<\/span><\/h3>\n<p>\u6b63\u76f4\u306b\u8a00\u3046\u3068\u3001<strong>\u79c1\u304c\u5b9f\u969b\u306b\u4f7f\u3063\u305f\u3053\u3068\u304c\u3042\u308b\u306e\u306f\u300c\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u300d\u3068\u300cOIDC \u8a8d\u8a3c\u300d\u306e 2 \u3064\u3060\u3051<\/strong>\u3067\u3059\u3002<\/p>\n<p>Service Principal \u306f\u9078\u629e\u80a2\u3068\u3057\u3066\u5b58\u5728\u3057\u307e\u3059\u304c\u3001<strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3068\u3057\u3066 OIDC \u8a8d\u8a3c\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u308b\u3068\u5206\u304b\u3063\u305f\u6642\u70b9\u3067\u3001\u76f4\u63a5 OIDC \u8a8d\u8a3c\u306b\u79fb\u884c\u3057\u307e\u3057\u305f<\/strong>\u3002<\/p>\n<p>\u306a\u305c Service Principal \u3092\u30b9\u30ad\u30c3\u30d7\u3057\u305f\u304b\u3068\u3044\u3046\u3068\uff1a<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u7ba1\u7406\u306e\u624b\u9593<\/strong>: Service Principal \u3082\u7d50\u5c40\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u304c\u5fc5\u8981\u3067\u3001\u5b9a\u671f\u7684\u306a\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u4f5c\u696d\u304c\u767a\u751f\u3059\u308b<\/li>\n<li><strong>OIDC \u8a8d\u8a3c\u304c\u6700\u7d42\u89e3<\/strong>: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3068\u3057\u3066\u63a8\u5968\u3055\u308c\u3066\u3044\u308b\u306a\u3089\u3001\u6700\u521d\u304b\u3089 OIDC \u8a8d\u8a3c\u306b\u3057\u305f\u65b9\u304c\u5408\u7406\u7684<\/li>\n<li><strong>\u79fb\u884c\u30b3\u30b9\u30c8<\/strong>: Service Principal \u306b\u79fb\u884c\u3057\u3066\u304b\u3089\u3001\u3055\u3089\u306b OIDC \u306b\u79fb\u884c\u3059\u308b\u306e\u306f\u4e8c\u5ea6\u624b\u9593<\/li>\n<\/ol>\n<p>\u3064\u307e\u308a\u3001<strong>\u300c\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb \u2192 Service Principal\uff08\u4e2d\u9593\uff09 \u2192 OIDC\uff08\u63a8\u5968\uff09\u300d\u3068\u3044\u3046\u6bb5\u968e\u3092\u8e0f\u307e\u305a\u3001\u6700\u521d\u304b\u3089\u6700\u7d42\u5f62\u614b\u306b\u79fb\u884c\u3057\u305f<\/strong>\u308f\u3051\u3067\u3059\u3002<\/p>\n<p>\u305f\u3060\u3057\u3001Service Principal \u306f\u6b74\u53f2\u7684\u7d4c\u7def\u3084\u4ed6\u306e\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3067\u906d\u9047\u3059\u308b\u53ef\u80fd\u6027\u3082\u3042\u308b\u306e\u3067\u3001\u9078\u629e\u80a2\u3068\u3057\u3066\u7d39\u4ecb\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<p>\u305d\u308c\u3067\u306f\u30013 \u3064\u306e\u65b9\u5f0f\u3092\u8a73\u3057\u304f\u6bd4\u8f03\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046!<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"1_fa_xingpurofairu_fang_shi_zuimo_jian_dandagasekyuriti_shang_tui_jiangsarenai\">1. \u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u65b9\u5f0f\uff08\u6700\u3082\u7c21\u5358\u3060\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u63a8\u5968\u3055\u308c\u306a\u3044\uff09<\/span><\/h3>\n<h4 class=\"wp-block-heading\"><span id=\"shi_zumi\">\u4ed5\u7d44\u307f<\/span><\/h4>\n<p>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\uff08Publish Profile\uff09\u306f\u3001Azure \u30dd\u30fc\u30bf\u30eb\u304b\u3089<strong>XML \u30d5\u30a1\u30a4\u30eb<\/strong>\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u3001GitHub Secrets \u306b\u4fdd\u5b58\u3059\u308b\u65b9\u5f0f\u3067\u3059\u3002<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Azure Portal \u2192 \u30ea\u30bd\u30fc\u30b9 \u2192 \u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\n          \u2193\nGitHub Secrets \u306b AZURE_PUBLISH_PROFILE \u3068\u3057\u3066\u4fdd\u5b58\n          \u2193\nGitHub Actions \u3067\u30c7\u30d7\u30ed\u30a4<\/code><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\"><span id=\"kodo_li\">\u30b3\u30fc\u30c9\u4f8b<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code># \u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u65b9\u5f0f\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Deploy to Azure Functions\n        uses: Azure\/functions-action@v1\n        with:\n          app-name: \"my-function-app\"\n          publish-profile: ${{ secrets.AZURE_PUBLISH_PROFILE }} # XML\u5f62\u5f0f<\/code><\/pre>\n<\/div>\n<p><strong>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab\uff08\u4f8b\uff09<\/strong>:<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"meritto\">\u30e1\u30ea\u30c3\u30c8<\/span><\/h4>\n<p>\u2705 <strong>\u8a2d\u5b9a\u304c\u8d85\u7c21\u5358<\/strong>: Azure \u30dd\u30fc\u30bf\u30eb\u304b\u3089 1 \u30af\u30ea\u30c3\u30af\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9<br \/>\u2705 <strong>\u521d\u5fc3\u8005\u306b\u3084\u3055\u3057\u3044<\/strong>: \u8907\u96d1\u306a\u6a29\u9650\u8a2d\u5b9a\u304c\u4e0d\u8981<br \/>\u2705 <strong>\u3059\u3050\u306b\u52d5\u304f<\/strong>: 5 \u5206\u3067\u8a2d\u5b9a\u5b8c\u4e86<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"demeritto\">\u30c7\u30e1\u30ea\u30c3\u30c8<\/span><\/h4>\n<p>\u274c <strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u5927<\/strong>: \u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u5e73\u6587\u3067\u542b\u307e\u308c\u308b<br \/>\u274c <strong>Basic \u8a8d\u8a3c\u3092\u4f7f\u7528<\/strong>: Microsoft \u304c\u300cinherently insecure\uff08\u672c\u8cea\u7684\u306b\u5b89\u5168\u3067\u306a\u3044\uff09\u300d\u3068\u8b66\u544a<br \/>\u274c <strong>\u76e3\u67fb\u30ed\u30b0\u4e0d\u8db3<\/strong>: \u8ab0\u304c\u30c7\u30d7\u30ed\u30a4\u3057\u305f\u304b\u8ffd\u8de1\u56f0\u96e3<br \/>\u274c <strong>\u6a29\u9650\u304c\u5e83\u3059\u304e\u308b<\/strong>: \u30ea\u30bd\u30fc\u30b9\u5168\u4f53\u3078\u306e\u7ba1\u7406\u8005\u6a29\u9650<br \/>\u274c <strong>\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u56f0\u96e3<\/strong>: \u30d1\u30b9\u30ef\u30fc\u30c9\u66f4\u65b0\u304c\u9762\u5012<br \/>\u274c <strong>Microsoft \u975e\u63a8\u5968<\/strong>: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3068\u3057\u3066 OIDC \u8a8d\u8a3c\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u308b<\/p>\n<p>\u26a0\ufe0f <strong>\u91cd\u8981\u306a\u6ce8\u610f<\/strong>:<br \/>Microsoft \u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3067\u306f\u300cThe technique described in this article is inherently insecure, because this technology uses Basic Authentication\u300d\u3068\u660e\u8a18\u3055\u308c\u3066\u304a\u308a\u3001\u672c\u756a\u74b0\u5883\u3067\u306e\u4f7f\u7528\u306f\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u5b66\u7fd2\u76ee\u7684\u3084\u500b\u4eba\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3067\u306e\u5229\u7528\u306b\u3068\u3069\u3081\u3001\u672c\u756a\u74b0\u5883\u3067\u306f OIDC \u8a8d\u8a3c\u3092\u63a1\u7528\u3059\u308b\u3053\u3068\u3092\u5f37\u304f\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"2_Service_Principal_shikurettoki_fang_shi_cong_laino_tui_jiang\">2. Service Principal + \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u65b9\u5f0f\uff08\u5f93\u6765\u306e\u63a8\u5968\uff09<\/span><\/h3>\n<h4 class=\"wp-block-heading\"><span id=\"shi_zumi1\">\u4ed5\u7d44\u307f<\/span><\/h4>\n<p>Azure AD \u3067 Service Principal\uff08\u30b5\u30fc\u30d3\u30b9\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\uff09\u3092\u4f5c\u6210\u3057\u3001<strong>Client Secret\uff08\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\uff09<\/strong> \u3092\u767a\u884c\u3057\u3066\u8a8d\u8a3c\u3059\u308b\u65b9\u5f0f\u3067\u3059\u3002<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Azure AD \u2192 Service Principal\u4f5c\u6210\n       \u2193\nClient Secret\u767a\u884c\uff08\u6709\u52b9\u671f\u9650: \u6700\u95772\u5e74\uff09\n       \u2193\nGitHub Secrets\u306b\u4fdd\u5b58\n       \u2193\nGitHub Actions\u3067\u8a8d\u8a3c<\/code><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\"><span id=\"kodo_li1\">\u30b3\u30fc\u30c9\u4f8b<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code># Service Principal + \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u65b9\u5f0f\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Azure Login\n        uses: azure\/login@v2\n        with:\n          creds: ${{ secrets.AZURE_CREDENTIALS }} # JSON\u5f62\u5f0f<\/code><\/pre>\n<\/div>\n<p><strong>AZURE_CREDENTIALS \u306e\u4e2d\u8eab\uff08\u4f8b\uff09<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"clientId\": \"xxx-xxx-xxx\",\n  \"clientSecret\": \"your-secret-key-here\", \/\/ \u2190 \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\n  \"subscriptionId\": \"xxx-xxx-xxx\",\n  \"tenantId\": \"xxx-xxx-xxx\"\n}<\/code><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\"><span id=\"Service_Principal_no_zuo_cheng_fang_fa\">Service Principal \u306e\u4f5c\u6210\u65b9\u6cd5<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code># Service Principal\u4f5c\u6210\naz ad sp create-for-rbac \\\n  --name \"github-actions-sp\" \\\n  --role \"Contributor\" \\\n  --scopes \"\/subscriptions\/{subscription-id}\/resourceGroups\/{resource-group}\" \\\n  --sdk-auth<\/code><\/pre>\n<\/div>\n<p>\u51fa\u529b\u3055\u308c\u305f JSON \u3092\u305d\u306e\u307e\u307e GitHub Secrets \u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"meritto1\">\u30e1\u30ea\u30c3\u30c8<\/span><\/h4>\n<p>\u2705 <strong>RBAC \u6a29\u9650\u7ba1\u7406<\/strong>: \u5fc5\u8981\u306a\u6a29\u9650\u306e\u307f\u4ed8\u4e0e\u53ef\u80fd<br \/>\u2705 <strong>\u76e3\u67fb\u30ed\u30b0\u5145\u5b9f<\/strong>: Azure AD \u3067\u306e\u8a73\u7d30\u306a\u30ed\u30b0<br \/>\u2705 <strong>\u8907\u6570\u30ea\u30bd\u30fc\u30b9\u5bfe\u5fdc<\/strong>: 1 \u3064\u306e Service Principal \u3067\u8907\u6570\u30ea\u30bd\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9<br \/>\u2705 <strong>\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b<\/strong>: \u60c5\u5831\u304c\u8c4a\u5bcc<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"demeritto1\">\u30c7\u30e1\u30ea\u30c3\u30c8<\/span><\/h4>\n<p>\u274c <strong>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u7ba1\u7406<\/strong>: \u5b9a\u671f\u7684\u306a\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u304c\u5fc5\u8981\uff08\u6709\u52b9\u671f\u9650: \u6700\u9577 2 \u5e74\uff09<br \/>\u274c <strong>\u6f0f\u6d29\u30ea\u30b9\u30af<\/strong>: \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u304c\u6f0f\u6d29\u3057\u305f\u3089\u3001\u5168\u30ea\u30bd\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd<br \/>\u274c <strong>\u7ba1\u7406\u30b3\u30b9\u30c8<\/strong>: \u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u305f\u3089\u3001\u624b\u52d5\u3067\u66f4\u65b0\u304c\u5fc5\u8981<br \/>\u274c <strong>GitHub Secrets \u306b\u4fdd\u5b58<\/strong>: \u6697\u53f7\u5316\u306f\u3055\u308c\u3066\u3044\u308b\u304c\u3001\u30a2\u30af\u30bb\u30b9\u53ef\u80fd<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"zhong_yaona_bu_zu_Service_Principal_demo_OIDC_ren_zhengga_ke_neng\">\u91cd\u8981\u306a\u88dc\u8db3: Service Principal \u3067\u3082 OIDC \u8a8d\u8a3c\u304c\u53ef\u80fd<\/span><\/h4>\n<p>\u5b9f\u306f\u3001<strong>Service Principal \u3067\u3082 Federated Identity Credentials \u3092\u4f7f\u3048\u3070\u3001\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u4e0d\u8981\u306e OIDC \u8a8d\u8a3c\u304c\u53ef\u80fd<\/strong>\u3067\u3059\u3002<\/p>\n<p>\u3064\u307e\u308a\u3001\u4ee5\u4e0b\u306e 2 \u3064\u306e\u65b9\u5f0f\u306f\u6280\u8853\u7684\u306b\u306f\u975e\u5e38\u306b\u985e\u4f3c\u3057\u3066\u3044\u307e\u3059\uff1a<\/p>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>Service Principal + Federated Credentials<\/strong><\/li>\n<li><strong>Managed Identity + Federated Credentials<\/strong>\uff08\u3053\u306e\u8a18\u4e8b\u3067\u89e3\u8aac\u3059\u308b\u65b9\u5f0f\uff09<\/li>\n<\/ul>\n<p><strong>\u4e3b\u306a\u9055\u3044<\/strong>:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-niku\">\n<li><strong>Managed Identity<\/strong>: \u5e38\u306b Azure \u30ea\u30bd\u30fc\u30b9\u306b\u7d10\u3065\u3051\u3089\u308c\u308b\u3002Azure \u304c\u81ea\u52d5\u7684\u306b\u8a8d\u8a3c\u60c5\u5831\u3092\u7ba1\u7406<\/li>\n<li><strong>Service Principal<\/strong>: Azure \u30ea\u30bd\u30fc\u30b9\u306b\u7d10\u3065\u3051\u306a\u304f\u3066\u3082\u72ec\u7acb\u3057\u3066\u5b58\u5728\u53ef\u80fd<\/li>\n<\/ul>\n<p><strong>\u306a\u305c Managed Identity \u3092\u9078\u3093\u3060\u304b<\/strong>:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-blue\">\n<li>Azure \u30ea\u30bd\u30fc\u30b9\uff08Functions, Web Apps \u7b49\uff09\u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u5834\u5408\u3001Managed Identity \u306e\u65b9\u304c\u30b7\u30f3\u30d7\u30eb<\/li>\n<li>\u30ea\u30bd\u30fc\u30b9\u3068\u306e\u7d10\u4ed8\u3051\u304c\u660e\u78ba\u3067\u3001\u7ba1\u7406\u3057\u3084\u3059\u3044<\/li>\n<li>Microsoft \u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3067\u3082 Managed Identity \u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u308b<\/li>\n<\/ul>\n<p>\u305f\u3060\u3057\u3001\u8907\u6570\u306e Azure \u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u3092\u307e\u305f\u3044\u3067\u30a2\u30af\u30bb\u30b9\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u5834\u5408\u306a\u3069\u3001Service Principal + Federated Credentials \u306e\u65b9\u304c\u9069\u3057\u3066\u3044\u308b\u5834\u5408\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"3_OIDC_ren_zheng_fang_shi_Microsoft_gong_shi_tui_jiang\">3. OIDC \u8a8d\u8a3c\u65b9\u5f0f\uff08Microsoft \u516c\u5f0f\u63a8\u5968\uff09<\/span><\/h3>\n<h4 class=\"wp-block-heading\"><span id=\"shi_zumi2\">\u4ed5\u7d44\u307f<\/span><\/h4>\n<p>OIDC\uff08OpenID Connect\uff09\u8a8d\u8a3c\u306f\u3001<strong>\u77ed\u547d\u306a\u30c8\u30fc\u30af\u30f3\u3092\u4f7f\u3063\u305f\u8a8d\u8a3c\u65b9\u5f0f<\/strong>\u3067\u3059\u3002\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u304c\u4e00\u5207\u4e0d\u8981\u306a\u306e\u304c\u6700\u5927\u306e\u7279\u5fb4\u3002<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>GitHub Actions \u2192 GitHub OIDC\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\n              \u2193\n          OIDC\u30c8\u30fc\u30af\u30f3\u767a\u884c\uff085\u5206\u9593\u6709\u52b9\uff09\n              \u2193\n          Azure AD \u2192 Federated Identity Credential\u691c\u8a3c\n              \u2193\n          Managed Identity \u2192 Azure\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u767a\u884c\n              \u2193\n          Azure\u30ea\u30bd\u30fc\u30b9\u306b\u30c7\u30d7\u30ed\u30a4<\/code><\/pre>\n<\/div>\n<p><strong>\u30c8\u30fc\u30af\u30f3\u6709\u52b9\u671f\u9650\u306e\u8a73\u7d30:<\/strong><\/p>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li>GitHub OIDC \u30c8\u30fc\u30af\u30f3\uff08JWT\uff09: <strong>5 \u5206\u9593<\/strong>\u6709\u52b9<\/li>\n<li>Azure \u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3: \u7d04<strong>60-90 \u5206<\/strong>\uff08\u5e73\u5747 75 \u5206\u3001\u4e00\u822c\u7684\u306b\u306f 1 \u6642\u9593\u3068\u3057\u3066\u6271\u308f\u308c\u308b\uff09<\/li>\n<li>\u30c8\u30fc\u30af\u30f3\u306e\u66f4\u65b0: Azure SDK\/CLI \u304c\u81ea\u52d5\u7684\u306b\u7ba1\u7406\uff08\u624b\u52d5\u66f4\u65b0\u4e0d\u8981\uff09<\/li>\n<\/ul>\n<h4 class=\"wp-block-heading\"><span id=\"kodo_li2\">\u30b3\u30fc\u30c9\u4f8b<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code># OIDC\u8a8d\u8a3c\u65b9\u5f0f\uff08\u63a8\u5968\uff09\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    permissions:\n      id-token: write # \u2190 OIDC\u8a8d\u8a3c\u306b\u5fc5\u9808!\n      contents: read\n    steps:\n      - name: Azure Login (OIDC)\n        uses: azure\/login@v2\n        with:\n          client-id: ${{ secrets.AZURE_CLIENT_ID }}\n          tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n          # \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u306f\u4e0d\u8981!<\/code><\/pre>\n<\/div>\n<p><strong>\u5fc5\u8981\u306a\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\uff08\u3059\u3079\u3066\u8b58\u5225\u5b50\u306e\u307f\uff09<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>AZURE_CLIENT_ID: xxx-xxx-xxx  \uff08Managed Identity\u306eClient ID\uff09\nAZURE_TENANT_ID: xxx-xxx-xxx  \uff08\u30c6\u30ca\u30f3\u30c8ID\uff09\nAZURE_SUBSCRIPTION_ID: xxx-xxx-xxx  \uff08\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3ID\uff09<\/code><\/pre>\n<\/div>\n<p><strong>\u91cd\u8981<\/strong>:<br \/>\u3053\u308c\u3089\u306f<strong>\u3059\u3079\u3066\u8b58\u5225\u5b50\u306e\u307f<\/strong>\u3067\u3001\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u306f\u542b\u307e\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u3064\u307e\u308a\u3001<strong>\u4e07\u304c\u4e00\u6f0f\u6d29\u3057\u3066\u3082\u3001\u305d\u308c\u3060\u3051\u3067\u306f Azure \u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044<\/strong>\u4ed5\u7d44\u307f\u3067\u3059\u3002<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"meritto2\">\u30e1\u30ea\u30c3\u30c8<\/span><\/h4>\n<p>\u2705 <strong>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u4e0d\u8981<\/strong>: \u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u8a8d\u8a3c\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u524a\u6e1b<br \/>\u2705 <strong>\u81ea\u52d5\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3<\/strong>: GitHub \u306e OIDC \u30c8\u30fc\u30af\u30f3(JWT)\u306f 5 \u5206\u9593\u306e\u307f\u6709\u52b9\u3001Azure \u306e\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3082\u81ea\u52d5\u7ba1\u7406\uff08\u624b\u52d5\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u4e0d\u8981\uff09<br \/>\u2705 <strong>\u6f0f\u6d29\u30ea\u30b9\u30af\u6700\u5c0f\u5316<\/strong>: \u8b58\u5225\u5b50\u306e\u307f\u3067\u3001\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u304c\u5b58\u5728\u3057\u306a\u3044<br \/>\u2705 <strong>\u76e3\u67fb\u30ed\u30b0\u5145\u5b9f<\/strong>: Azure AD \u3067\u306e\u8a73\u7d30\u306a\u8a8d\u8a3c\u30ed\u30b0<br \/>\u2705 <strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/strong>: Azure App Service \u5411\u3051\u306b\u516c\u5f0f\u63a8\u5968<br \/>\u2705 <strong>\u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1\u5236\u9650<\/strong>: \u7279\u5b9a\u306e GitHub \u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1\u304b\u3089\u306e\u307f\u8a8d\u8a3c\u53ef\u80fd<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"demeritto2\">\u30c7\u30e1\u30ea\u30c3\u30c8<\/span><\/h4>\n<p>\u274c <strong>\u521d\u671f\u8a2d\u5b9a\u304c\u3084\u3084\u8907\u96d1<\/strong>: Azure \u30dd\u30fc\u30bf\u30eb\u3067\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981<br \/>\u274c <strong>\u7406\u89e3\u306b\u6642\u9593\u304c\u304b\u304b\u308b<\/strong>: OIDC \u306e\u4ed5\u7d44\u307f\u3092\u7406\u89e3\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b<br \/>\u274c <strong>\u6a29\u9650\u304c\u5fc5\u8981<\/strong>: Managed Identity \u4f5c\u6210\u3068 RBAC \u8a2d\u5b9a\u306b\u7ba1\u7406\u8005\u6a29\u9650\u304c\u5fc5\u8981<\/p>\n<p><strong>\u79c1\u306e\u7d4c\u9a13<\/strong>:<br \/>\u6700\u521d\u306f\u300c\u8a2d\u5b9a\u304c\u8907\u96d1\u305d\u3046\u2026\u300d\u3063\u3066\u656c\u9060\u3057\u3066\u3044\u305f\u3093\u3067\u3059\u304c\u3001\u4e00\u5ea6\u8a2d\u5b9a\u3057\u3066\u3057\u307e\u3048\u3070\u3001\u305d\u306e\u5f8c\u306e\u7ba1\u7406\u304c\u8d85\u30e9\u30af!\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u306e\u624b\u9593\u304c\u30bc\u30ed\u306b\u306a\u3063\u305f\u306e\u306f\u611f\u52d5\u3057\u307e\u3057\u305f\u3002<\/p>\n<p><strong>\u30a4\u30e1\u30fc\u30b8\u3068\u3057\u3066\u306f\u3001GitHub \u30ea\u30dd\u30b8\u30c8\u30ea\u81ea\u4f53\u306b\u8a8d\u8a3c\u306e\u6a29\u9650\u3092\u5272\u308a\u632f\u308b<\/strong>\u3068\u3044\u3046\u611f\u3058\u3067\u3059\u3002\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3084 Service Principal \u306e\u3088\u3046\u306b\u300c\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092 GitHub Secrets \u306b\u4fdd\u5b58\u3059\u308b\u300d\u306e\u3067\u306f\u306a\u304f\u3001\u300c\u3053\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u304b\u3089\u306e\u5b9f\u884c\u306f\u4fe1\u983c\u3067\u304d\u308b\u300d\u3068 Azure \u5074\u3067\u4e8b\u524d\u306b\u627f\u8a8d\u3057\u3066\u304a\u304f\u30a4\u30e1\u30fc\u30b8\u3067\u3059\u306d\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"3_tsuno_ren_zheng_fang_shi_bi_jiao_biao\">3 \u3064\u306e\u8a8d\u8a3c\u65b9\u5f0f \u6bd4\u8f03\u8868<\/span><\/h3>\n<div id=\"id-fae661f7-919e-4524-abeb-c3df64471002\">\n<figure class=\"wp-block-table\">\n<div class=\"s_table\"><table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>\u9805\u76ee<\/th>\n<th>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb<\/th>\n<th>Service Principal<\/th>\n<th>OIDC \u8a8d\u8a3c<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3<\/strong><\/td>\n<td>\u274c \u4f4e<\/td>\n<td>\u26a0\ufe0f \u4e2d<\/td>\n<td>\u2705 \u9ad8<\/td>\n<\/tr>\n<tr>\n<td><strong>\u8a2d\u5b9a\u306e\u7c21\u5358\u3055<\/strong><\/td>\n<td>\u2705 \u8d85\u7c21\u5358<\/td>\n<td>\u26a0\ufe0f \u666e\u901a<\/td>\n<td>\u26a0\ufe0f \u3084\u3084\u8907\u96d1<\/td>\n<\/tr>\n<tr>\n<td><strong>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u7ba1\u7406<\/strong><\/td>\n<td>\u274c \u30d1\u30b9\u30ef\u30fc\u30c9\u5fc5\u8981<\/td>\n<td>\u274c \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u5fc5\u8981<\/td>\n<td>\u2705 \u4e0d\u8981<\/td>\n<\/tr>\n<tr>\n<td><strong>\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3<\/strong><\/td>\n<td>\u274c \u56f0\u96e3<\/td>\n<td>\u26a0\ufe0f \u624b\u52d5\uff08\u5e74 1 \u56de\u7a0b\u5ea6\uff09<\/td>\n<td>\u2705 \u5b8c\u5168\u81ea\u52d5\uff08\u624b\u52d5\u4e0d\u8981\uff09<\/td>\n<\/tr>\n<tr>\n<td><strong>\u6f0f\u6d29\u30ea\u30b9\u30af<\/strong><\/td>\n<td>\u274c \u9ad8<\/td>\n<td>\u26a0\ufe0f \u4e2d<\/td>\n<td>\u2705 \u6700\u5c0f<\/td>\n<\/tr>\n<tr>\n<td><strong>\u76e3\u67fb\u30ed\u30b0<\/strong><\/td>\n<td>\u274c \u4e0d\u8db3<\/td>\n<td>\u2705 \u5145\u5b9f<\/td>\n<td>\u2705 \u5145\u5b9f<\/td>\n<\/tr>\n<tr>\n<td><strong>\u6a29\u9650\u5236\u5fa1<\/strong><\/td>\n<td>\u274c \u5e83\u3059\u304e\u308b<\/td>\n<td>\u2705 RBAC \u53ef\u80fd<\/td>\n<td>\u2705 RBAC \u53ef\u80fd<\/td>\n<\/tr>\n<tr>\n<td><strong>Microsoft \u63a8\u5968<\/strong><\/td>\n<td>\u274c Not Recommended<\/td>\n<td>\u26a0\ufe0f \u30b5\u30dd\u30fc\u30c8\u7d99\u7d9a<\/td>\n<td>\u2705 \u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/td>\n<\/tr>\n<tr>\n<td><strong>\u521d\u671f\u8a2d\u5b9a\u6642\u9593<\/strong><\/td>\n<td>5 \u5206<\/td>\n<td>15 \u5206<\/td>\n<td>30 \u5206<\/td>\n<\/tr>\n<tr>\n<td><strong>\u904b\u7528\u30b3\u30b9\u30c8<\/strong><\/td>\n<td>\u26a0\ufe0f \u4e2d<\/td>\n<td>\u26a0\ufe0f \u4e2d<\/td>\n<td>\u2705 \u4f4e<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/figure>\n<\/div>\n<h3 class=\"wp-block-heading\"><span id=\"dono_fang_shiwo_xuanbubekika\">\u3069\u306e\u65b9\u5f0f\u3092\u9078\u3076\u3079\u304d\u304b?<\/span><\/h3>\n<p><strong>\u7d50\u8ad6<\/strong>: \u30bb\u30ad\u30e5\u30a2\u306b\u904b\u7528\u3057\u305f\u3044\u306e\u3067\u3042\u308c\u3070<strong>OIDC \u8a8d\u8a3c\u4e00\u629e<\/strong>\u3067\u3059\u3002<\/p>\n<ul class=\"wp-block-list is-style-sango-list-accent-color\">\n<li><strong>\u500b\u4eba\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u30fb\u5b66\u7fd2\u7528<\/strong>: \u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3067\u7d20\u65e9\u304f\u30b9\u30bf\u30fc\u30c8 \u2192 \u6163\u308c\u305f\u3089 OIDC \u306b\u79fb\u884c<\/li>\n<li><strong>\u30c1\u30fc\u30e0\u958b\u767a\u30fb\u672c\u756a\u74b0\u5883<\/strong>: \u6700\u521d\u304b\u3089 OIDC \u8a8d\u8a3c\u3092\u63a1\u7528<\/li>\n<\/ul>\n<p>\u79c1\u3082\u8907\u6570\u306e\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3067\u691c\u8a3c\u3057\u307e\u3057\u305f\u304c\u3001<strong>\u9577\u671f\u7684\u306b\u898b\u308b\u3068 OIDC \u8a8d\u8a3c\u304c\u5727\u5012\u7684\u306b\u30b3\u30b9\u30c8\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u304c\u9ad8\u3044<\/strong>\u3067\u3059\u3002\u3068\u3044\u3046\u304b\u3001\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306e\u7ba1\u7406\u304c\u9762\u5012\u304f\u3055\u304b\u3063\u305f\u3067\u3059\u3002\u518d\u767a\u884c\u306e\u305f\u3073\u306b GitHub Secret \u306b\u4fdd\u5b58\u3063\u3066\u30a2\u30d7\u30ea\u304c\u5897\u3048\u308c\u3070\u5897\u3048\u308b\u307b\u3069\u9762\u5012\u306b\u306a\u308b\u3093\u3067\u3059\u3088\u306d\u3002\u7279\u306b\u30e2\u30ce\u30ec\u30dd\u74b0\u5883\u3067\u3042\u308c\u3070\u3001\u52b9\u679c\u7d76\u5927\u3067\u3059\u3002<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"qian_ti_tiao_jianto_bi_yaona_quan_xian\">\u524d\u63d0\u6761\u4ef6\u3068\u5fc5\u8981\u306a\u6a29\u9650<\/span><\/h2>\n<h3 class=\"wp-block-heading\"><span id=\"bi_yaona_huan_jing\">\u5fc5\u8981\u306a\u74b0\u5883<\/span><\/h3>\n<p>OIDC \u8a8d\u8a3c\u3092\u8a2d\u5b9a\u3059\u308b\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u74b0\u5883\u304c\u5fc5\u8981\u3067\u3059:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>Azure CLI<\/strong>: \u30d0\u30fc\u30b8\u30e7\u30f3 2.30 \u4ee5\u4e0a\uff08\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u65b9\u6cd5\u306f\u5f8c\u8ff0\uff09<\/li>\n<li><strong>Azure \u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3<\/strong>: Azure \u30ea\u30bd\u30fc\u30b9\u3092\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u305f\u3081<\/li>\n<li><strong>GitHub \u30ea\u30dd\u30b8\u30c8\u30ea<\/strong>: Admin \u6a29\u9650\u304c\u5fc5\u8981\uff08GitHub Secrets \u3092\u8a2d\u5b9a\u3059\u308b\u305f\u3081\uff09<\/li>\n<li><strong>\u30bf\u30fc\u30df\u30ca\u30eb<\/strong>: Bash\u3001PowerShell\u3001\u307e\u305f\u306f Zsh<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\"><span id=\"Azure_CLI_noinsutoru_que_ren\">Azure CLI \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u78ba\u8a8d<\/span><\/h3>\n<p>\u3059\u3067\u306b Azure CLI \u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046:<\/p>\n<p><strong>\u51fa\u529b\u4f8b<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"azure-cli\": \"2.50.0\",\n  \"azure-cli-core\": \"2.50.0\",\n  \"azure-cli-telemetry\": \"1.0.8\",\n  ...