Effortless Selenium Tests with Azure Managed Identity for Blob Storage Access
Effortless Selenium Tests with Azure Managed Identity for Blob Storage Access

Access Azure Blob Storage with Managed Identity in Selenium Java Automation for Local and GitHub Actions Runs

Securely run Selenium Java tests using Azure Managed Identity to access Blob Storage locally or via GitHub Actions CI/CD.6 min


When running Selenium-based Java automation tests, we often rely on external storage platforms, such as Azure Blob Storage, to manage test data or artifacts.

Using traditional access keys or credentials embedded in your application is risky and can lead to security vulnerabilities. A secure and scalable approach is to authenticate with Azure Blob Storage via Managed Identity, especially when automating tests locally or through CI/CD pipelines like GitHub Actions.

Getting Familiar with Azure Blob Storage

Azure Blob Storage is Microsoft’s cloud-based solution designed for storing massive amounts of unstructured data such as images, documents, backups, or log files. It provides convenient methods for uploading, downloading, and managing data through HTTP/HTTPS protocols, SDKs, and REST APIs.

Common access methods include using Shared Access Signatures (SAS tokens), access keys, or Azure Active Directory authentication. Among these, Azure Active Directory managed identities stand out due to their enhanced security features.

Exploring Managed Identity in Azure

Managed Identity is a unique Azure Active Directory feature that authenticates applications running on Azure resources. With Managed Identity, services such as web apps and virtual machines securely access other Azure resources like Azure Blob Storage without storing sensitive credentials or keys explicitly in the application code.

Implementing a managed identity ensures that credentials are derived at runtime automatically by Azure’s infrastructure. This greatly reduces the risk of credential theft or misuse.

Key Advantages:

  • Eliminates sensitive information or credentials stored in code or configuration files.
  • Simplifies authentication and authorization processes.
  • Reduces manual rotation and management of keys and secrets.

Setting Up Managed Identity for Your Selenium Java Automation

To start, head over to the Azure Portal and navigate to your application resource (e.g., Azure App Service or Azure VM). Open the Identity blade and enable the system-assigned managed identity toggle. Azure automatically generates an identity tied specifically to your resource.

Next, you must assign this identity permissions to access your Blob Storage containers. In the Azure Blob Storage service, go to the Access Control (IAM) section and assign the appropriate “Storage Blob Data Contributor” or “Storage Blob Data Reader” role to your newly created managed identity.

Local Automation Run—Azure Authentication via Managed Identity

Azure provides convenient SDK libraries (like the Azure SDK for Java) that include built-in Managed Identity credential support. Update your Selenium Java Automation code to use credentials from the managed identity provided by your environment as follows:

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()   
    .endpoint("https://.blob.core.windows.net")
    .credential(new DefaultAzureCredentialBuilder().build())
    .buildClient();

BlobContainerClient containerClient = blobServiceClient.getBlobContainerClient("automation-testdata");
BlobClient blobClient = containerClient.getBlobClient("test-data-file.json");

blobClient.downloadToFile("downloaded-test-data.json");

In local runs, Managed Identity usually leverages your local Azure login session, Azure CLI authentication, or environment variables configured beforehand. Before running tests locally, verify your Azure CLI is logged in by executing:

az login

If you haven’t yet installed Azure CLI locally, you can refer to Microsoft’s Azure CLI Installation Guide.

Using Managed Identity in GitHub Actions Pipelines

GitHub Actions are powerful workflows that run inside randomly assigned virtual machines managed by GitHub. Because these virtual environments do not inherently support Azure’s Managed Identity feature directly, additional steps are required.

The main challenge is ensuring the Azure-managed identity can authenticate without storing sensitive keys or secrets in your GitHub repository. A practical solution is using OpenID Connect (OIDC) federation to allow GitHub Actions workflows to access Azure resources securely and dynamically.

You can configure Azure AD to trust GitHub Actions through federated identity directly:

  • Create an Azure AD application registration with federated credentials pointing to your GitHub repository and workflows.
  • Add this application to the IAM roles on your Azure Blob Storage account.

Configure your GitHub Actions workflow YAML like this:

jobs:
  run-tests:
    runs-on: ubuntu-latest

    permissions:
      id-token: write
      contents: read

    steps:
    - uses: actions/checkout@v4

    - uses: azure/login@v2
      with:
        client-id: ${{ secrets.AZURE_CLIENT_ID }}
        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

    - name: Set up JDK 11
      uses: actions/setup-java@v3
      with:
        java-version: '11'
        distribution: 'temurin'

    - name: Run Selenium Java Automation Tests
      run: |
        ./gradlew test

With this setup, your randomly assigned GitHub Actions instances securely authenticate with Azure Blob Storage without explicit credentials, thanks to GitHub Actions’ OIDC support.

After configuring your workflow, Selenium Java Automation scripts using DefaultAzureCredentialBuilder() will automatically detect managed credentials, whether locally authenticated or on GitHub-hosted runners.

Validating Automation Run in GitHub Actions Pipeline

Running tests on dynamically provisioned runners in GitHub Actions makes it essential to verify your infrastructure’s connectivity. Ensure that your Selenium automation script communicates successfully with Azure Blob Storage.

Consider adding assertions or logs to check the accessibility of the blob files:

if (blobClient.exists()) {
    blobClient.downloadToFile("downloaded-file.json");
    System.out.println("File downloaded successfully.");
} else {
    throw new RuntimeException("Blob file does not exist.");
}

Above code snippets show a basic pattern to help verify accessibility during automation runs.

Best Practices & Tips

When using Managed Identity with Azure Blob Storage, consider these points:

  • Security: Limit permissions assigned to your managed identities—principle of least privilege.
  • Auditing: Regularly review your identity assignments and usage logs within Azure Monitor.
  • Performance: Use efficient retrieval and caching techniques locally. Minimize unnecessary downloads in automation scripts.

Where Do We Go from Here?

Azure Managed Identity significantly simplifies security aspects in Selenium Java Automation tests, specifically when integrating cloud storage such as Azure Blob Storage. It secures your automation environment, both locally and within GitHub Actions CI/CD pipelines.

As more infrastructure moves securely into cloud platforms like Azure and CI/CD workflows like GitHub Actions, this Managed Identity approach can become a standard security practice, enhancing robust automation testing.

Have you tried integrating Managed Identity with your Azure-backed Selenium automation? Share your insights or challenges in the comments below!


Like it? Share with your friends!

Shivateja Keerthi
Hey there! I'm Shivateja Keerthi, a full-stack developer who loves diving deep into code, fixing tricky bugs, and figuring out why things break. I mainly work with JavaScript and Python, and I enjoy sharing everything I learn - especially about debugging, troubleshooting errors, and making development smoother. If you've ever struggled with weird bugs or just want to get better at coding, you're in the right place. Through my blog, I share tips, solutions, and insights to help you code smarter and debug faster. Let’s make coding less frustrating and more fun! My LinkedIn Follow Me on X

0 Comments

Your email address will not be published. Required fields are marked *