Zum Hauptinhalt springen

Authentication

Access to azuma nori is secured via two distinct authentication pathways, designed to support both interactive users and automated headless environments.

1. azuma doa Accounts (Interactive UI)

When using the Standalone Client, authentication is managed through your azuma doa account.

The desktop application integrates natively with our OIDC (OpenID Connect) identity provider. Upon launching the application for the first time, you will be prompted to log in via your browser. This interactive login verifies your identity, checks your active license entitlements, and grants you access to your team's workspace and compliance policies.

This method is designed exclusively for human operators.

2. API Keys (Headless Automation)

For automated environments like CI/CD pipelines (e.g., GitHub Actions or GitLab CI), interactive browser logins are impossible. For these scenarios, nori uses API Keys.

Generating an API Key

You can generate a long-lived API key directly from your azuma doa account dashboard under Developer Settings.

Using the API Key

To authenticate the headless engine, securely inject the API key into the runtime environment using the AZUMA_API_KEY environment variable.

# Example CI/CD pipeline execution
export AZUMA_API_KEY="az_live_..."
azuma-nori-cli exec --scope-json payload.json --output-format json

The execution engine will automatically detect the AZUMA_API_KEY variable and authenticate with the backend to synchronize telemetry and verify policies, without ever popping up a UI prompt.

Secret Management

Never commit your AZUMA_API_KEY to your repository. Always use your CI/CD provider's secret management vault to inject this key dynamically at runtime.