\n}<\/code><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\"><span id=\"madainsutorushiteinai_chang_he\">\u307e\u3060\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3044\u306a\u3044\u5834\u5408<\/span><\/h4>\n<p><strong>\u65b9\u6cd5 1: \u30ed\u30fc\u30ab\u30eb\u30de\u30b7\u30f3\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/p>\n<p>macOS \/ Linux (Homebrew):<\/p>\n<p>Windows (winget):<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>winget install Microsoft.AzureCLI<\/code><\/pre>\n<\/div>\n<p>\u305d\u306e\u4ed6\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u65b9\u6cd5: <a target=\"_blank\" href=\"https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli\">Azure CLI \u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/a><\/p>\n<p><strong>\u65b9\u6cd5 2: DevContainer \u3067\u30c1\u30fc\u30e0\u5168\u4f53\u306e\u74b0\u5883\u3092\u7d71\u4e00\uff08\u30aa\u30d7\u30b7\u30e7\u30f3\uff09<\/strong><\/p>\n<p>\u3082\u3057 DevContainer \u3092\u4f7f\u3063\u3066\u958b\u767a\u3092\u3057\u3066\u3044\u308b\u306a\u3089\u3001\u3053\u306e\u65b9\u6cd5\u3082\u691c\u8a0e\u3067\u304d\u307e\u3059\u3002DevContainer Features \u3092\u4f7f\u3048\u3070\u3001\u30c1\u30fc\u30e0\u5168\u4f53\u3067\u540c\u3058\u30d0\u30fc\u30b8\u30e7\u30f3\u306e Azure CLI \u3092\u4f7f\u7528\u3067\u304d\u3001\u74b0\u5883\u5dee\u7570\u306b\u3088\u308b\u30c8\u30e9\u30d6\u30eb\u3092\u9632\u3052\u307e\u3059\u3002<\/p>\n<p><strong>\u6ce8\u610f<\/strong>: Docker Desktop \u306e\u30e9\u30a4\u30bb\u30f3\u30b9\u3084\u3001\u4f01\u696d\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30dd\u30ea\u30b7\u30fc\u306b\u3088\u308b\u5236\u7d04\u304c\u3042\u308b\u5834\u5408\u306f\u3001\u30ed\u30fc\u30ab\u30eb\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<p><code>.devcontainer\/devcontainer.json<\/code>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"name\": \"Azure Development\",\n  \"image\": \"mcr.microsoft.com\/devcontainers\/base:bullseye\",\n  \"features\": {\n    \"ghcr.io\/devcontainers\/features\/azure-cli:1\": {\n      \"version\": \"latest\"\n    }\n  }\n}<\/code><\/pre>\n<\/div>\n<p><strong>\u30e1\u30ea\u30c3\u30c8<\/strong>:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-blue\">\n<li>\u30c1\u30fc\u30e0\u5168\u54e1\u304c\u540c\u3058\u74b0\u5883\u3067\u4f5c\u696d\u53ef\u80fd<\/li>\n<li>\u65b0\u30e1\u30f3\u30d0\u30fc\u306e\u30aa\u30f3\u30dc\u30fc\u30c7\u30a3\u30f3\u30b0\u304c\u7c21\u5358\uff08\u30b3\u30f3\u30c6\u30ca\u8d77\u52d5\u3059\u308b\u3060\u3051\uff09<\/li>\n<li>CI\/CD \u74b0\u5883\u3068\u30ed\u30fc\u30ab\u30eb\u74b0\u5883\u306e\u5dee\u7570\u3092\u306a\u304f\u305b\u308b<\/li>\n<\/ul>\n<p><strong>\u8a73\u3057\u3044\u624b\u9806<\/strong>: DevContainer \u3068 Azure CLI \u306e\u8a73\u7d30\u306a\u74b0\u5883\u69cb\u7bc9\u624b\u9806\u306f\u3001\u5225\u8a18\u4e8b\u300c<a target=\"_blank\" href=\"https:\/\/tech-lab.sios.jp\/archives\/48057\" target=\"_blank\" rel=\"noopener\" title=\"\">DevContainer \u5b9f\u8df5\u5165\u9580\uff1aAzure CLI+GitHub CLI \u74b0\u5883\u3092\u30c1\u30fc\u30e0\u5168\u4f53\u3067\u7d71\u4e00<\/a>\u300d\u3067\u89e3\u8aac\u3057\u3066\u3044\u307e\u3059\u3002Azure CLI\u3001GitHub CLI\u3001SWA CLI \u3092\u7d71\u4e00\u74b0\u5883\u3068\u3057\u3066\u69cb\u7bc9\u3059\u308b\u65b9\u6cd5\u3092\u7d39\u4ecb\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u305c\u3072\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"Azure_henoroguin\">Azure \u3078\u306e\u30ed\u30b0\u30a4\u30f3<\/span><\/h3>\n<p>Azure CLI \u3067 Azure \u306b\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059:<\/p>\n<p>\u30d6\u30e9\u30a6\u30b6\u304c\u958b\u304f\u306e\u3067\u3001Azure \u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p><strong>\u30ed\u30b0\u30a4\u30f3\u78ba\u8a8d<\/strong>:<\/p>\n<p><strong>\u51fa\u529b\u4f8b<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"id\": \"xxx-xxx-xxx-xxx\",\n  \"name\": \"Pay-As-You-Go\",\n  \"tenantId\": \"xxx-xxx-xxx-xxx\",\n  \"user\": {\n    \"name\": \"user@example.com\",\n    \"type\": \"user\"\n  }\n}<\/code><\/pre>\n<\/div>\n<h3 class=\"wp-block-heading\"><span id=\"bi_yaona_quan_xian_chao_zhong_yao\">\u5fc5\u8981\u306a\u6a29\u9650\uff08\u8d85\u91cd\u8981!\uff09<\/span><\/h3>\n<p><strong>\u3053\u3053\u304c\u4e00\u756a\u91cd\u8981\u306a\u30dd\u30a4\u30f3\u30c8\u3067\u3059\u3002<\/strong><\/p>\n<p>OIDC \u8a8d\u8a3c\u8a2d\u5b9a\u3068\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8a8d\u8a3c\u306e\u8a2d\u5b9a\u306b\u306f\u3001<strong>\u304b\u306a\u308a\u5f37\u3044\u6a29\u9650\u304c\u5fc5\u8981<\/strong>\u3067\u3059\u3002<\/p>\n<p>\u79c1\u3082\u6700\u521d\u3001\u6a29\u9650\u4e0d\u8db3\u3067\u30a8\u30e9\u30fc\u306b\u60a9\u307e\u3055\u308c\u3066\u3001<strong>Azure \u306e\u7ba1\u7406\u8005\u306b 3 \u56de\u3082\u78ba\u8a8d\u3068\u304a\u9858\u3044\u306e\u7533\u8acb\u3092\u3057\u307e\u3057\u305f<\/strong>\u2026\u3002\u793e\u5185\u306e\u62c5\u5f53\u8005\u306b\u306f\u672c\u5f53\u306b\u982d\u304c\u4e0a\u304c\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>\u306a\u306e\u3067\u3001<strong>\u8a2d\u5b9a\u524d\u306b\u5fc5\u305a\u6a29\u9650\u3092\u78ba\u8a8d\u3057\u3066\u304a\u304f\u3053\u3068\u3092\u5f37\u304f\u30aa\u30b9\u30b9\u30e1\u3057\u307e\u3059<\/strong>\u3002<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"zui_xiao_quan_xiansetto\">\u6700\u5c0f\u6a29\u9650\u30bb\u30c3\u30c8<\/span><\/h4>\n<p>\u4ee5\u4e0b\u306e\u64cd\u4f5c\u3092\u5b9f\u884c\u3059\u308b\u306b\u306f\u3001\u305d\u308c\u305e\u308c\u5bfe\u5fdc\u3059\u308b\u6a29\u9650\u304c\u5fc5\u8981\u3067\u3059:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>User Assigned Managed Identity \u306e\u4f5c\u6210<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li><code>Microsoft.ManagedIdentity\/userAssignedIdentities\/write<\/code><\/li>\n<li><code>Microsoft.ManagedIdentity\/userAssignedIdentities\/federatedIdentityCredentials\/write<\/code><\/li>\n<\/ul>\n<\/li>\n<li><strong>RBAC \u6a29\u9650\u5272\u308a\u5f53\u3066<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li><code>Microsoft.Authorization\/roleAssignments\/write<\/code><\/li>\n<li>\u3053\u308c\u306f<strong>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u30ec\u30d9\u30eb\u306e\u300c\u6240\u6709\u8005\u300d\u307e\u305f\u306f\u300c\u30e6\u30fc\u30b6\u30fc\u30a2\u30af\u30bb\u30b9\u7ba1\u7406\u8005\u300d\u30ed\u30fc\u30eb\u304c\u5fc5\u8981<\/strong><\/li>\n<\/ul>\n<\/li>\n<li><strong>\u30ea\u30bd\u30fc\u30b9\u30c7\u30d7\u30ed\u30a4\u5168\u822c<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li><code>Microsoft.Resources\/deployments\/write<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h4 class=\"wp-block-heading\"><span id=\"tui_jiangroru\">\u63a8\u5968\u30ed\u30fc\u30eb<\/span><\/h4>\n<p><strong>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u30ec\u30d9\u30eb\u306e\u300c\u6240\u6709\u8005\u300d\u30ed\u30fc\u30eb\u304c\u6700\u3082\u7c21\u5358<\/strong>\u3067\u3059\u3002<\/p>\n<p>\u3082\u3057\u304f\u306f\u3001\u4ee5\u4e0b\u306e\u7d44\u307f\u5408\u308f\u305b:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>\u5171\u540c\u4f5c\u6210\u8005<\/strong> (Contributor) + <strong>\u30e6\u30fc\u30b6\u30fc\u30a2\u30af\u30bb\u30b9\u7ba1\u7406\u8005<\/strong> (User Access Administrator)<\/li>\n<\/ul>\n<p>\u79c1\u306e\u5834\u5408\u3001\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u306e\u6240\u6709\u8005\u6a29\u9650\u3092\u5272\u308a\u632f\u3063\u3066\u3082\u3089\u3044\u307e\u3057\u305f\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"quan_xian_que_ren_fang_fa\">\u6a29\u9650\u78ba\u8a8d\u65b9\u6cd5<\/span><\/h3>\n<p>Azure CLI \u3067\u73fe\u5728\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u6a29\u9650\u3092\u78ba\u8a8d\u3057\u307e\u3059:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code># \u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u3092\u5909\u6570\u306b\u8a2d\u5b9a\uff08\u5f8c\u3067\u4f7f\u3044\u307e\u3059\uff09\nRESOURCE_GROUP=\"rg-example\"  # \u5b9f\u969b\u306e\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u540d\u306b\u7f6e\u304d\u63db\u3048\n\n# \u81ea\u5206\u306e\u30ed\u30fc\u30eb\u5272\u308a\u5f53\u3066\u3092\u78ba\u8a8d\naz role assignment list \\\n  --resource-group $RESOURCE_GROUP \\\n  --query \"[].{Principal:principalName, Role:roleDefinitionName, Scope:scope}\" \\\n  --output table<\/code><\/pre>\n<\/div>\n<p><strong>\u671f\u5f85\u3055\u308c\u308b\u51fa\u529b<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Principal             Role    Scope\n--------------------  ------  ----------------------------------------\nuser@example.com      Owner   \/subscriptions\/...\/resourceGroups\/rg-example<\/code><\/pre>\n<\/div>\n<p><strong>\u300cOwner\u300d\u30ed\u30fc\u30eb\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u308c\u3070 OK!<\/strong><\/p>\n<p>\u3082\u3057 Owner \u30ed\u30fc\u30eb\u304c\u306a\u3044\u5834\u5408\u306f\u3001\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-check\">\n<li><strong>Contributor<\/strong> + <strong>User Access Administrator<\/strong> \u306e\u7d44\u307f\u5408\u308f\u305b<\/li>\n<li>\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u30ec\u30d9\u30eb\u3067\u306e Owner \u30ed\u30fc\u30eb<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\"><span id=\"quan_xianga_bu_zushiteiru_chang_heno_dui_chu\">\u6a29\u9650\u304c\u4e0d\u8db3\u3057\u3066\u3044\u308b\u5834\u5408\u306e\u5bfe\u51e6<\/span><\/h3>\n<h4 class=\"wp-block-heading\"><span id=\"guan_li_zheni_quan_xianwo_yi_laisuru\">\u7ba1\u7406\u8005\u306b\u6a29\u9650\u3092\u4f9d\u983c\u3059\u308b<\/span><\/h4>\n<p>\u6a29\u9650\u304c\u4e0d\u8db3\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u4ee5\u4e0b\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3067\u7ba1\u7406\u8005\u306b\u4f9d\u983c\u3057\u307e\u3057\u3087\u3046\u3002\uff08\u3053\u3046\u3044\u3046\u6642\u306e AI \u306f\u30de\u30b8\u3067\u983c\u308a\u306b\u306a\u308a\u307e\u3059\u3088\u306d\u3002\uff09<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>\u4ef6\u540d: \u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u3078\u306e\u6240\u6709\u8005\u30ed\u30fc\u30eb\u4ed8\u4e0e\u4f9d\u983c\n\n\u4ee5\u4e0b\u306e\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u306b\u5bfe\u3057\u3066\u300c\u6240\u6709\u8005\u300d\u30ed\u30fc\u30eb\u3092\u4ed8\u4e0e\u3057\u3066\u304f\u3060\u3055\u3044\uff1a\n- \u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u540d: <resource_group_name>\n- \u7406\u7531: GitHub OIDC\u8a8d\u8a3c\u8a2d\u5b9a\u3068Azure\u30ea\u30bd\u30fc\u30b9\u30c7\u30d7\u30ed\u30a4\u306e\u305f\u3081\n\n\u5fc5\u8981\u306a\u5177\u4f53\u7684\u306a\u64cd\u4f5c:\n1. User Assigned Managed Identity\u306e\u4f5c\u6210\n2. Federated Identity Credential\u306e\u8a2d\u5b9a\n3. RBAC\u6a29\u9650\u5272\u308a\u5f53\u3066\n\n\u3088\u308d\u3057\u304f\u304a\u9858\u3044\u3044\u305f\u3057\u307e\u3059\u3002<\/resource_group_name><\/code><\/pre>\n<\/div>\n<p><strong>\u30dd\u30a4\u30f3\u30c8<\/strong>:<br \/>\u6a29\u9650\u78ba\u8a8d\u306f<strong>\u8a2d\u5b9a\u524d\u306b\u5fc5\u305a\u5b9f\u65bd<\/strong>\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u9014\u4e2d\u3067\u30a8\u30e9\u30fc\u306b\u306a\u308b\u3068\u3001\u4e2d\u9014\u534a\u7aef\u306a\u72b6\u614b\u3067\u6b62\u307e\u3063\u3066\u3057\u307e\u3044\u3001\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u304c\u8d85\u9762\u5012\u3067\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u3001\u8ab0\u3082\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u3057\u3066\u3044\u306a\u3044 Managed Identity \u3084\u30ed\u30fc\u30eb\u304c\u4f5c\u3089\u308c\u3066\u3057\u307e\u3044\u3001<strong>\u5f8c\u304b\u3089\u62c5\u5f53\u8005\u306b\u300c\u3053\u308c\u4f55\u306b\u4f7f\u3063\u3066\u308b\u3093\u3067\u3059\u304b\uff1f\u300d\u3063\u3066\u78ba\u8a8d\u304c\u98db\u3093\u3067\u304f\u308b<\/strong>\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u2026\uff08\u5bdf\u3057\u3066\u304f\u3060\u3055\u3044\u2026\uff09\u3002<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"OIDC_ren_zhengno_shi_zumi_xiang_xi\">OIDC \u8a8d\u8a3c\u306e\u4ed5\u7d44\u307f\u8a73\u7d30<\/span><\/h2>\n<h3 class=\"wp-block-heading\"><span id=\"OIDC_ren_zhengfuro\">OIDC \u8a8d\u8a3c\u30d5\u30ed\u30fc<\/span><\/h3>\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" data-recalc-dims=\"1\" decoding=\"async\" width=\"880\" height=\"585\" src=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/mermaid-diagram-2025-11-05-092005.jpg?resize=880%2C585&amp;ssl=1\" alt=\"sequenceDiagram&#10;    participant GHA as GitHub Actions&#10;    participant GitHub as GitHub OIDC Provider&#10;    participant Azure as Azure AD&#10;    participant MI as Managed Identity&#10;    participant Resources as Azure Resources&#10;&#10;    GHA-&gt;&gt;GitHub: 1. Request OIDC Token&#10;    GitHub-&gt;&gt;GHA: 2. Issue OIDC Token (15min)&#10;    GHA-&gt;&gt;Azure: 3. Exchange Token&#10;    Note right of GHA: client-id, tenant-id, subscription-id&#10;    