Skip to main content

Changelog

See what's new with Windmill.

Watch latest Windmill weekly keynotes

Weekly keynotes are hosted on Discord and Youtube on Friday at 5:45 pm CET+1.

See the Windmill roadmap and what's coming next

Roadmap

Azure Workload Identity Federation for Key Vault backend

EnterpriseInstance settings
Docs

Authenticate the Azure Key Vault secret backend with Workload Identity Federation, removing the need to store a long-lived client secret.

New features

  • Workload Identity Federation as an alternative to client_secret for the Azure Key Vault backend.
  • Auto-detected on AKS via the workload-identity webhook (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE).
  • Works on any OIDC-federated Kubernetes cluster (EKS, GKE, self-hosted).
  • Sovereign-cloud override via AZURE_AUTHORITY_HOST.
Changelog archive