From 48dcf5e5fb3f6de818dd3d05ea77370c84dc8fa4 Mon Sep 17 00:00:00 2001
From: Gal Salomon <gasalomo@akamai.com>
Date: Mon, 11 May 2026 12:00:58 +0300
Subject: [PATCH] encryption/azure_vault: fix Azure key_provider ignores
 'tenant_id' and 'subscription_id'

Resolves #4090

Signed-off-by: Gal Salomon <gasalomo@akamai.com>
---
 internal/encryption/keyprovider/azure_vault/config.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/encryption/keyprovider/azure_vault/config.go b/internal/encryption/keyprovider/azure_vault/config.go
index dd6a965520..2039612a09 100644
--- a/internal/encryption/keyprovider/azure_vault/config.go
+++ b/internal/encryption/keyprovider/azure_vault/config.go
@@ -176,8 +176,8 @@ func (c Config) Build() (keyprovider.KeyProvider, keyprovider.KeyMeta, error) {
 		},
 		StorageAddresses: auth.StorageAddresses{
 			CloudConfig:    cloudConfig,
-			SubscriptionID: stringAttrEnvFallback(c.OIDCToken, "ARM_SUBSCRIPTION_ID"),
-			TenantID:       stringAttrEnvFallback(c.OIDCToken, "ARM_TENANT_ID"),
+			SubscriptionID: stringAttrEnvFallback(c.SubscriptionID, "ARM_SUBSCRIPTION_ID"),
+			TenantID:       stringAttrEnvFallback(c.TenantID, "ARM_TENANT_ID"),
 		},
 		WorkloadIdentityAuthConfig: auth.WorkloadIdentityAuthConfig{
 			UseAKSWorkloadIdentity: c.UseAKS,