Azure-&gt;&gt;Azure: 4. Verify Federated Credential&#10;    Note right of Azure: issuer, subject, audiences&#10;    Azure-&gt;&gt;MI: 5. Validate Managed Identity&#10;    MI-&gt;&gt;Azure: 6. Issue Azure Access Token&#10;    GHA-&gt;&gt;Resources: 7. Access Azure Resources&#10;    Resources-&gt;&gt;GHA: 8. Operation Success\" class=\"wp-image-50127\" srcset=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/mermaid-diagram-2025-11-05-092005.jpg?w=1920&amp;ssl=1 1920w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/mermaid-diagram-2025-11-05-092005.jpg?resize=1536%2C1022&amp;ssl=1 1536w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/mermaid-diagram-2025-11-05-092005.jpg?resize=940%2C625&amp;ssl=1 940w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/mermaid-diagram-2025-11-05-092005.jpg?w=1760&amp;ssl=1 1760w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\"\/><\/figure>\n<h3 class=\"wp-block-heading\"><span id=\"furono_xiang_xi_jie_shuo\">\u30d5\u30ed\u30fc\u306e\u8a73\u7d30\u89e3\u8aac<\/span><\/h3>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>GitHub Actions \u304c OIDC \u30c8\u30fc\u30af\u30f3\u3092\u30ea\u30af\u30a8\u30b9\u30c8<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306b<code>permissions.id-token: write<\/code>\u3092\u8a2d\u5b9a<\/li>\n<li>GitHub Actions \u304c\u81ea\u52d5\u7684\u306b GitHub OIDC \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306b\u30ea\u30af\u30a8\u30b9\u30c8<\/li>\n<\/ul>\n<\/li>\n<li><strong>GitHub \u304c OIDC \u30c8\u30fc\u30af\u30f3(JWT)\u3092\u767a\u884c<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>\u30ea\u30dd\u30b8\u30c8\u30ea\u3001\u30d6\u30e9\u30f3\u30c1\u3001\u74b0\u5883\u306a\u3069\u306e\u60c5\u5831\u3092\u542b\u3080 JWT \u30c8\u30fc\u30af\u30f3\u3092\u767a\u884c<\/li>\n<li>\u6709\u52b9\u671f\u9650: 5 \u5206\u9593\uff08\u975e\u5e38\u306b\u77ed\u547d\u3067\u5b89\u5168\uff09<\/li>\n<\/ul>\n<\/li>\n<li><strong>Azure \u306b\u30c8\u30fc\u30af\u30f3\u3092 Exchange\uff08\u4ea4\u63db\uff09<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li><code>azure\/login@v2<\/code>\u30a2\u30af\u30b7\u30e7\u30f3\u304c\u81ea\u52d5\u7684\u306b\u5b9f\u884c<\/li>\n<li>Client ID\u3001Tenant ID\u3001Subscription ID \u3092\u4f7f\u7528<\/li>\n<li><strong>\u3053\u3053\u304c OIDC \u8a8d\u8a3c\u306e\u9b54\u6cd5\u306e\u30dd\u30a4\u30f3\u30c8\uff01<\/strong>\u3000 GitHub Actions \u4e0a\u3067\u767a\u884c\u3057\u305f\u30c8\u30fc\u30af\u30f3\u3092 Azure \u4e0a\u306e\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306b\u4ea4\u63db\u3057\u3066\u3044\u307e\u3059<\/li>\n<\/ul>\n<\/li>\n<li><strong>Azure \u304c\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8a8d\u8a3c\u60c5\u5831\u3092\u691c\u8a3c<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>issuer: <code>https:\/\/token.actions.githubusercontent.com<\/code>\uff08GitHub \u56fa\u5b9a\uff09<\/li>\n<li>subject: <code>repo:{org}\/{repo}:environment:production<\/code>\uff08\u8a2d\u5b9a\u3057\u305f\u30d1\u30bf\u30fc\u30f3\uff09<\/li>\n<li>audiences: <code>api:\/\/AzureADTokenExchange<\/code>\uff08Azure \u56fa\u5b9a\uff09<\/li>\n<\/ul>\n<\/li>\n<li><strong>Managed Identity \u3092\u691c\u8a3c<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>Azure AD \u304c Managed Identity \u306e\u5b58\u5728\u3092\u78ba\u8a8d<\/li>\n<li>RBAC \u6a29\u9650\u3092\u78ba\u8a8d<\/li>\n<\/ul>\n<\/li>\n<li><strong>Azure \u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u767a\u884c<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>GitHub Actions \u304c\u4f7f\u7528\u3067\u304d\u308b Azure \u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u767a\u884c<\/li>\n<\/ul>\n<\/li>\n<li><strong>Azure \u30ea\u30bd\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>Azure Functions\u3001Web Apps \u306a\u3069\u306b\u30c7\u30d7\u30ed\u30a4\u307e\u305f\u306f\u30a2\u30af\u30bb\u30b9<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u64cd\u4f5c\u6210\u529f<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>\u7d50\u679c\u3092 GitHub Actions \u306b\u8fd4\u3059<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3 class=\"wp-block-heading\"><span id=\"nazeshikurettoki_bu_yaonanoka\">\u306a\u305c\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u4e0d\u8981\u306a\u306e\u304b?<\/span><\/h3>\n<p>OIDC \u8a8d\u8a3c\u306e\u9b54\u6cd5\u306f\u3001<strong>GitHub \u3068 Azure \u306e\u4fe1\u983c\u95a2\u4fc2\uff08Trust Relationship\uff09<\/strong>\u3000\u306b\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><strong>\u5f93\u6765\u65b9\u5f0f<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>GitHub Actions \u2192 \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u63d0\u793a \u2192 Azure\u300c\u8a8d\u8a3cOK\u300d<\/code><\/pre>\n<\/div>\n<p><strong>OIDC \u8a8d\u8a3c<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>GitHub Actions \u2192 OIDC\u30c8\u30fc\u30af\u30f3\u63d0\u793a \u2192 Azure\u300c\u3053\u306e\u30c8\u30fc\u30af\u30f3\u3001\u672c\u5f53\u306bGitHub\u304c\u767a\u884c\u3057\u305f?\u300d\n                                  \u2193\n                         Federated Identity Credential\u3067\u691c\u8a3c\n                                  \u2193\n                         \u300c\u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1\u3082\u4e00\u81f4!\u300d\u2192 \u8a8d\u8a3cOK<\/code><\/pre>\n<\/div>\n<p><strong>\u30dd\u30a4\u30f3\u30c8<\/strong>:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-blue\">\n<li>GitHub \u306e OIDC \u30c8\u30fc\u30af\u30f3(JWT)\u306f<strong>5 \u5206\u9593\u306e\u307f\u6709\u52b9<\/strong>\uff08\u975e\u5e38\u306b\u77ed\u547d\u3067\u5b89\u5168\uff09<\/li>\n<li>Azure \u304c\u767a\u884c\u3059\u308b\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306f\u7d04<strong>60-90 \u5206\u6709\u52b9<\/strong>\uff08Azure SDK\/CLI \u304c\u81ea\u52d5\u7ba1\u7406\uff09<\/li>\n<li><strong>\u7279\u5b9a\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1<\/strong>\u304b\u3089\u306e\u307f\u8a8d\u8a3c\u53ef\u80fd\uff08Federated Identity Credential \u3067\u5236\u9650\uff09<\/li>\n<li>\u30c8\u30fc\u30af\u30f3\u81ea\u4f53\u304c<strong>GitHub \u306e\u7f72\u540d\u4ed8\u304d<\/strong>\u3067\u3001\u6539\u3056\u3093\u4e0d\u53ef\u80fd<\/li>\n<\/ul>\n<p>\u3064\u307e\u308a\u3001\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u3092\u4fdd\u5b58\u3057\u306a\u304f\u3066\u3082\u3001\u300c\u3053\u306e GitHub Actions \u306e\u5b9f\u884c\u306f\u3001\u78ba\u304b\u306b\u4fe1\u983c\u3067\u304d\u308b\u30ea\u30dd\u30b8\u30c8\u30ea\u304b\u3089\u306e\u3082\u306e\u3060\u300d\u3068\u8a3c\u660e\u3067\u304d\u308b\u308f\u3051\u3067\u3059!<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"Azure_CLI_deno_bao_susettoappu\">Azure CLI \u3067\u306e\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/span><\/h2>\n<p>\u305d\u308c\u3067\u306f\u3001Azure CLI \u3092\u4f7f\u3063\u3066 OIDC \u8a8d\u8a3c\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046\uff01<\/p>\n<p><strong>\u6240\u8981\u6642\u9593: \u7d04 5 \u5206\uff08\u30b3\u30d4\u30da\u3067\u5b8c\u7d50\uff09<\/strong><\/p>\n<p>\u30b9\u30c6\u30c3\u30d7\u306f\u5168\u90e8\u3067 3 \u3064\u3067\u3059:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li>User Assigned Managed Identity \u4f5c\u6210<\/li>\n<li>Federated Identity Credential \u8a2d\u5b9a<\/li>\n<li>RBAC \u6a29\u9650\u8a2d\u5b9a<\/li>\n<\/ol>\n<h3 class=\"wp-block-heading\"><span id=\"shi_qian_zhun_bei_huan_jing_bian_shuno_she_ding\">\u4e8b\u524d\u6e96\u5099: \u74b0\u5883\u5909\u6570\u306e\u8a2d\u5b9a<\/span><\/h3>\n<p>\u307e\u305a\u3001\u3053\u308c\u304b\u3089\u4f7f\u3046\u5909\u6570\u3092\u307e\u3068\u3081\u3066\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u30b3\u30d4\u30da\u3067\u4f7f\u3048\u308b\u3088\u3046\u306b\u3001\u5b9f\u969b\u306e\u5024\u306b\u7f6e\u304d\u63db\u3048\u3066\u304f\u3060\u3055\u3044:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code># \u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u8a2d\u5b9a\nAPP_NAME=\"myapp\"                    # \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u540d\uff08\u4efb\u610f\uff09\nRESOURCE_GROUP=\"rg-example\"         # \u65e2\u5b58\u306e\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u540d\nLOCATION=\"japaneast\"                # \u30ea\u30fc\u30b8\u30e7\u30f3\n\n# GitHub\u8a2d\u5b9a\nGITHUB_ORG=\"your-org\"               # GitHub\u7d44\u7e54\u540d\u307e\u305f\u306f\u30e6\u30fc\u30b6\u30fc\u540d\nGITHUB_REPO=\"your-repo\"             # GitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u540d\n\n# Managed Identity\u540d\nIDENTITY_NAME=\"${APP_NAME}-github-identity\"<\/code><\/pre>\n<\/div>\n<p><strong>\u78ba\u8a8d<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>echo \"Identity\u540d: $IDENTITY_NAME\"\necho \"\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7: $RESOURCE_GROUP\"<\/code><\/pre>\n<\/div>\n<h3 class=\"wp-block-heading\"><span id=\"suteppu_1_User_Assigned_Managed_Identity_zuo_cheng\">\u30b9\u30c6\u30c3\u30d7 1: User Assigned Managed Identity \u4f5c\u6210<\/span><\/h3>\n<p>GitHub \u304b\u3089\u306e\u8a8d\u8a3c\u3092\u53d7\u3051\u5165\u308c\u308b Managed Identity \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>az identity create \\\n  --name $IDENTITY_NAME \\\n  --resource-group $RESOURCE_GROUP \\\n  --location $LOCATION<\/code><\/pre>\n<\/div>\n<p><strong>\u5b9f\u884c\u7d50\u679c\uff08\u4f8b\uff09<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"clientId\": \"xxx-xxx-xxx-xxx-xxx\",\n  \"id\": \"\/subscriptions\/...\/resourceGroups\/rg-example\/providers\/Microsoft.ManagedIdentity\/userAssignedIdentities\/myapp-github-identity\",\n  \"location\": \"japaneast\",\n  \"name\": \"myapp-github-identity\",\n  \"principalId\": \"yyy-yyy-yyy-yyy-yyy\",\n  \"resourceGroup\": \"rg-example\",\n  \"type\": \"Microsoft.ManagedIdentity\/userAssignedIdentities\"\n}<\/code><\/pre>\n<\/div>\n<p><strong>\u91cd\u8981\u306a\u60c5\u5831\u3092\u5909\u6570\u306b\u4fdd\u5b58<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code># Client ID\u3068Principal ID\u3092\u53d6\u5f97\u3057\u3066\u5909\u6570\u306b\u4fdd\u5b58\nCLIENT_ID=$(az identity show \\\n  --name $IDENTITY_NAME \\\n  --resource-group $RESOURCE_GROUP \\\n  --query clientId -o tsv)\n\nPRINCIPAL_ID=$(az identity show \\\n  --name $IDENTITY_NAME \\\n  --resource-group $RESOURCE_GROUP \\\n  --query principalId -o tsv)\n\necho \"Client ID: $CLIENT_ID\"\necho \"Principal ID: $PRINCIPAL_ID\"<\/code><\/pre>\n<\/div>\n<p><strong>\u3053\u306e Client ID \u306f\u5f8c\u3067 GitHub Secrets \u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u30e1\u30e2\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\uff01<\/strong><\/p>\n<p><strong>\u7d50\u679c\u78ba\u8a8d\uff08Azure \u30dd\u30fc\u30bf\u30eb\uff09<\/strong>:<\/p>\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" data-recalc-dims=\"1\" decoding=\"async\" width=\"880\" height=\"495\" src=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/2708bb1bc6173ee1cce69362a2c324d0.png?resize=880%2C495&amp;ssl=1\" alt=\"\" class=\"wp-image-50132\" srcset=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/2708bb1bc6173ee1cce69362a2c324d0.png?w=1999&amp;ssl=1 1999w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/2708bb1bc6173ee1cce69362a2c324d0.png?resize=1536%2C864&amp;ssl=1 1536w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/2708bb1bc6173ee1cce69362a2c324d0.png?resize=940%2C529&amp;ssl=1 940w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/2708bb1bc6173ee1cce69362a2c324d0.png?w=1760&amp;ssl=1 1760w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\"\/><\/figure>\n<h3 class=\"wp-block-heading\"><span id=\"suteppu_2_Federated_Identity_Credential_she_ding\">\u30b9\u30c6\u30c3\u30d7 2: Federated Identity Credential \u8a2d\u5b9a<\/span><\/h3>\n<p>\u6b21\u306b\u3001GitHub \u30ea\u30dd\u30b8\u30c8\u30ea\u3068 Managed Identity \u3092\u7d10\u3065\u3051\u308b\u300c\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8a8d\u8a3c\u60c5\u5831\u300d\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p><strong>\u3053\u308c\u304c\u8d85\u91cd\u8981\u306a\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u3059!