Start a new topic

Azure Bastion session separation

Just another feature suggestion which would increase security and decrease the risk of getting az logins muddled up. Which would especially be risky for MSPs like ourselves where we deal with a lot of environments at the same time and where we absolutely need the ability for multi-tenancy.

If the az login command is preceded by setting the environmental variable AZURE_CONFIG_DIR, the login is only saved whenever the location that variable is used as that's where the cli stores and retrieves the config for the current session.

So if you set $env:AZURE_CONFIG_DIR = 'C:\temp', the az login in that session will be saved to C:\temp.

Would it be possible if RoyalTS creates a folder that is unique to the used Azure Bastion Gateway and then sets this variable before executing the az login command that uses that Bastion? These can automatically be cleaned up after RoyalTS is closed so no tokens and config of the used sessions remain.

I have tried adding this as a pre-connect task but unfortunately this does not work. I think this uses a different execution session than the az connect that Royal TS does when opening up the tunnel. It would be great to be able to set a config directory for each bastion host that you configure in Royal TS. Is there any other way we could accomplish this? Right now we have to reauthenticate every time we switch environments and our engineers may be working in as many as 6-10 at a time. This is really frustrating. Thanks!

Hi Tom,

the next release will have this on board.


Login or Signup to post a comment