Separate Azure OAuth env vars to different env variables for each app connection

2026-01-09 15:38:03 -05:00 · 2025-07-28 09:14:43 -03:00
parent c421057cf1
commit 0779091d1f
10 changed files with 142 additions and 41 deletions
--- a/.env.example
+++ b/.env.example
@@ -126,6 +126,18 @@ INF_APP_CONNECTION_GCP_SERVICE_ACCOUNT_CREDENTIAL=
 INF_APP_CONNECTION_AZURE_CLIENT_ID=
 INF_APP_CONNECTION_AZURE_CLIENT_SECRET=

+INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID=
+INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_SECRET=
+
+INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID=
+INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET=
+
+INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID=
+INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_SECRET=
+
+INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID=
+INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET=
+
 # datadog
 SHOULD_USE_DATADOG_TRACER=
 DATADOG_PROFILING_ENABLED=
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@@ -264,6 +264,14 @@ const envSchema = z
    // azure app
    INF_APP_CONNECTION_AZURE_CLIENT_ID: zpStr(z.string().optional()),
    INF_APP_CONNECTION_AZURE_CLIENT_SECRET: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_SECRET: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_SECRET: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID: zpStr(z.string().optional()),
+    INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET: zpStr(z.string().optional()),

    // datadog
    SHOULD_USE_DATADOG_TRACER: zodStrBool.default("false"),
@@ -461,6 +469,38 @@ export const overwriteSchema: {
      {
        key: "INF_APP_CONNECTION_AZURE_CLIENT_SECRET",
        description: "The Client Secret of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID",
+        description: "The Application (Client) ID of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_SECRET",
+        description: "The Client Secret of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID",
+        description: "The Application (Client) ID of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET",
+        description: "The Client Secret of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID",
+        description: "The Application (Client) ID of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_SECRET",
+        description: "The Client Secret of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID",
+        description: "The Application (Client) ID of your Azure application."
+      },
+      {
+        key: "INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET",
+        description: "The Client Secret of your Azure application."
      }
    ]
  },
--- a/backend/src/services/app-connection/azure-app-configuration/azure-app-configuration-connection-fns.ts
+++ b/backend/src/services/app-connection/azure-app-configuration/azure-app-configuration-connection-fns.ts
@@ -14,13 +14,13 @@ import {
 } from "./azure-app-configuration-connection-types";

 export const getAzureAppConfigurationConnectionListItem = () => {
-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID } = getConfig();
+  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID } = getConfig();

  return {
    name: "Azure App Configuration" as const,
    app: AppConnection.AzureAppConfiguration as const,
    methods: Object.values(AzureAppConfigurationConnectionMethod) as [AzureAppConfigurationConnectionMethod.OAuth],
-    oauthClientId: INF_APP_CONNECTION_AZURE_CLIENT_ID
+    oauthClientId: INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID
  };
 };

@@ -29,9 +29,19 @@ export const validateAzureAppConfigurationConnectionCredentials = async (
 ) => {
  const { credentials: inputCredentials, method } = config;

-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_CLIENT_SECRET, SITE_URL } = getConfig();
+  const {
+    INF_APP_CONNECTION_AZURE_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+    INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_SECRET,
+    SITE_URL
+  } = getConfig();

-  if (!INF_APP_CONNECTION_AZURE_CLIENT_ID || !INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+  const azureClientId = INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID;
+  const azureClientSecret =
+    INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_SECRET || INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+
+  if (!azureClientId || !azureClientSecret) {
    throw new InternalServerError({
      message: `Azure ${getAppConnectionMethodName(method)} environment variables have not been configured`
    });
@@ -47,8 +57,8 @@ export const validateAzureAppConfigurationConnectionCredentials = async (
        grant_type: "authorization_code",
        code: inputCredentials.code,
        scope: `openid offline_access https://azconfig.io/.default`,
-        client_id: INF_APP_CONNECTION_AZURE_CLIENT_ID,
-        client_secret: INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+        client_id: azureClientId,
+        client_secret: azureClientSecret,
        redirect_uri: `${SITE_URL}/organization/app-connections/azure/oauth/callback`
      })
    );
--- a/backend/src/services/app-connection/azure-client-secrets/azure-client-secrets-connection-fns.ts
+++ b/backend/src/services/app-connection/azure-client-secrets/azure-client-secrets-connection-fns.ts
@@ -23,7 +23,7 @@ import {
 } from "./azure-client-secrets-connection-types";