<\/strong><\/p>\n<h4 class=\"wp-block-heading\"><span id=\"subject_patanno_xuan_ze\">subject \u30d1\u30bf\u30fc\u30f3\u306e\u9078\u629e<\/span><\/h4>\n<p>Federated Identity Credential \u306b\u306f\u3001\u300c\u3069\u306e GitHub \u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1\u30fb\u74b0\u5883\u304b\u3089\u8a8d\u8a3c\u3092\u8a31\u53ef\u3059\u308b\u304b\u300d\u3092\u6307\u5b9a\u3059\u308b<code>subject<\/code>\u3068\u3044\u3046\u30d5\u30a3\u30fc\u30eb\u30c9\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><strong>\u4e3b\u8981\u306a subject \u30d1\u30bf\u30fc\u30f3<\/strong>:<\/p>\n<div id=\"id-2c1ca721-19c8-4140-a77e-abd0b6e2ed10\">\n<figure class=\"wp-block-table\">\n<div class=\"s_table\"><table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>\u30d1\u30bf\u30fc\u30f3<\/th>\n<th>subject \u5f62\u5f0f<\/th>\n<th>\u4f7f\u7528\u4f8b<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>production \u74b0\u5883\uff08\u63a8\u5968\uff09<\/strong><\/td>\n<td><code>repo:{org}\/{repo}:environment:production<\/code><\/td>\n<td>\u672c\u756a\u74b0\u5883\u30c7\u30d7\u30ed\u30a4<\/td>\n<\/tr>\n<tr>\n<td>main \u30d6\u30e9\u30f3\u30c1<\/td>\n<td><code>repo:{org}\/{repo}:ref:refs\/heads\/main<\/code><\/td>\n<td>\u57fa\u672c\u7684\u306a CI\/CD<\/td>\n<\/tr>\n<tr>\n<td>\u30bf\u30b0<\/td>\n<td><code>repo:{org}\/{repo}:ref:refs\/tags\/v*<\/code><\/td>\n<td>\u30ea\u30ea\u30fc\u30b9\u30c7\u30d7\u30ed\u30a4<\/td>\n<\/tr>\n<tr>\n<td>Pull Request<\/td>\n<td><code>repo:{org}\/{repo}:pull_request<\/code><\/td>\n<td>PR \u74b0\u5883\u30c7\u30d7\u30ed\u30a4<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/figure>\n<\/div>\n<p>\u79c1\u306e\u5834\u5408\u3001<strong>production \u74b0\u5883\u30d1\u30bf\u30fc\u30f3<\/strong>\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u3002\u7406\u7531\u306f\u4ee5\u4e0b\u306e\u901a\u308a:<\/p>\n<p>\u2705 GitHub Actions \u306e<code>environment<\/code>\u6a5f\u80fd\u3068\u9023\u643a\u3067\u304d\u308b<br \/>\u2705 \u74b0\u5883\u3054\u3068\u306b\u7570\u306a\u308b Secrets\u30fbVariables \u3092\u7ba1\u7406\u3067\u304d\u308b<br \/>\u2705 \u300c\u672c\u756a\u74b0\u5883\u3078\u306e\u30c7\u30d7\u30ed\u30a4\u300d\u3068\u3044\u3046\u610f\u56f3\u304c\u660e\u78ba<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"production_huan_jingno_Federated_Credential_zuo_cheng\">production \u74b0\u5883\u306e Federated Credential \u4f5c\u6210<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>az identity federated-credential create \\\n  --name github-federated-production \\\n  --identity-name $IDENTITY_NAME \\\n  --resource-group $RESOURCE_GROUP \\\n  --issuer \"https:\/\/token.actions.githubusercontent.com\" \\\n  --subject \"repo:${GITHUB_ORG}\/${GITHUB_REPO}:environment:production\" \\\n  --audiences \"api:\/\/AzureADTokenExchange\"<\/code><\/pre>\n<\/div>\n<p><strong>\u5b9f\u884c\u7d50\u679c\uff08\u4f8b\uff09<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"audiences\": [\"api:\/\/AzureADTokenExchange\"],\n  \"issuer\": \"https:\/\/token.actions.githubusercontent.com\",\n  \"name\": \"github-federated-production\",\n  \"resourceGroup\": \"rg-example\",\n  \"subject\": \"repo:your-org\/your-repo:environment:production\",\n  \"type\": \"Microsoft.ManagedIdentity\/userAssignedIdentities\/federatedIdentityCredentials\"\n}<\/code><\/pre>\n<\/div>\n<p><strong>\u30dd\u30a4\u30f3\u30c8<\/strong>:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-blue\">\n<li><code>--subject<\/code> \u306e <code>repo:your-org\/your-repo:environment:production<\/code> \u90e8\u5206\u304c\u3001GitHub Actions \u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306e <code>environment: \"production\"<\/code> \u3068\u4e00\u81f4\u3057\u307e\u3059<\/li>\n<li><code>--audiences<\/code> \u306f\u56fa\u5b9a\u5024\uff08<code>api:\/\/AzureADTokenExchange<\/code>\uff09<\/li>\n<li><code>--issuer<\/code> \u3082\u56fa\u5b9a\u5024\uff08<code>https:\/\/token.actions.githubusercontent.com<\/code>\uff09<\/li>\n<\/ul>\n<p>\u26a0\ufe0f <strong>\u91cd\u8981: \u74b0\u5883\u540d\u306e\u5927\u6587\u5b57\u5c0f\u6587\u5b57<\/strong><\/p>\n<p>GitHub Actions \u306f\u74b0\u5883\u540d\u3092<strong>\u81ea\u52d5\u7684\u306b\u5c0f\u6587\u5b57\u306b\u5909\u63db<\/strong>\u3057\u3066 Subject \u30af\u30ec\u30fc\u30e0\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-orange\">\n<li>GitHub \u74b0\u5883\u540d: <code>Production<\/code>\uff08\u5927\u6587\u5b57\uff09<\/li>\n<li>\u5b9f\u969b\u306e Subject: <code>repo:org\/repo:environment:production<\/code>\uff08<strong>\u5c0f\u6587\u5b57<\/strong>\uff09<\/li>\n<\/ul>\n<p><strong>Subject \u8a2d\u5b9a\u6642\u306f\u5fc5\u305a\u5c0f\u6587\u5b57\u3067\u6307\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044<\/strong>\u3002\u5927\u6587\u5b57\u5c0f\u6587\u5b57\u304c\u4e00\u81f4\u3057\u306a\u3044\u3068<code>AADSTS70021<\/code>\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"main_buranchino_Federated_Credential_mo_zhui_jiasuru_chang_he\">main \u30d6\u30e9\u30f3\u30c1\u306e Federated Credential \u3082\u8ffd\u52a0\u3059\u308b\u5834\u5408<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>az identity federated-credential create \\\n  --name github-federated-main \\\n  --identity-name $IDENTITY_NAME \\\n  --resource-group $RESOURCE_GROUP \\\n  --issuer \"https:\/\/token.actions.githubusercontent.com\" \\\n  --subject \"repo:${GITHUB_ORG}\/${GITHUB_REPO}:ref:refs\/heads\/main\" \\\n  --audiences \"api:\/\/AzureADTokenExchange\"<\/code><\/pre>\n<\/div>\n<p>\u3053\u308c\u3067\u3001production \u74b0\u5883\u3068 main \u30d6\u30e9\u30f3\u30c1\u306e\u4e21\u65b9\u304b\u3089\u30c7\u30d7\u30ed\u30a4\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\uff01<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"she_ding_que_ren\">\u8a2d\u5b9a\u78ba\u8a8d<\/span><\/h4>\n<p>\u4f5c\u6210\u3057\u305f Federated Credential \u3092\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>az identity federated-credential list \\\n  --identity-name $IDENTITY_NAME \\\n  --resource-group $RESOURCE_GROUP \\\n  --query \"[].{Name:name, Subject:subject}\" \\\n  --output table<\/code><\/pre>\n<\/div>\n<p><strong>\u51fa\u529b\u4f8b<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Name                          Subject\n----------------------------  ---------------------------------------------------------\ngithub-federated-production   repo:your-org\/your-repo:environment:production\ngithub-federated-main         repo:your-org\/your-repo:ref:refs\/heads\/main<\/code><\/pre>\n<\/div>\n<p><strong>\u7d50\u679c\u78ba\u8a8d\uff08Azure \u30dd\u30fc\u30bf\u30eb\uff09<\/strong>:<\/p>\n<figure class=\"wp-block-image size-full\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"495\" src=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/0be210426ff4d5faedf6f5502325a942.png?resize=880%2C495&amp;ssl=1\" alt=\"\" class=\"wp-image-50131\" srcset=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/0be210426ff4d5faedf6f5502325a942.png?w=1999&amp;ssl=1 1999w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/0be210426ff4d5faedf6f5502325a942.png?resize=1536%2C864&amp;ssl=1 1536w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/0be210426ff4d5faedf6f5502325a942.png?resize=940%2C529&amp;ssl=1 940w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/0be210426ff4d5faedf6f5502325a942.png?w=1760&amp;ssl=1 1760w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\"\/><\/figure>\n<p>\u26a0\ufe0f <strong>Federated Credential \u306e\u5236\u9650\u4e8b\u9805<\/strong><\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-orange\">\n<li><strong>\u6570\u91cf\u5236\u9650<\/strong>: 1 \u3064\u306e Managed Identity \u3042\u305f\u308a<strong>\u6700\u5927 20 \u500b<\/strong><\/li>\n<li><strong>\u5b8c\u5168\u4e00\u81f4\u306e\u307f<\/strong>: Subject \u306f\u30ef\u30a4\u30eb\u30c9\u30ab\u30fc\u30c9\u4e0d\u53ef\uff08\u5b8c\u5168\u4e00\u81f4\u306e\u307f\u30b5\u30dd\u30fc\u30c8\uff09<\/li>\n<\/ul>\n<p>\u5927\u898f\u6a21\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3067\u8907\u6570\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u74b0\u5883\u3092\u7ba1\u7406\u3059\u308b\u5834\u5408\u306f\u3001\u7528\u9014\u5225\u306b\u8907\u6570\u306e Managed Identity \u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"suteppu_3_RBAC_quan_xian_she_ding\">\u30b9\u30c6\u30c3\u30d7 3: RBAC \u6a29\u9650\u8a2d\u5b9a<\/span><\/h3>\n<p>Managed Identity \u3092\u4f5c\u6210\u3057\u305f\u3060\u3051\u3067\u306f\u3001Azure \u30ea\u30bd\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n<p><strong>RBAC\uff08Role-Based Access Control\uff09\u3067\u6a29\u9650\u3092\u4ed8\u4e0e<\/strong>\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"donororuwo_fu_yusuruka\">\u3069\u306e\u30ed\u30fc\u30eb\u3092\u4ed8\u4e0e\u3059\u308b\u304b?<\/span><\/h4>\n<p>\u30c7\u30d7\u30ed\u30a4\u5bfe\u8c61\u306e Azure \u30b5\u30fc\u30d3\u30b9\u306b\u3088\u3063\u3066\u3001\u5fc5\u8981\u306a\u30ed\u30fc\u30eb\u304c\u7570\u306a\u308a\u307e\u3059\u3002<\/p>\n<div id=\"id-3cd2a32e-e8c2-43cb-9d5f-c5a274951a7a\">\n<figure class=\"wp-block-table\">\n<div class=\"s_table\"><table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Azure \u30b5\u30fc\u30d3\u30b9<\/th>\n<th>\u63a8\u5968\u30ed\u30fc\u30eb<\/th>\n<th>\u30b9\u30b3\u30fc\u30d7<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Azure Functions<\/td>\n<td><code>Website Contributor<\/code><\/td>\n<td>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u307e\u305f\u306f\u500b\u5225\u30ea\u30bd\u30fc\u30b9<\/td>\n<\/tr>\n<tr>\n<td>Azure Web Apps<\/td>\n<td><code>Website Contributor<\/code><\/td>\n<td>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u307e\u305f\u306f\u500b\u5225\u30ea\u30bd\u30fc\u30b9<\/td>\n<\/tr>\n<tr>\n<td>Azure Static Web Apps<\/td>\n<td><code>Website Contributor<\/code><\/td>\n<td>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u307e\u305f\u306f\u500b\u5225\u30ea\u30bd\u30fc\u30b9<\/td>\n<\/tr>\n<tr>\n<td>Azure Container Apps<\/td>\n<td><code>Contributor<\/code><\/td>\n<td>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u307e\u305f\u306f\u500b\u5225\u30ea\u30bd\u30fc\u30b9<\/td>\n<\/tr>\n<tr>\n<td>\u8907\u6570\u30b5\u30fc\u30d3\u30b9<\/td>\n<td><code>Website Contributor<\/code><\/td>\n<td>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\uff08\u63a8\u5968\uff09<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/figure>\n<\/div>\n<p><strong>\u79c1\u306e\u5834\u5408<\/strong>: \u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u30b9\u30b3\u30fc\u30d7\u3067<code>Website Contributor<\/code>\u30ed\u30fc\u30eb\u3092\u4ed8\u4e0e\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u7406\u7531:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-orange\">\n<li>Functions\u3001Web Apps\u3001Static Web Apps \u5168\u4f53\u3092\u30ab\u30d0\u30fc<\/li>\n<li>\u7ba1\u7406\u304c\u7c21\u5358\uff08\u500b\u5225\u30ea\u30bd\u30fc\u30b9\u3054\u3068\u306b\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u306a\u3044\uff09<\/li>\n<li>\u6700\u5c0f\u6a29\u9650\u306e\u539f\u5247\u306b\u5f93\u3044\u3064\u3064\u3001\u5b9f\u7528\u7684<\/li>\n<\/ul>\n<h4 class=\"wp-block-heading\"><span id=\"RBAC_quan_xianno_fu_yu\">RBAC \u6a29\u9650\u306e\u4ed8\u4e0e<\/span><\/h4>\n<p>\u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u30b9\u30b3\u30fc\u30d7\u3067<code>Website Contributor<\/code>\u30ed\u30fc\u30eb\u3092\u4ed8\u4e0e\u3057\u307e\u3059:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code># \u30ea\u30bd\u30fc\u30b9\u30b0\u30eb\u30fc\u30d7\u306eID\u3092\u53d6\u5f97\nRESOURCE_GROUP_ID=$(az group show \\\n  --name $RESOURCE_GROUP \\\n  --query id -o tsv)\n\n# Website Contributor\u30ed\u30fc\u30eb\u3092\u5272\u308a\u5f53\u3066\naz role assignment create \\\n  --assignee $PRINCIPAL_ID \\\n  --role \"Website Contributor\" \\\n  --scope $RESOURCE_GROUP_ID<\/code><\/pre>\n<\/div>\n<p><strong>\u5b9f\u884c\u7d50\u679c\uff08\u4f8b\uff09<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-json\" data-lang=\"Json\"><code>{\n  \"principalId\": \"yyy-yyy-yyy-yyy-yyy\",\n  \"principalType\": \"ServicePrincipal\",\n  \"roleDefinitionName\": \"Website Contributor\",\n  \"scope\": \"\/subscriptions\/...\/resourceGroups\/rg-example\",\n  \"type\": \"Microsoft.Authorization\/roleAssignments\"\n}<\/code><\/pre>\n<\/div>\n<p>\u26a0\ufe0f <strong>\u91cd\u8981: \u6a29\u9650\u306e\u4f1d\u64ad\u6642\u9593<\/strong><\/p>\n<p>\u30ed\u30fc\u30eb\u5272\u308a\u5f53\u3066\u76f4\u5f8c\u306f\u3001\u6a29\u9650\u304c\u6709\u52b9\u306b\u306a\u308b\u307e\u3067<strong>\u6700\u5927 5 \u5206\u9593<\/strong>\u304b\u304b\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><strong>\u63a8\u5968\u30a2\u30af\u30b7\u30e7\u30f3:<\/strong><\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-blue\">\n<li>\u5272\u308a\u5f53\u3066\u5f8c\u3001\u6570\u5206\u5f85\u3063\u3066\u304b\u3089\u30c7\u30d7\u30ed\u30a4\u3092\u5b9f\u884c<\/li>\n<li>\u521d\u56de\u30c7\u30d7\u30ed\u30a4\u6642\u306b\u6a29\u9650\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u305f\u5834\u5408\u306f\u30015 \u5206\u5f8c\u306b\u518d\u8a66\u884c<\/li>\n<\/ul>\n<h4 class=\"wp-block-heading\"><span id=\"she_ding_que_ren1\">\u8a2d\u5b9a\u78ba\u8a8d<\/span><\/h4>\n<p>RBAC \u6a29\u9650\u304c\u6b63\u3057\u304f\u4ed8\u4e0e\u3055\u308c\u305f\u304b\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>az role assignment list \\\n  --assignee $PRINCIPAL_ID \\\n  --resource-group $RESOURCE_GROUP \\\n  --query \"[].{Principal:principalId, Role:roleDefinitionName, Scope:scope}\" \\\n  --output table<\/code><\/pre>\n<\/div>\n<p><strong>\u51fa\u529b\u4f8b<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Principal                            Role                 Scope\n-----------------------------------  -------------------  ----------------------------------------\nyyy-yyy-yyy-yyy-yyy                  Website Contributor  \/subscriptions\/...