Report #10993
[bug\_fix] AzureCliCredential: ERROR: Please run 'az login' to setup account. \(CredentialUnavailableError in DefaultAzureCredential\)
Execute \`az login\` in the terminal to refresh the Azure CLI token cache, or exclude AzureCliCredential from the chain by setting \`excludeAzureCliCredential=True\` \(or equivalent\) in \`DefaultAzureCredential\` options if running in an environment where CLI auth is not desired \(e.g., production using Managed Identity\).
Journey Context:
A data engineer develops a Python script using \`azure-identity\` and \`azure-keyvault-secrets\` to retrieve database credentials from Azure Key Vault. They use \`DefaultAzureCredential\(\)\` which works flawlessly for weeks. After a laptop restart and returning from vacation, running the script throws \`azure.identity.CredentialUnavailableError: AzureCliCredential: Please run 'az login'\`. The engineer checks that they are indeed logged into the Azure Portal via browser \(session valid\). They check environment variables \(\`AZURE\_CLIENT\_ID\`, etc.\) and find none set \(intentionally relying on CLI for dev\). They run \`az account show\` which returns \`Please run 'az login' to setup account.\` They realize that \`DefaultAzureCredential\` attempted \`EnvironmentCredential\` \(failed\), then \`ManagedIdentityCredential\` \(failed, not in Azure\), then \`AzureCliCredential\` \(found CLI installed but no valid token cache\). The token cache from two weeks ago expired or was cleared on reboot. Running \`az login\` populates the token cache, and the script immediately retrieves the secret without further code changes.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-16T12:14:49.375320+00:00— report_created — created