 export const getAzureClientSecretsConnectionListItem = () => {
-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID } = getConfig();
+  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID } = getConfig();

  return {
    name: "Azure Client Secrets" as const,
@@ -32,7 +32,7 @@ export const getAzureClientSecretsConnectionListItem = () => {
      AzureClientSecretsConnectionMethod.OAuth,
      AzureClientSecretsConnectionMethod.ClientSecret
    ],
-    oauthClientId: INF_APP_CONNECTION_AZURE_CLIENT_ID
+    oauthClientId: INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID
  };
 };

@@ -64,7 +64,11 @@ export const getAzureConnectionAccessToken = async (
  const currentTime = Date.now();
  switch (appConnection.method) {
    case AzureClientSecretsConnectionMethod.OAuth:
-      if (!appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID || !appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+      const azureClientId =
+        appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID || appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID;
+      const azureClientSecret =
+        appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_SECRET || appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+      if (!azureClientId || !azureClientSecret) {
        throw new BadRequestError({
          message: `Azure OAuth environment variables have not been configured`
        });
@@ -74,8 +78,8 @@ export const getAzureConnectionAccessToken = async (
        new URLSearchParams({
          grant_type: "refresh_token",
          scope: `openid offline_access https://graph.microsoft.com/.default`,
-          client_id: appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID,
-          client_secret: appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+          client_id: azureClientId,
+          client_secret: azureClientSecret,
          refresh_token: refreshToken
        })
      );
@@ -142,7 +146,13 @@ export const getAzureConnectionAccessToken = async (
 export const validateAzureClientSecretsConnectionCredentials = async (config: TAzureClientSecretsConnectionConfig) => {
  const { credentials: inputCredentials, method } = config;

-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_CLIENT_SECRET, SITE_URL } = getConfig();
+  const {
+    INF_APP_CONNECTION_AZURE_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_SECRET,
+    SITE_URL
+  } = getConfig();

  switch (method) {
    case AzureClientSecretsConnectionMethod.OAuth:
@@ -150,7 +160,11 @@ export const validateAzureClientSecretsConnectionCredentials = async (config: TA
        throw new InternalServerError({ message: "SITE_URL env var is required to complete Azure OAuth flow" });
      }

-      if (!INF_APP_CONNECTION_AZURE_CLIENT_ID || !INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+      const azureClientId = INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID;
+      const azureClientSecret =
+        INF_APP_CONNECTION_AZURE_CLIENT_SECRET_CLIENT_SECRET || INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+
+      if (!azureClientId || !azureClientSecret) {
        throw new InternalServerError({
          message: `Azure ${getAppConnectionMethodName(method)} environment variables have not been configured`
        });
@@ -166,8 +180,8 @@ export const validateAzureClientSecretsConnectionCredentials = async (config: TA
            grant_type: "authorization_code",
            code: inputCredentials.code,
            scope: `openid offline_access https://graph.microsoft.com/.default`,
-            client_id: INF_APP_CONNECTION_AZURE_CLIENT_ID,
-            client_secret: INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+            client_id: azureClientId,
+            client_secret: azureClientSecret,
            redirect_uri: `${SITE_URL}/organization/app-connections/azure/oauth/callback`
          })
        );
--- a/backend/src/services/app-connection/azure-devops/azure-devops-fns.ts
+++ b/backend/src/services/app-connection/azure-devops/azure-devops-fns.ts
@@ -23,7 +23,7 @@ import {
 } from "./azure-devops-types";

 export const getAzureDevopsConnectionListItem = () => {
-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID } = getConfig();
+  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID } = getConfig();

  return {
    name: "Azure DevOps" as const,
@@ -32,7 +32,7 @@ export const getAzureDevopsConnectionListItem = () => {
      AzureDevOpsConnectionMethod.OAuth,
      AzureDevOpsConnectionMethod.AccessToken
    ],
-    oauthClientId: INF_APP_CONNECTION_AZURE_CLIENT_ID
+    oauthClientId: INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID
  };
 };

