Azure Bastion session separation

Just another feature suggestion which would increase security and
decrease the risk of getting az logins muddled up. Which would
especially be risky for MSPs like ourselves where we deal with a lot of environments at the same time and where we absolutely need the ability for multi-tenancy.

If the az
login command is preceded by setting the environmental
variable AZURE_CONFIG_DIR, the login is only saved whenever the location
that variable is used as that’s where the cli stores and retrieves the
config for the current session.

So if you set $env:AZURE_CONFIG_DIR = ‘C:\temp’, the az login in that session will be saved to C:\temp.

Would
it be possible if RoyalTS creates a folder that is unique to the
used Azure Bastion Gateway and then sets this variable before executing
the az login command that uses that Bastion? These can automatically be
cleaned up after RoyalTS is closed so no tokens and config of the used
sessions remain.

I have tried adding this as a pre-connect task but unfortunately this does not work. I think this uses a different execution session than the az connect that Royal TS does when opening up the tunnel. It would be great to be able to set a config directory for each bastion host that you configure in Royal TS. Is there any other way we could accomplish this? Right now we have to reauthenticate every time we switch environments and our engineers may be working in as many as 6-10 at a time. This is really frustrating. Thanks!

Hi Tom,

the next release will have this on board.

Regards,
Stefan