\/resourceGroups\/rg-example<\/code><\/pre>\n<\/div>\n<p><strong><code>Website Contributor<\/code>\u30ed\u30fc\u30eb\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u308c\u3070 OK\uff01<\/strong><\/p>\n<p><strong>\u7d50\u679c\u78ba\u8a8d\uff08Azure \u30dd\u30fc\u30bf\u30eb\uff09<\/strong>:<\/p>\n<figure class=\"wp-block-image size-full\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"495\" src=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/4470174da1e495e055a1ff5be437b673.png?resize=880%2C495&amp;ssl=1\" alt=\"\" class=\"wp-image-50133\" srcset=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/4470174da1e495e055a1ff5be437b673.png?w=1999&amp;ssl=1 1999w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/4470174da1e495e055a1ff5be437b673.png?resize=1536%2C864&amp;ssl=1 1536w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/4470174da1e495e055a1ff5be437b673.png?resize=940%2C529&amp;ssl=1 940w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/4470174da1e495e055a1ff5be437b673.png?w=1760&amp;ssl=1 1760w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\"\/><\/figure>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p><strong>\ud83c\udf89 \u3053\u308c\u3067 Azure \u5074\u306e\u8a2d\u5b9a\u306f\u5b8c\u4e86\u3067\u3059\uff01<\/strong><\/p>\n<p>\u305f\u3063\u305f 3 \u3064\u306e\u30b3\u30de\u30f3\u30c9\uff08Identity \u4f5c\u6210\u3001Federated Credential \u8a2d\u5b9a\u3001RBAC \u4ed8\u4e0e\uff09\u3067\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"GitHub_Actions_deno_ren_zheng_she_ding\">GitHub Actions \u3067\u306e\u8a8d\u8a3c\u8a2d\u5b9a<\/span><\/h2>\n<p>Azure CLI \u3067\u306e\u8a2d\u5b9a\u304c\u5b8c\u4e86\u3057\u305f\u3089\u3001\u6b21\u306f GitHub Actions \u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"GitHub_Secrets_no_she_ding\">GitHub Secrets \u306e\u8a2d\u5b9a<\/span><\/h3>\n<p>\u307e\u305a\u3001OIDC \u8a8d\u8a3c\u306b\u5fc5\u8981\u306a 3 \u3064\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092 GitHub Secrets \u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"bi_yaona_zhiwo_qu_de\">\u5fc5\u8981\u306a\u5024\u3092\u53d6\u5f97<\/span><\/h4>\n<p>\u3059\u3067\u306b Azure CLI \u3067\u53d6\u5f97\u3057\u305f\u5024\u3092\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code># 1. Client ID\uff08\u3059\u3067\u306b\u53d6\u5f97\u6e08\u307f\uff09\necho \"AZURE_CLIENT_ID: $CLIENT_ID\"\n\n# 2. Tenant ID\nTENANT_ID=$(az account show --query tenantId -o tsv)\necho \"AZURE_TENANT_ID: $TENANT_ID\"\n\n# 3. Subscription ID\nSUBSCRIPTION_ID=$(az account show --query id -o tsv)\necho \"AZURE_SUBSCRIPTION_ID: $SUBSCRIPTION_ID\"<\/code><\/pre>\n<\/div>\n<p><strong>\u3053\u308c\u3089\u306e\u5024\u3092\u30e1\u30e2\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\uff01<\/strong><\/p>\n<h4 class=\"wp-block-heading\"><span id=\"GitHub_Secrets_ni_shou_dongde_she_ding\">GitHub Secrets \u306b\u624b\u52d5\u3067\u8a2d\u5b9a<\/span><\/h4>\n<p>GitHub \u30ea\u30dd\u30b8\u30c8\u30ea\u3067\u4ee5\u4e0b\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092\u8a2d\u5b9a\u3057\u307e\u3059:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong>GitHub \u30ea\u30dd\u30b8\u30c8\u30ea \u2192 Settings \u2192 Secrets and variables \u2192 Actions<\/strong><\/li>\n<li><strong>New repository secret<\/strong> \u3092\u30af\u30ea\u30c3\u30af<\/li>\n<li>\u4ee5\u4e0b\u306e 3 \u3064\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092\u8ffd\u52a0:<\/li>\n<\/ol>\n<div id=\"id-f56ecb89-f673-4897-b97b-43f20bb4ea4a\">\n<figure class=\"wp-block-table\">\n<div class=\"s_table\"><table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Name<\/th>\n<th>Value<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>AZURE_CLIENT_ID<\/code><\/td>\n<td>\u4e0a\u8a18\u3067\u53d6\u5f97\u3057\u305f Client ID<\/td>\n<\/tr>\n<tr>\n<td><code>AZURE_TENANT_ID<\/code><\/td>\n<td>\u4e0a\u8a18\u3067\u53d6\u5f97\u3057\u305f Tenant ID<\/td>\n<\/tr>\n<tr>\n<td><code>AZURE_SUBSCRIPTION_ID<\/code><\/td>\n<td>\u4e0a\u8a18\u3067\u53d6\u5f97\u3057\u305f Subscription ID<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/figure>\n<\/div>\n<p><strong>\u30dd\u30a4\u30f3\u30c8<\/strong>:<br \/>\u3053\u308c\u3089\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u306f<strong>\u3059\u3079\u3066\u8b58\u5225\u5b50\u306e\u307f<\/strong>\u3067\u3001\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u306f\u542b\u307e\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u3064\u307e\u308a\u3001<strong>\u4e07\u304c\u4e00\u6f0f\u6d29\u3057\u3066\u3082\u3001\u305d\u308c\u3060\u3051\u3067\u306f Azure \u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044<\/strong>\u4ed5\u7d44\u307f\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"ji_ben_denawakufuro_gou_cheng\">\u57fa\u672c\u7684\u306a\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u69cb\u6210<\/span><\/h3>\n<p>OIDC \u8a8d\u8a3c\u3092\u4f7f\u3046\u306b\u306f\u3001\u4ee5\u4e0b\u306e 3 \u3064\u304c<strong>\u5fc5\u9808<\/strong>\u3067\u3059:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong><code>permissions.id-token: write<\/code><\/strong>: GitHub Actions \u304c OIDC \u30c8\u30fc\u30af\u30f3\u3092\u767a\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b<\/li>\n<li><strong><code>azure\/login@v2<\/code>\u30a2\u30af\u30b7\u30e7\u30f3<\/strong>: OIDC \u30c8\u30fc\u30af\u30f3\u3092 Azure \u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306b\u4ea4\u63db<\/li>\n<li><strong>GitHub Secrets \u8a2d\u5b9a<\/strong>: CLIENT_ID\u3001TENANT_ID\u3001SUBSCRIPTION_ID<\/li>\n<\/ol>\n<h3 class=\"wp-block-heading\"><span id=\"ji_bentenpureto\">\u57fa\u672c\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8<\/span><\/h3>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code>name: Deploy to Azure\n\non:\n  push:\n    branches:\n      - main\n  workflow_dispatch:\n\npermissions:\n  id-token: write # \u2190 OIDC\u8a8d\u8a3c\u306b\u5fc5\u9808!\n  contents: read\n\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    environment: \"production\" # \u2190 production\u74b0\u5883\u3092\u6307\u5b9a\n\n    steps:\n      - name: Checkout repository\n        uses: actions\/checkout@v4\n\n      - name: Azure Login (OIDC)\n        uses: azure\/login@v2\n        with:\n          client-id: ${{ secrets.AZURE_CLIENT_ID }}\n          tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n          # \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u306f\u4e0d\u8981!\n\n      - name: Azure CLI - \u30ea\u30bd\u30fc\u30b9\u4e00\u89a7\u8868\u793a\uff08\u52d5\u4f5c\u78ba\u8a8d\uff09\n        run: |\n          az resource list --resource-group <resource_group_name> --output table<\/resource_group_name><\/code><\/pre>\n<\/div>\n<p><strong>\u30dd\u30a4\u30f3\u30c8\u89e3\u8aac<\/strong>:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-main-color\">\n<li><strong><code>permissions.id-token: write<\/code><\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>\u3053\u308c\u304c\u306a\u3044\u3068\u3001OIDC \u30c8\u30fc\u30af\u30f3\u304c\u767a\u884c\u3055\u308c\u306a\u3044<\/li>\n<li>GitHub Actions \u306e\u91cd\u8981\u306a\u8a2d\u5b9a<\/li>\n<\/ul>\n<\/li>\n<li><strong><code>environment: \"production\"<\/code><\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li>Federated Identity Credential \u306e<code>subject<\/code>\u3067\u6307\u5b9a\u3057\u305f\u74b0\u5883\u3068\u4e00\u81f4\u3055\u305b\u308b<\/li>\n<li>Azure \u30dd\u30fc\u30bf\u30eb\u3067\u8a2d\u5b9a\u3057\u305f\u74b0\u5883\u540d\u3068\u540c\u3058\u306b\u3059\u308b<\/li>\n<\/ul>\n<\/li>\n<li><strong><code>azure\/login@v2<\/code>\u30a2\u30af\u30b7\u30e7\u30f3<\/strong>:\n<ul class=\"wp-block-list is-style-sango-list-simple\">\n<li><code>client-id<\/code>\u3001<code>tenant-id<\/code>\u3001<code>subscription-id<\/code>\u306e 3 \u3064\u3060\u3051\u3067 OK<\/li>\n<li>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u306f\u4e0d\u8981<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 class=\"wp-block-heading\"><span id=\"toraburushutingu\">\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0<\/span><\/h2>\n<p>OIDC \u8a8d\u8a3c\u3067\u3088\u304f\u3042\u308b\u30a8\u30e9\u30fc\u3068\u89e3\u6c7a\u65b9\u6cd5\u3092\u307e\u3068\u3081\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"era_1_OIDC_token_exchange_failed\">\u30a8\u30e9\u30fc 1: OIDC token exchange failed<\/span><\/h3>\n<p><strong>\u75c7\u72b6<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Error: Login failed with Error: OIDC token exchange failed. Please check the following:\n- Federated credentials are correctly configured\n- The subject claim in the OIDC token matches the subject in the federated credential<\/code><\/pre>\n<\/div>\n<p><strong>\u539f\u56e0<\/strong>:<br \/>Federated Identity Credential \u306e<code>subject<\/code>\u30d1\u30bf\u30fc\u30f3\u304c\u3001GitHub Actions \u306e\u5b9f\u884c\u74b0\u5883\u3068\u4e00\u81f4\u3057\u3066\u3044\u306a\u3044\u3002<\/p>\n<p><strong>\u89e3\u6c7a\u65b9\u6cd5<\/strong>:<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"1_Azure_potarude_subject_wo_que_ren\">1. Azure \u30dd\u30fc\u30bf\u30eb\u3067 subject \u3092\u78ba\u8a8d<\/span><\/h4>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li>Managed Identity \u306e<strong>\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8cc7\u683c\u60c5\u5831<\/strong>\u3092\u958b\u304f<\/li>\n<li>\u8a2d\u5b9a\u3057\u305f\u8cc7\u683c\u60c5\u5831\u306e<strong>\u30b5\u30d6\u30b8\u30a7\u30af\u30c8<\/strong>\u3092\u78ba\u8a8d<\/li>\n<\/ul>\n<figure class=\"wp-block-image size-full\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"495\" src=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/056a96f57dab4ef589d80d0b19ce40cd.jpg?resize=880%2C495&amp;ssl=1\" alt=\"\" class=\"wp-image-50134\" srcset=\"https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/056a96f57dab4ef589d80d0b19ce40cd.jpg?w=1920&amp;ssl=1 1920w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/056a96f57dab4ef589d80d0b19ce40cd.jpg?resize=1536%2C865&amp;ssl=1 1536w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/056a96f57dab4ef589d80d0b19ce40cd.jpg?resize=940%2C529&amp;ssl=1 940w, https:\/\/i0.wp.com\/tech-lab.sios.jp\/wp-content\/uploads\/2025\/11\/056a96f57dab4ef589d80d0b19ce40cd.jpg?w=1760&amp;ssl=1 1760w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\"\/><\/figure>\n<p><strong>\u4f8b<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>subject: repo:your-org\/your-repo:environment:production<\/code><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\"><span id=\"2_GitHub_Actions_wakufurono_huan_jingwo_que_ren\">2. GitHub Actions \u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306e\u74b0\u5883\u3092\u78ba\u8a8d<\/span><\/h4>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code>jobs:\n  deploy:\n    environment: \"production\" # \u2190 \u3053\u3053\u304c\u4e00\u81f4\u3057\u3066\u3044\u308b\u304b\u78ba\u8a8d<\/code><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\"><span id=\"3_yi_zhishinai_chang_heno_xiu_zheng\">3. \u4e00\u81f4\u3057\u306a\u3044\u5834\u5408\u306e\u4fee\u6b63<\/span><\/h4>\n<p><strong>\u30d1\u30bf\u30fc\u30f3 A<\/strong>: \u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u5074\u3092\u4fee\u6b63<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code># Azure\u5074\u304c environment:production \u306a\u3089\njobs:\n  deploy:\n    environment: \"production\" # \u2190 \u3053\u308c\u306b\u5909\u66f4<\/code><\/pre>\n<\/div>\n<p><strong>\u30d1\u30bf\u30fc\u30f3 B<\/strong>: Azure \u5074\u3092\u4fee\u6b63<\/p>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li>Azure \u30dd\u30fc\u30bf\u30eb\u3067\u3001\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8cc7\u683c\u60c5\u5831\u3092\u518d\u4f5c\u6210<\/li>\n<li>\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306b\u5408\u308f\u305b\u305f\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u578b\u3092\u9078\u629e<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\"><span id=\"era_2_permissionsid-token_write_ganai\">\u30a8\u30e9\u30fc 2: permissions.id-token: write \u304c\u306a\u3044<\/span><\/h3>\n<p><strong>\u75c7\u72b6<\/strong>:<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-plain\"><code>Error: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL<\/code><\/pre>\n<\/div>\n<p><strong>\u539f\u56e0<\/strong>:<br \/>GitHub Actions \u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306b<code>permissions.id-token: write<\/code>\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u3002<\/p>\n<p><strong>\u89e3\u6c7a\u65b9\u6cd5<\/strong>:<\/p>\n<p>\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u30d5\u30a1\u30a4\u30eb\u306b<code>permissions<\/code>\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<div class=\"hcb_wrap\">\n<pre class=\"prism line-numbers lang-YAML\" data-lang=\"yaml\"><code>permissions:\n  id-token: write # \u2190 \u3053\u308c\u3092\u8ffd\u52a0\n  contents: read\n\njobs:\n  deploy:\n    # ...