@@ -63,7 +63,11 @@ export const getAzureDevopsConnection = async (
  switch (appConnection.method) {
    case AzureDevOpsConnectionMethod.OAuth:
      const appCfg = getConfig();
-      if (!appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID || !appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+      const azureClientId =
+        appCfg.INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID || appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID;
+      const azureClientSecret =
+        appCfg.INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET || appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+      if (!azureClientId || !azureClientSecret) {
        throw new BadRequestError({
          message: `Azure environment variables have not been configured`
        });
@@ -81,8 +85,8 @@ export const getAzureDevopsConnection = async (
        new URLSearchParams({
          grant_type: "refresh_token",
          scope: `https://app.vssps.visualstudio.com/.default`,
-          client_id: appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID,
-          client_secret: appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+          client_id: azureClientId,
+          client_secret: azureClientSecret,
          refresh_token: refreshToken
        })
      );
@@ -119,7 +123,13 @@ export const getAzureDevopsConnection = async (
 export const validateAzureDevOpsConnectionCredentials = async (config: TAzureDevOpsConnectionConfig) => {
  const { credentials: inputCredentials, method } = config;

-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_CLIENT_SECRET, SITE_URL } = getConfig();
+  const {
+    INF_APP_CONNECTION_AZURE_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+    INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET,
+    SITE_URL
+  } = getConfig();

  switch (method) {
    case AzureDevOpsConnectionMethod.OAuth:
@@ -127,7 +137,9 @@ export const validateAzureDevOpsConnectionCredentials = async (config: TAzureDev
        throw new InternalServerError({ message: "SITE_URL env var is required to complete Azure OAuth flow" });
      }

-      if (!INF_APP_CONNECTION_AZURE_CLIENT_ID || !INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+      const azureClientId = INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID;
+      const azureClientSecret = INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET || INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+      if (!azureClientId || !azureClientSecret) {
        throw new InternalServerError({
          message: `Azure ${getAppConnectionMethodName(method)} environment variables have not been configured`
        });
@@ -144,8 +156,8 @@ export const validateAzureDevOpsConnectionCredentials = async (config: TAzureDev
            grant_type: "authorization_code",
            code: oauthCredentials.code,
            scope: `https://app.vssps.visualstudio.com/.default`,
-            client_id: INF_APP_CONNECTION_AZURE_CLIENT_ID,
-            client_secret: INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+            client_id: azureClientId,
+            client_secret: azureClientSecret,
            redirect_uri: `${SITE_URL}/organization/app-connections/azure/oauth/callback`
          })
        );
--- a/backend/src/services/app-connection/azure-key-vault/azure-key-vault-connection-fns.ts
+++ b/backend/src/services/app-connection/azure-key-vault/azure-key-vault-connection-fns.ts
@@ -26,7 +26,11 @@ export const getAzureConnectionAccessToken = async (
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">
 ) => {
  const appCfg = getConfig();
-  if (!appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID || !appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+  const azureClientId =
+    appCfg.INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID || appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID;
+  const azureClientSecret =
+    appCfg.INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET || appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+  if (!azureClientId || !azureClientSecret) {
    throw new BadRequestError({
      message: `Azure environment variables have not been configured`
    });
@@ -57,8 +61,8 @@ export const getAzureConnectionAccessToken = async (
    new URLSearchParams({
      grant_type: "refresh_token",
      scope: `openid offline_access`,
-      client_id: appCfg.INF_APP_CONNECTION_AZURE_CLIENT_ID,
-      client_secret: appCfg.INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+      client_id: azureClientId,
+      client_secret: azureClientSecret,
      refresh_token: credentials.refreshToken
    })
  );
@@ -92,22 +96,31 @@ export const getAzureConnectionAccessToken = async (
 };

 export const getAzureKeyVaultConnectionListItem = () => {
-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID } = getConfig();
+  const { INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID, INF_APP_CONNECTION_AZURE_CLIENT_ID } = getConfig();

  return {
    name: "Azure Key Vault" as const,
    app: AppConnection.AzureKeyVault as const,
    methods: Object.values(AzureKeyVaultConnectionMethod) as [AzureKeyVaultConnectionMethod.OAuth],
-    oauthClientId: INF_APP_CONNECTION_AZURE_CLIENT_ID
+    oauthClientId: INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID
  };
 };

 export const validateAzureKeyVaultConnectionCredentials = async (config: TAzureKeyVaultConnectionConfig) => {
  const { credentials: inputCredentials, method } = config;

