Here's my TL;DR on Azure Service Principals, with a full example of creating one to push docker images to Azure Container Registry.
First, you need an Azure Container Registry. So, go make one. And, once you're done go to its page in the UI and click Overview > JSON View
. See that Resource ID
? Copy that. That will become the scope
or the Azure thing we want to give to give our principal access to. Scopes can be at various levels. In this example, I'm very finely scoping down to ONLY this container registry resource. This principal will have no permissions anywhere else. You can go up levels in the scope hierarchy if you want, and say, provide access to all resources in a resource group
or even a subscription
. My resource ID looks a bit like this: /subscriptions/1d6a...982f/resourceGroups/my-container-registry/providers/Microsoft.ContainerRegistry/registries/registryname
.
Also, store the name of your registry if you want to push an image to it later.
Second, you need to determine what permissions