<\/code><\/pre>\n<\/div>\n<p><strong>\u6ce8\u610f<\/strong>:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-stitch-orange\">\n<li><code>permissions<\/code>\u306f job \u30ec\u30d9\u30eb\u3067\u306f\u306a\u304f\u3001<strong>\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306e\u30c8\u30c3\u30d7\u30ec\u30d9\u30eb<\/strong>\u306b\u8a18\u8ff0<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\"><span id=\"era_3_GitHub_Secrets_ga_she_dingsareteinai\">\u30a8\u30e9\u30fc 3: GitHub Secrets \u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044<\/span><\/h3>\n<p><strong>\u75c7\u72b6<\/strong>:<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \">\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nError: Input required and not supplied: client-id\n<\/pre>\n<\/div>\n<p><strong>\u539f\u56e0<\/strong>:<br \/><code>AZURE_CLIENT_ID<\/code>\u306a\u3069\u306e GitHub Secrets \u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u3002<\/p>\n<p><strong>\u89e3\u6c7a\u65b9\u6cd5<\/strong>:<\/p>\n<h4 class=\"wp-block-heading\"><span id=\"1_GitHub_Secrets_wo_que_ren\">1. GitHub Secrets \u3092\u78ba\u8a8d<\/span><\/h4>\n<p>GitHub \u30ea\u30dd\u30b8\u30c8\u30ea\u306e<strong>Settings \u2192 Secrets and variables \u2192 Actions<\/strong>\u3067\u3001\u4ee5\u4e0b\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u304b\u78ba\u8a8d:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-main-color\">\n<li><code>AZURE_CLIENT_ID<\/code><\/li>\n<li><code>AZURE_TENANT_ID<\/code><\/li>\n<li><code>AZURE_SUBSCRIPTION_ID<\/code><\/li>\n<\/ul>\n<h4 class=\"wp-block-heading\"><span id=\"2_she_dingsareteinai_chang_heha_zhui_jia\">2. \u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u8ffd\u52a0<\/span><\/h4>\n<p>\u4e0a\u8a18\u306e\u300cGitHub Secrets \u306e\u8a2d\u5b9a\u300d\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u53c2\u7167\u3057\u3066\u30013 \u3064\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092\u8ffd\u52a0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"debaggu_Tips\">\u30c7\u30d0\u30c3\u30b0 Tips<\/span><\/h3>\n<h4 class=\"wp-block-heading\"><span id=\"GitHub_Actions_rogudeno_que_renpointo\">GitHub Actions \u30ed\u30b0\u3067\u306e\u78ba\u8a8d\u30dd\u30a4\u30f3\u30c8<\/span><\/h4>\n<ol class=\"wp-block-list is-style-sango-list-simple\">\n<li><strong>OIDC \u30c8\u30fc\u30af\u30f3\u767a\u884c\u6210\u529f<\/strong>:<\/li>\n<\/ol>\n<div class=\"wp-block-syntaxhighlighter-code \">\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n   Federated token successfully exchanged.\n<\/pre>\n<\/div>\n<ol start=\"2\" class=\"wp-block-list is-style-sango-list-simple\">\n<li><strong>Azure Login \u6210\u529f<\/strong>:<\/li>\n<\/ol>\n<ol start=\"3\" class=\"wp-block-list is-style-sango-list-simple\">\n<li><strong>\u30c7\u30d7\u30ed\u30a4\u6210\u529f<\/strong>:<\/li>\n<\/ol>\n<p>\u3053\u308c\u3089\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u78ba\u8a8d\u3067\u304d\u308c\u3070\u3001OIDC \u8a8d\u8a3c\u306f\u6b63\u5e38\u306b\u52d5\u4f5c\u3057\u3066\u3044\u307e\u3059!<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"fan_wai_bian_Unknown_Principal_no_xue_chu_fang_fa\">\u756a\u5916\u7de8: Unknown Principal \u306e\u524a\u9664\u65b9\u6cd5<\/span><\/h3>\n<p>OIDC \u8a8d\u8a3c\u306e\u8a2d\u5b9a\u4e2d\u306b\u3001<strong>Managed Identity \u3092\u4f5c\u308a\u76f4\u3057\u305f\u308a\u524a\u9664\u3057\u305f\u308a\u3059\u308b\u3068\u3001\u30ed\u30fc\u30eb\u5272\u308a\u5f53\u3066\u3060\u3051\u304c\u6b8b\u3063\u3066\u3057\u307e\u3046<\/strong>\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u3088\u3046\u306a\u5834\u5408\u3001Azure \u30dd\u30fc\u30bf\u30eb\u3067\u6a29\u9650\u3092\u78ba\u8a8d\u3059\u308b\u3068\u300cUnknown Principal\u300d\u3068\u3057\u3066\u8868\u793a\u3055\u308c\u3001\u901a\u5e38\u306e\u65b9\u6cd5\u3067\u306f\u524a\u9664\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n<p><strong>\u8a73\u3057\u3044\u89e3\u6c7a\u65b9\u6cd5\u306f\u5225\u8a18\u4e8b\u3067\u89e3\u8aac\u3057\u3066\u3044\u307e\u3059<\/strong>:<\/p>\n<p>\ud83d\udcdd <strong><a target=\"_blank\" href=\"https:\/\/tech-lab.sios.jp\/archives\/50121\" target=\"_blank\" rel=\"noopener\" title=\"\">\u300cCannot find user or service principal\u300d\u30a8\u30e9\u30fc\u89e3\u6c7a\uff01Azure RBAC \u306e\u6b63\u3057\u3044\u524a\u9664\u65b9\u6cd5<\/a><\/strong><\/p>\n<p>\u3053\u306e\u8a18\u4e8b\u3067\u306f\u4ee5\u4e0b\u3092\u8a73\u3057\u304f\u89e3\u8aac\u3057\u3066\u3044\u307e\u3059:<\/p>\n<ul class=\"wp-block-list is-style-sango-list-yubi\">\n<li>Unknown Principal \u304c\u767a\u751f\u3059\u308b\u539f\u56e0\u3068 Azure \u306e\u4ed5\u69d8<\/li>\n<li>\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb ID \u3067\u306f\u524a\u9664\u3067\u304d\u306a\u3044\u7406\u7531\uff08\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u89e3\u8aac\uff09<\/li>\n<li>\u5272\u308a\u5f53\u3066 ID\uff08Assignment ID\uff09\u3092\u4f7f\u3063\u305f\u6b63\u3057\u3044\u524a\u9664\u65b9\u6cd5<\/li>\n<li>\u5b9f\u52d9\u3067\u306e\u63a8\u5968\u904b\u7528\u30d5\u30ed\u30fc\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56<\/li>\n<\/ul>\n<p><strong>OIDC \u8a8d\u8a3c\u306e\u8a2d\u5b9a\u524d\u306b\u30af\u30ea\u30fc\u30f3\u30a2\u30c3\u30d7\u3057\u3066\u304a\u304f\u3068\u3001\u5f8c\u3005\u306e\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u304c\u697d\u306b\u306a\u308a\u307e\u3059<\/strong>\u306e\u3067\u3001\u305c\u3072\u3054\u53c2\u7167\u304f\u3060\u3055\u3044\uff01<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"matome\">\u307e\u3068\u3081<\/span><\/h2>\n<p>\u304a\u75b2\u308c\u3055\u307e\u3067\u3057\u305f!\u9577\u3044\u8a18\u4e8b\u3067\u3057\u305f\u304c\u3001\u6700\u5f8c\u307e\u3067\u304a\u8aad\u307f\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"3_tsuno_ren_zheng_fang_shino_zai_que_ren\">3 \u3064\u306e\u8a8d\u8a3c\u65b9\u5f0f\u306e\u518d\u78ba\u8a8d<\/span><\/h3>\n<p>\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u3001GitHub Actions \u304b\u3089 Azure \u3078\u306e<strong>3 \u3064\u306e\u8a8d\u8a3c\u65b9\u5f0f<\/strong>\u3092\u5fb9\u5e95\u6bd4\u8f03\u3057\u307e\u3057\u305f:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-stitch-blue\">\n<li><strong>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb<\/strong>: \u26a0\ufe0f \u7c21\u5358\u3067\u5f15\u304d\u7d9a\u304d\u30b5\u30dd\u30fc\u30c8\uff08\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u3042\u308a\uff09<\/li>\n<li><strong>Service Principal + \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc<\/strong>: \u26a0\ufe0f \u5f93\u6765\u63a8\u5968\uff08\u7ba1\u7406\u30b3\u30b9\u30c8\u304c\u9ad8\u3044\uff09<\/li>\n<li><strong>OIDC \u8a8d\u8a3c<\/strong>: \u2705 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\uff08\u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u3067\u5b89\u5168\uff09<\/li>\n<\/ol>\n<h3 class=\"wp-block-heading\"><span id=\"OIDC_ren_zhengde_derareru_3_tsuno_dakinameritto\">OIDC \u8a8d\u8a3c\u3067\u5f97\u3089\u308c\u308b 3 \u3064\u306e\u5927\u304d\u306a\u30e1\u30ea\u30c3\u30c8<\/span><\/h3>\n<p>\u2705 <strong>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u4e0d\u8981<\/strong>: \u30d1\u30b9\u30ef\u30fc\u30c9\u30ec\u30b9\u8a8d\u8a3c\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u524a\u6e1b<br \/>\u2705 <strong>\u81ea\u52d5\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3<\/strong>: GitHub \u306e OIDC \u30c8\u30fc\u30af\u30f3(JWT)\u306f 5 \u5206\u9593\u306e\u307f\u6709\u52b9\u3001Azure \u306e\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3082\u81ea\u52d5\u7ba1\u7406\uff08\u624b\u52d5\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u4e0d\u8981\uff09<br \/>\u2705 <strong>\u76e3\u67fb\u30ed\u30b0\u5145\u5b9f<\/strong>: Azure AD \u3067\u306e\u8a73\u7d30\u306a\u8a8d\u8a3c\u30ed\u30b0\uff08\u3069\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1\u304b\u3089\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305f\u304b\u304c\u8a18\u9332\uff09\u3067\u3001\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u5bfe\u5fdc\u3082\u4e07\u5168<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"kono_ji_shide_shi_zhuangshitakoto\">\u3053\u306e\u8a18\u4e8b\u3067\u5b9f\u88c5\u3057\u305f\u3053\u3068<\/span><\/h3>\n<p>\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u5b9f\u88c5\u3092\u89e3\u8aac\u3057\u307e\u3057\u305f:<\/p>\n<ol class=\"wp-block-list is-style-sango-list-chevron\">\n<li><strong>3 \u3064\u306e\u8a8d\u8a3c\u65b9\u5f0f\u306e\u5fb9\u5e95\u6bd4\u8f03<\/strong>\uff08\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3001Service Principal\u3001OIDC\uff09<\/li>\n<li><strong>Azure \u30dd\u30fc\u30bf\u30eb\u3067\u306e\u753b\u9762\u64cd\u4f5c<\/strong>\u306b\u3088\u308b OIDC \u8a8d\u8a3c\u8a2d\u5b9a<\/li>\n<li><strong>User Assigned Managed Identity \u4f5c\u6210<\/strong><\/li>\n<li><strong>Federated Identity Credential \u8a2d\u5b9a<\/strong>\uff08\u8907\u6570 subject \u30d1\u30bf\u30fc\u30f3\u5bfe\u5fdc\uff09<\/li>\n<li><strong>RBAC \u6a29\u9650\u8a2d\u5b9a<\/strong>\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/li>\n<li><strong>GitHub Secrets \u306e\u8a2d\u5b9a\u65b9\u6cd5<\/strong>\uff08\u753b\u9762\u64cd\u4f5c\uff09<\/li>\n<li><strong>GitHub Actions \u3067\u306e\u6c4e\u7528\u7684\u306a\u8a8d\u8a3c\u8a2d\u5b9a\u65b9\u6cd5<\/strong><\/li>\n<li><strong>\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0<\/strong>\uff08\u3088\u304f\u3042\u308b\u30a8\u30e9\u30fc\u3068\u89e3\u6c7a\u65b9\u6cd5\uff09<\/li>\n<\/ol>\n<p>\u7279\u306b\u3001\u300c<strong>3 \u3064\u306e\u8a8d\u8a3c\u65b9\u5f0f\u306e\u6bd4\u8f03<\/strong>\u300d\u3068\u300c<strong>Azure \u30dd\u30fc\u30bf\u30eb\u3067\u306e\u753b\u9762\u64cd\u4f5c\u306b\u3088\u308b\u8a2d\u5b9a<\/strong>\u300d\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u306f\u8d85\u91cd\u8981\u3067\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"sekyuriti_miandeno_gai_shan_xiao_guo\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u9762\u3067\u306e\u6539\u5584\u52b9\u679c<\/span><\/h3>\n<p>\u79c1\u306e\u5834\u5408\u3001Azure Functions \u306e\u30c7\u30d7\u30ed\u30a4\u3067<strong>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u65b9\u5f0f\u3092\u4f7f\u3063\u3066\u3044\u3066<\/strong>\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u8ab2\u984c\u304c\u3042\u308a\u307e\u3057\u305f:<\/p>\n<p>\u274c XML \u30d5\u30a1\u30a4\u30eb\u5185\u306b<strong>\u5e73\u6587\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u542b\u307e\u308c\u308b<\/strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af<br \/>\u274c GitHub Secrets \u306b\u9577\u671f\u9593\u6709\u52b9\u306a\u8a8d\u8a3c\u60c5\u5831\u3092\u4fdd\u5b58<br \/>\u274c \u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306e\u518d\u751f\u6210\u30fb\u66f4\u65b0\u4f5c\u696d\u304c\u5fc5\u8981<br \/>\u274c <strong>GitHub Actions \u3067\u975e\u63a8\u5968\u8868\u793a<\/strong>\u304c\u51fa\u3066\u3073\u3063\u304f\u308a<\/p>\n<p><strong>\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb \u2192 OIDC \u8a8d\u8a3c\u306b\u76f4\u63a5\u79fb\u884c<\/strong>\u3057\u3066\u304b\u3089:<\/p>\n<p>\u2705 \u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u7ba1\u7406\u306e\u624b\u9593\u304c<strong>\u5b8c\u5168\u306b\u30bc\u30ed<\/strong><br \/>\u2705 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u304c\u5927\u5e45\u306b\u524a\u6e1b\uff08\u5e73\u6587\u30d1\u30b9\u30ef\u30fc\u30c9\u4e0d\u8981\uff09<br \/>\u2705 GitHub \u306e OIDC \u30c8\u30fc\u30af\u30f3(JWT)\u306f 5 \u5206\u9593\u306e\u307f\u6709\u52b9\u3001Azure \u306e\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3082\u81ea\u52d5\u7ba1\u7406\uff08\u624b\u52d5\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u4e0d\u8981\uff09<br \/>\u2705 \u76e3\u67fb\u30ed\u30b0\u3067\u306e\u8a8d\u8a3c\u5c65\u6b74\u304c\u660e\u78ba\uff08\u3069\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u30fb\u30d6\u30e9\u30f3\u30c1\u304b\u3089\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305f\u304b\u304c\u8a18\u9332\u3055\u308c\u308b\uff09<\/p>\n<p><strong>Service Principal \u3092\u7d4c\u7531\u305b\u305a\u3001\u6700\u521d\u304b\u3089\u6700\u7d42\u5f62\u614b\u306e OIDC \u8a8d\u8a3c\u306b\u79fb\u884c<\/strong>\u3057\u305f\u306e\u3067\u3001\u4e8c\u5ea6\u624b\u9593\u3092\u907f\u3051\u3089\u308c\u307e\u3057\u305f\u3002\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb\u306e\u5927\u5e45\u5411\u4e0a\u3068\u3001\u4eca\u5f8c\u306e\u7ba1\u7406\u30b3\u30b9\u30c8\u306e\u524a\u6e1b\u3092\u5b9f\u73fe\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"cinosuteppu\">\u6b21\u306e\u30b9\u30c6\u30c3\u30d7<\/span><\/h3>\n<p>\u3053\u306e\u8a18\u4e8b\u3067 OIDC \u8a8d\u8a3c\u306e\u57fa\u672c\u306f\u7406\u89e3\u3067\u304d\u305f\u3068\u601d\u3044\u307e\u3059\u3002\u6b21\u306f\u4ee5\u4e0b\u306b\u30c1\u30e3\u30ec\u30f3\u30b8\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044!