AzureAzure
​AzureCertified

Leverage Microsoft Azure services within Kestra data workflows.

CLI icon
CLI

Tasks that run Azure CLI commands within Kestra.

1 Tasks

1 Blueprints

Function icon
Function

Tasks that invoke Azure Functions over HTTP and return responses to flows.

1 Tasks

Table icon
Table

Tasks that interact with Azure Table Storage entities.

4 Tasks

Monitoring icon
Monitoring

Tasks that query or ingest metrics with Azure Monitor.

3 Tasks

Authentication icon
Authentication

Tasks that obtain Azure access tokens for authenticated calls to other services.

1 Tasks

Eventhubs icon
Eventhubs

Tasks that publish, consume, and trigger on Azure Event Hubs streams.

4 Tasks

Datafactory icon
Datafactory

Tasks that start and monitor Azure Data Factory pipelines for ETL and integration.

1 Tasks

ADLS icon
ADLS

Tasks that work with Azure Data Lake Storage for large-scale file operations and analytics workloads.

8 Tasks

Job icon
Job

Tasks that create and supervise Azure Batch jobs and their tasks.

1 Tasks

Pool icon
Pool

Tasks that scale and manage Azure Batch pools.

1 Tasks

Blob icon
Blob

Tasks that manage data in Azure Blob Storage for object and file workflows.

9 Tasks

1 Blueprints

How to use this plugin

Authentication

All tasks must be authenticated for the Azure Platform. Multiple authentication methods are supported:

1. Service Principal with Client Secret

You can set the following task properties:

  • tenantId: Directory (tenant) ID of the Azure Active Directory instance.
  • clientId: Application (client) ID of your service principal.
  • clientSecret: Secret associated with your service principal.

This is a common method for server-to-server authentication and recommended for automation scenarios. This is best used with secrets to avoid exposing credentials in plain text.

2. Service Principal with Certificate

Alternatively, you can use a PEM certificate for authentication by specifying:

  • tenantId
  • clientId
  • pemCertificate: PEM-formatted certificate content.

This method is preferred over client secrets when enhanced security and certificate lifecycle management are required.

3. Default Azure Credentials

If no client secret or certificate is defined, the DefaultAzureCredential chain will be used. This includes:

  • Environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, etc.).
  • Managed identity for Azure resources (if the task is running on an Azure VM, App Service, etc.).
  • Azure CLI logged-in user.
  • Visual Studio Code or Azure Developer CLI credentials.

⚠️ In all cases, specifying tenantId is required.

4. SAS Token or Shared Key Authentication

Some Azure services support alternate authentication modes:

  • Shared Key: use sharedKeyAccountName and sharedKeyAccountAccessKey for services like Azure Storage.
  • SAS Token: use sasToken for temporary delegated access to resources.

These can also be stored as secrets.

Common Properties

  • endpoint: Most tasks require an endpoint property pointing to the Azure service endpoint (e.g., Blob storage URL).
  • scopes: Some tasks allow you to define custom scopes (defaults to https://management.azure.com/.default).

Example

yaml
id: azure_get_token
namespace: company.team

tasks: 
  - id: get_access_token
    type: io.kestra.plugin.azure.oauth.OauthAccessToken
    tenantId: "{{ secret('AZURE_TENANT_ID') }}"
    clientId: "{{ secret('AZURE_CLIENT_ID') }}"
    clientSecret: "{{ secret('AZURE_CLIENT_SECRET') }}"

For more information on Azure authentication, see Azure Identity documentation.

Create automations with Azure Plugins

Azure Blob Storage file detection event triggers upload to BigQuery and dbt Cloud job
azuregcpdbt
Multi-cloud deployment pipeline with Docker, ngrok, GCP Cloud Run, and Azure Container Apps
devopsgitcligcpazure

More Plugins in this Category

core
Core
CoreStorageScript

112 Tasks

184 Blueprints

Resend
Resend

Plugin Resend for Kestra

Messaging

2 Tasks

MQTT
MQTT

This sub-group of plugins contains tasks for using a MQTT message broker.

Messaging

4 Tasks

OVERVIEW
Versions
1.3.0
Latest
November 19, 2025 Release Notes
Previous Versions
1.2.0November 17, 2025
1.1.4November 4, 2025
1.1.3November 4, 2025
1.1.2October 29, 2025
1.1.1October 29, 2025
1.0.2October 29, 2025
1.1.0October 14, 2025
1.0.1October 13, 2025
1.0.0September 8, 2025
0.24.1September 4, 2025
0.24.0August 5, 2025
0.24.0-rc1-SNAPSHOTJuly 31, 2025
0.24.0-rc0-SNAPSHOTJuly 29, 2025
0.23.0June 17, 2025
0.23.0-rc5-SNAPSHOTJune 16, 2025
0.23.0-rc4-SNAPSHOTJune 12, 2025
0.23.0-rc3-SNAPSHOTJune 10, 2025
0.23.0-rc2-SNAPSHOTJune 9, 2025
0.23.0-rc1-SNAPSHOTJune 4, 2025
0.23.0-rc0-SNAPSHOTJune 3, 2025
0.22.3June 3, 2025
0.22.2May 20, 2025
0.22.0April 1, 2025
0.22.0-rc4-SNAPSHOTMarch 31, 2025
0.22.0-rc2-SNAPSHOTMarch 28, 2025
0.22.0-rc1-SNAPSHOTMarch 25, 2025
0.21.2February 26, 2025
0.21.1February 25, 2025
0.21.0February 4, 2025

Created by

Kestra Core Team

Managed by

Kestra Core Team
Plugin Type
CloudMessagingStorageBatchTool
Links & Resources
Github