我正在尝试编写一个Python脚本，从Azure Key Vault读取机密。在使用***SecretClient***类时，我遇到了身份验证的问题。
我的代码如下：
```python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
CREDENTIAL = DefaultAzureCredential()
client = SecretClient(
    vault_url="https://my_vault_name.vault.azure.net/",
    credential=CREDENTIAL
)
secret = client.get_secret('my_secret_name')

CREDENTIAL = azure.identity.ManagedIdentityCredential(managed_identity_client_id='my_managed_identity_client_id')

CREDENTIAL = ManagedIdentityCredential()

<details>
<summary>英文:</summary>
I am trying to write a python script to read secrets from Azure Key Vault. I am facing an issue with authentication when using ***SecretClient*** class.
My code is the below:

The error I am getting is as follows:
`EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured. Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot.this issue. 	`
`ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint. 	`
`SharedTokenCacheCredential: The current credential is not configured to acquire tokens for tenant 74******-****-****-****-**********62. To enable acquiring tokens for this tenant add it to the additionally_allowed_tenants when creating the credential, or add "*" to additionally_allowed_tenants to allow acquiring tokens for any tenant.`
I created Managed Identity in Azure Portal and 'assigned it' to my Key Vault with all possible permissions. 
I've tried the below as well:

and

but I'm getting the same *ManagedIdentityCredential* error as above.
Please note that I am trying to run the code on my local machine. What's more, I've tried using *DefaultAzureCredential()* class for scripts to upload a file to my blob or list all my resources and it works ok so it's seems like there is an issue with the *SecretClient* class specifically. I do not want to use environmental variables for security reasons as the script will be ran in prod environment.
I am also able to list my secrets using Azure CLI.
I would appreciate any ideas and tips on how to tackle this issue.
</details>
# 答案1
**得分**: 1
我决定更专注于以下错误消息：
&gt; *SharedTokenCacheCredential：当前凭据未配置为获取租户74******-****-****-****-**********62的令牌。要为此租户启用获取令牌，请在创建凭据时将其添加到additionally_allowed_tenants，或者将“*”添加到additionally_allowed_tenants以允许获取任何租户的令牌。*
我添加了一个参数如下：
    CREDENTIAL = DefaultAzureCredential(additionally_allowed_tenants=['*'])
它运行得很好。我在重新运行代码之前还使用了Azure CLI进行了日志记录，这可能也产生了影响。
感谢大家的评论/答案。
<details>
<summary>英文:</summary>
I decided to focus more on the following error msg:
&gt; *SharedTokenCacheCredential: The current credential is not configured to acquire tokens for tenant 74******-****-****-****-**********62. To
&gt; enable acquiring tokens for this tenant add it to the
&gt; additionally_allowed_tenants when creating the credential, or add &quot;*&quot;
&gt; to additionally_allowed_tenants to allow acquiring tokens for any
&gt; tenant.*
I have added a parameter as below:
    CREDENTIAL = DefaultAzureCredential(additionally_allowed_tenants=[&#39;*&#39;])
and it worked fine. I have also logged using Azure CLI before re-running the code so it might have had an impact as well.
Thank you all for the comments/answers.
</details>