<\/p>\n<ol class=\"wp-block-list is-style-sango-list-niku\">\n<li><strong>\u8907\u6570\u74b0\u5883\u5bfe\u5fdc<\/strong>: dev\u3001staging\u3001production \u306e 3 \u74b0\u5883\u3067 Federated Identity Credential \u3092\u5206\u3051\u308b<\/li>\n<li><strong>\u76e3\u8996\u30fb\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a<\/strong>: Application Insights \u3067\u30c7\u30d7\u30ed\u30a4\u6210\u529f\u30fb\u5931\u6557\u3092\u76e3\u8996<\/li>\n<li><strong>\u81ea\u52d5\u30c6\u30b9\u30c8\u7d71\u5408<\/strong>: GitHub Actions \u3067 CI\/CD \u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u3092\u62e1\u5f35<\/li>\n<li><strong>Infrastructure as Code<\/strong>: Bicep IaC \u3067\u8a2d\u5b9a\u3092\u81ea\u52d5\u5316\uff08\u4e0a\u7d1a\u8005\u5411\u3051\uff09<\/li>\n<\/ol>\n<p>\u7279\u306b\u3001\u300c\u8907\u6570\u74b0\u5883\u5bfe\u5fdc\u300d\u306f\u672c\u756a\u904b\u7528\u3067\u306f\u5fc5\u9808\u3067\u3059\u3002\u74b0\u5883\u3054\u3068\u306b\u7570\u306a\u308b Federated Identity Credential \u3092\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001\u8aa4\u3063\u3066\u672c\u756a\u74b0\u5883\u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u30ea\u30b9\u30af\u3092\u9632\u3052\u307e\u3059\u3002<\/p>\n<h3 class=\"wp-block-heading\"><span id=\"longchanno_suo_gan\">\u9f8d\u3061\u3083\u3093\u306e\u6240\u611f<\/span><\/h3>\n<p>GitHub Actions \u304b\u3089 Azure \u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u969b\u3001\u300c\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u304c\u7c21\u5358\u3060\u304b\u3089\u3001\u305d\u308c\u3067\u3044\u3044\u3084\u300d\u3063\u3066\u601d\u3063\u3066\u3044\u305f\u65b9\u3001<strong>\u79c1\u3068\u540c\u3058\u3088\u3046\u306b\u300cDeprecated\u300d\u3063\u3066\u8868\u793a\u3055\u308c\u3066\u3073\u3063\u304f\u308a\u3059\u308b\u524d\u306b<\/strong>\u3001\u305c\u3072 OIDC \u8a8d\u8a3c\u306b\u30c1\u30e3\u30ec\u30f3\u30b8\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044!<\/p>\n<p>\u79c1\u3082\u6700\u521d\u306f\u300c\u8a2d\u5b9a\u304c\u3084\u3084\u3053\u3057\u305d\u3046\u2026Service Principal \u3068\u304b\u7d4c\u7531\u3057\u305f\u65b9\u304c\u3044\u3044\u306e\u304b\u306a?\u300d\u3063\u3066\u601d\u3063\u305f\u3093\u3067\u3059\u304c\u3001<strong>\u3044\u304d\u306a\u308a OIDC \u8a8d\u8a3c\u306b\u79fb\u884c\u3057\u3066\u6b63\u89e3\u3067\u3057\u305f<\/strong>\u3002<\/p>\n<p>\u3053\u306e\u8a18\u4e8b\u306e\u624b\u9806\u901a\u308a\u306b\u9032\u3081\u308c\u3070\u3001Azure CLI \u3068 Azure \u30dd\u30fc\u30bf\u30eb\u306e\u753b\u9762\u64cd\u4f5c\u3067\u8a2d\u5b9a\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u4e00\u5ea6\u8a2d\u5b9a\u3057\u3066\u3057\u307e\u3048\u3070\u3001\u305d\u306e\u5f8c\u306e\u7ba1\u7406\u304c\u8d85\u30e9\u30af!<\/p>\n<p>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30ad\u30fc\u306e\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u4f5c\u696d\u304b\u3089\u89e3\u653e\u3055\u308c\u3066\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb\u3082\u5411\u4e0a\u3059\u308b\u3002<\/p>\n<p>Microsoft \u516c\u5f0f\u304c\u63a8\u5968\u3057\u3066\u3044\u308b\u65b9\u5f0f\u306a\u306e\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u9762\u3067\u3082\u4fe1\u983c\u6027\u304c\u9ad8\u304f\u3001\u4eca\u5f8c\u306e\u30c7\u30d7\u30ed\u30a4\u306e\u30b9\u30bf\u30f3\u30c0\u30fc\u30c9\u306b\u306a\u3063\u3066\u3044\u304f\u306f\u305a\u3067\u3059\u3002<\/p>\n<p>\u8cea\u554f\u3084\u300c\u3053\u3093\u306a\u30a8\u30e9\u30fc\u304c\u51fa\u305f!\u300d\u306a\u3069\u306e\u56f0\u308a\u3054\u3068\u304c\u3042\u308c\u3070\u3001\u305c\u3072\u30b3\u30e1\u30f3\u30c8\u6b04\u3067\u6559\u3048\u3066\u304f\u3060\u3055\u3044\u3002\u4e00\u7dd2\u306b\u89e3\u6c7a\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046!<\/p>\n<p>\u305d\u308c\u3067\u306f\u3001\u30bb\u30ad\u30e5\u30a2\u3067\u697d\u306a Azure \u30c7\u30d7\u30ed\u30a4\u30e9\u30a4\u30d5\u3092!<\/p>\n<h2 class=\"wp-block-heading\"><span id=\"can_kaorinku\">\u53c2\u8003\u30ea\u30f3\u30af<\/span><\/h2>\n<h3 class=\"wp-block-heading\"><span id=\"gong_shidokyumento\">\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/span><\/h3>\n<p><!-- Anyway Feedback Container \/\/--><\/p>\n<p><!-- \/\/Anyway Feedback Container --><\/div>\n\n<br \/><a href=\"https:\/\/tech-lab.sios.jp\/archives\/50126\">\u5143\u306e\u8a18\u4e8b\u3092\u78ba\u8a8d\u3059\u308b <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\u306f\u3058\u3081\u306b \u3069\u3082\uff01\u4e45\u3057\u3076\u308a\u306b\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u3042\u3055\u3063\u3066\u3044\u305f\u3089\u3001\u81ea\u5206\u304c\u4f7f\u3063\u3066\u3044\u305f\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u8a8d\u8a3c\u304c\u300cnot recommended\u300d\u3068\u8a18\u8f09\u3055\u308c\u3066\u3044\u3066\u30d3\u30c3\u30af\u30ea\u4ef0\u5929\u3057\u305f\u9f8d\u3061\u3083\u3093\u3067\u3059\u3002 \u7686\u3055\u3093\u3001GitHub Actions \u304b [&hellip;]","protected":false},"author":1,"featured_media":22319,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-22318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-company-tec"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248 - \u30dd\u30b1\u30b3\u30f3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tech-lab.sios.jp\/archives\/50126\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248 - \u30dd\u30b1\u30b3\u30f3\" \/>\n<meta property=\"og:description\" content=\"\u306f\u3058\u3081\u306b \u3069\u3082\uff01\u4e45\u3057\u3076\u308a\u306b\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u3042\u3055\u3063\u3066\u3044\u305f\u3089\u3001\u81ea\u5206\u304c\u4f7f\u3063\u3066\u3044\u305f\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u8a8d\u8a3c\u304c\u300cnot recommended\u300d\u3068\u8a18\u8f09\u3055\u308c\u3066\u3044\u3066\u30d3\u30c3\u30af\u30ea\u4ef0\u5929\u3057\u305f\u9f8d\u3061\u3083\u3093\u3067\u3059\u3002 \u7686\u3055\u3093\u3001GitHub Actions \u304b [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tech-lab.sios.jp\/archives\/50126\" \/>\n<meta property=\"og:site_name\" content=\"\u30dd\u30b1\u30b3\u30f3\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-05T02:04:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/a43ecfa8fdea0ee43a27077e758c5892.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"info@pokecon.jp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"info@pokecon.jp\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"8\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/22318\\\/\"},\"author\":{\"name\":\"info@pokecon.jp\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\"},\"headline\":\"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248\",\"datePublished\":\"2025-11-05T02:04:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/22318\\\/\"},\"wordCount\":702,\"image\":{\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/a43ecfa8fdea0ee43a27077e758c5892.jpg\",\"articleSection\":[\"\u4f01\u696d\u30c6\u30c3\u30af\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/22318\\\/\",\"url\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126\",\"name\":\"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248 - \u30dd\u30b1\u30b3\u30f3\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/a43ecfa8fdea0ee43a27077e758c5892.jpg\",\"datePublished\":\"2025-11-05T02:04:28+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#primaryimage\",\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/a43ecfa8fdea0ee43a27077e758c5892.jpg\",\"contentUrl\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/a43ecfa8fdea0ee43a27077e758c5892.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/tech-lab.sios.jp\\\/archives\\\/50126#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u30db\u30fc\u30e0\",\"item\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#website\",\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/\",\"name\":\"\u30dd\u30b1\u30b3\u30f3\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/#\\\/schema\\\/person\\\/16c9f07b1ba984d165d9aee259bda997\",\"name\":\"info@pokecon.jp\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g\",\"caption\":\"info@pokecon.jp\"},\"url\":\"https:\\\/\\\/pokecon.jp\\\/job\\\/author\\\/infopokecon-jp\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248 - \u30dd\u30b1\u30b3\u30f3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tech-lab.sios.jp\/archives\/50126","og_locale":"ja_JP","og_type":"article","og_title":"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248 - \u30dd\u30b1\u30b3\u30f3","og_description":"\u306f\u3058\u3081\u306b \u3069\u3082\uff01\u4e45\u3057\u3076\u308a\u306b\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u3042\u3055\u3063\u3066\u3044\u305f\u3089\u3001\u81ea\u5206\u304c\u4f7f\u3063\u3066\u3044\u305f\u767a\u884c\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u8a8d\u8a3c\u304c\u300cnot recommended\u300d\u3068\u8a18\u8f09\u3055\u308c\u3066\u3044\u3066\u30d3\u30c3\u30af\u30ea\u4ef0\u5929\u3057\u305f\u9f8d\u3061\u3083\u3093\u3067\u3059\u3002 \u7686\u3055\u3093\u3001GitHub Actions \u304b [&hellip;]","og_url":"https:\/\/tech-lab.sios.jp\/archives\/50126","og_site_name":"\u30dd\u30b1\u30b3\u30f3","article_published_time":"2025-11-05T02:04:28+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/a43ecfa8fdea0ee43a27077e758c5892.jpg","type":"image\/jpeg"}],"author":"info@pokecon.jp","twitter_card":"summary_large_image","twitter_misc":{"\u57f7\u7b46\u8005":"info@pokecon.jp","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"8\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#article","isPartOf":{"@id":"https:\/\/pokecon.jp\/job\/22318\/"},"author":{"name":"info@pokecon.jp","@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997"},"headline":"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248","datePublished":"2025-11-05T02:04:28+00:00","mainEntityOfPage":{"@id":"https:\/\/pokecon.jp\/job\/22318\/"},"wordCount":702,"image":{"@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#primaryimage"},"thumbnailUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/a43ecfa8fdea0ee43a27077e758c5892.jpg","articleSection":["\u4f01\u696d\u30c6\u30c3\u30af"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/pokecon.jp\/job\/22318\/","url":"https:\/\/tech-lab.sios.jp\/archives\/50126","name":"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248 - \u30dd\u30b1\u30b3\u30f3","isPartOf":{"@id":"https:\/\/pokecon.jp\/job\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#primaryimage"},"image":{"@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#primaryimage"},"thumbnailUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/a43ecfa8fdea0ee43a27077e758c5892.jpg","datePublished":"2025-11-05T02:04:28+00:00","author":{"@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997"},"breadcrumb":{"@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tech-lab.sios.jp\/archives\/50126"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#primaryimage","url":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/a43ecfa8fdea0ee43a27077e758c5892.jpg","contentUrl":"https:\/\/pokecon.jp\/job\/wp-content\/uploads\/2025\/11\/a43ecfa8fdea0ee43a27077e758c5892.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/tech-lab.sios.jp\/archives\/50126#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u30db\u30fc\u30e0","item":"https:\/\/pokecon.jp\/job\/"},{"@type":"ListItem","position":2,"name":"GitHub Actions\u2192Azure \u8a8d\u8a3c\u306e\u5b9f\u88c5\u624b\u9806\uff01OIDC\u00d7Azure CLI \u3067\u7206\u901f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7 2025\u5e74\u7248"}]},{"@type":"WebSite","@id":"https:\/\/pokecon.jp\/job\/#website","url":"https:\/\/pokecon.jp\/job\/","name":"\u30dd\u30b1\u30b3\u30f3","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pokecon.jp\/job\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/pokecon.jp\/job\/#\/schema\/person\/16c9f07b1ba984d165d9aee259bda997","name":"info@pokecon.jp","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2b0549cd9f7907c092ca5fbb283baf72337f235726e4b46fa39ec0b701ac2fe2?s=96&d=wavatar&r=g","caption":"info@pokecon.jp"},"url":"https:\/\/pokecon.jp\/job\/author\/infopokecon-jp\/"}]}},"_links":{"self":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/22318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/comments?post=22318"}],"version-history":[{"count":1,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/22318\/revisions"}],"predecessor-version":[{"id":22320,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/posts\/22318\/revisions\/22320"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/media\/22319"}],"wp:attachment":[{"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/media?parent=22318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/categories?post=22318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pokecon.jp\/job\/wp-json\/wp\/v2\/tags?post=22318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}