-  const { INF_APP_CONNECTION_AZURE_CLIENT_ID, INF_APP_CONNECTION_AZURE_CLIENT_SECRET, SITE_URL } = getConfig();
+  const {
+    INF_APP_CONNECTION_AZURE_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+    INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID,
+    INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET,
+    SITE_URL
+  } = getConfig();

-  if (!INF_APP_CONNECTION_AZURE_CLIENT_ID || !INF_APP_CONNECTION_AZURE_CLIENT_SECRET) {
+  const azureClientId = INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID || INF_APP_CONNECTION_AZURE_CLIENT_ID;
+  const azureClientSecret = INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET || INF_APP_CONNECTION_AZURE_CLIENT_SECRET;
+
+  if (!azureClientId || !azureClientSecret) {
    throw new InternalServerError({
      message: `Azure ${getAppConnectionMethodName(method)} environment variables have not been configured`
    });
@@ -123,8 +136,8 @@ export const validateAzureKeyVaultConnectionCredentials = async (config: TAzureK
        grant_type: "authorization_code",
        code: inputCredentials.code,
        scope: `openid offline_access https://vault.azure.net/.default`,
-        client_id: INF_APP_CONNECTION_AZURE_CLIENT_ID,
-        client_secret: INF_APP_CONNECTION_AZURE_CLIENT_SECRET,
+        client_id: azureClientId,
+        client_secret: azureClientSecret,
        redirect_uri: `${SITE_URL}/organization/app-connections/azure/oauth/callback`
      })
    );
--- a/docs/integrations/app-connections/azure-app-configuration.mdx
+++ b/docs/integrations/app-connections/azure-app-configuration.mdx
@@ -50,8 +50,8 @@ Infisical currently only supports one method for connecting to Azure, which is O

      Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.

-      - `INF_APP_CONNECTION_AZURE_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
-      - `INF_APP_CONNECTION_AZURE_CLIENT_SECRET`: The **Client Secret** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_APP_CONFIGURATION_CLIENT_SECRET`: The **Client Secret** of your Azure application.

      Once added, restart your Infisical instance and use the Azure App Configuration connection.
    </Step>
--- a/docs/integrations/app-connections/azure-client-secrets.mdx
+++ b/docs/integrations/app-connections/azure-client-secrets.mdx
@@ -57,8 +57,8 @@ Infisical currently only supports one method for connecting to Azure, which is O

      Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.

-      - `INF_APP_CONNECTION_AZURE_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
-      - `INF_APP_CONNECTION_AZURE_CLIENT_SECRET`: The **Client Secret** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_CLIENT_SECRETS_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_CLIENT_SECRETS_CLIENT_SECRET`: The **Client Secret** of your Azure application.

      Once added, restart your Infisical instance and use the Azure Client Secrets connection.
    </Step>
--- a/docs/integrations/app-connections/azure-devops.mdx
+++ b/docs/integrations/app-connections/azure-devops.mdx
@@ -56,8 +56,8 @@ Infisical currently supports two methods for connecting to Azure DevOps, which a

      Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.

-      - `INF_APP_CONNECTION_AZURE_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
-      - `INF_APP_CONNECTION_AZURE_CLIENT_SECRET`: The **Client Secret** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET`: The **Client Secret** of your Azure application.

      Once added, restart your Infisical instance and use the Azure Client Secrets connection.
    </Step>
--- a/docs/integrations/app-connections/azure-key-vault.mdx
+++ b/docs/integrations/app-connections/azure-key-vault.mdx
@@ -49,8 +49,8 @@ Infisical currently only supports one method for connecting to Azure, which is O

      Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.

-      - `INF_APP_CONNECTION_AZURE_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
-      - `INF_APP_CONNECTION_AZURE_CLIENT_SECRET`: The **Client Secret** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_ID`: The **Application (Client) ID** of your Azure application.
+      - `INF_APP_CONNECTION_AZURE_KEY_VAULT_CLIENT_SECRET`: The **Client Secret** of your Azure application.

      Once added, restart your Infisical instance and use the Azure Key Vault connection.
    </Step>