CLI Reference

Complete command-line interface documentation for azd exec.

Overview

The azd exec extension provides commands to execute scripts with Azure Developer CLI environment context.

Terminal window
azd exec [command] [flags]

Available Commands

exec <script>

Execute a script file or inline command with Azure context

azd exec ./script.sh

version

Show azd exec version information

azd exec version

Command Usage

Terminal window
azd exec [flags-before-script] <script-file-or-command> [script-args...]

Place azd exec flags (e.g., --cwd, --debug, --environment) before the script. Everything after the script is passed through to the script; the -- separator is optional.

Basic Examples

Terminal window
# Execute a script file
azd exec ./deploy.sh


# Execute an inline command
azd exec 'echo "Environment: $AZURE_ENV_NAME"'


# Pass arguments to the script
azd exec ./build.sh --verbose --config release


# Specify shell explicitly
azd exec --shell pwsh ./setup.ps1

Execution Flags

Control how scripts are executed:

Flag Short Description
--shell -s Shell to use for execution: bash, sh, zsh, pwsh, powershell, cmd. Auto-detected from file extension or shebang if not specified.
--interactive -i Run script in interactive mode, enabling user input and prompts.
--stop-on-keyvault-error Fail-fast: stop execution when any Key Vault reference fails to resolve.

Global Flags

These flags are inherited from azd and available for all commands:

Flag Short Description
--output -o Output format: default or json
--debug Enable debug mode with verbose logging
--no-prompt Disable prompts and use default values
--cwd -C Sets the current working directory before execution
--environment -e The name of the azd environment to use
--help -h Show help for any command

Azure Key Vault Integration

azd exec automatically resolves Azure Key Vault references in environment variables before running your script.

Supported Reference Formats

Terminal window
# Format 1: SecretUri
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret)
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret/abc123)


# Format 2: VaultName and SecretName
@Microsoft.KeyVault(VaultName=myvault;SecretName=my-secret)
@Microsoft.KeyVault(VaultName=myvault;SecretName=my-secret;SecretVersion=abc123)


# Format 3: azd akvs URI (used internally by azd)
akvs://c3b3091e-400e-43a7-8ee5-e6e8cefdbebf/myvault/my-secret

Authentication

Key Vault resolution uses the same Azure credentials as azd:

  • Azure CLI (az login)
  • Managed Identity (when running on Azure)
  • Service Principal (environment variables)
  • Visual Studio / VS Code authentication

Error Handling

If Key Vault resolution fails (secret not found, no access, etc.):

  • Warning displayed to stderr (secret values are never printed)
  • azd exec continues resolving other Key Vault references
  • Successfully resolved secrets are substituted with their values
  • Failed references remain unchanged

To fail-fast (abort on the first Key Vault resolution error), use --stop-on-keyvault-error.

Example Workflow

Terminal window
# 1. Store secret in Key Vault
az keyvault secret set --vault-name myvault --name db-password --value "Secret123!"


# 2. Set environment variable with Key Vault reference
azd env set-secret DB_PASSWORD


# 3. Use in script (automatically resolved)
azd exec 'echo "Password length: ${#DB_PASSWORD}"'

Examples

Basic Execution

Terminal window
# Execute a script file
azd exec ./deploy.sh


# Execute an inline command
azd exec 'echo "Environment: $AZURE_ENV_NAME"'


# Show version
azd exec version

Shell Specification

Terminal window
# Specify PowerShell
      azd exec --shell pwsh ./deploy.ps1


# Inline PowerShell command
      azd exec --shell pwsh 'Write-Host "Hello from $env:AZURE_ENV_NAME"'


# Force bash for a .sh file
      azd exec --shell bash ./script.sh

Script Arguments

Terminal window
# Pass arguments to the script
      azd exec ./build.sh --verbose --config release


# Multiple arguments
      azd exec ./deploy.sh production --force --no-cache

Interactive Mode

Terminal window
# Run script in interactive mode
      azd exec --interactive ./interactive-setup.sh


# Interactive PowerShell script
      azd exec --shell pwsh --interactive ./wizard.ps1

Multi-Environment Deployment

Terminal window
# Deploy to development environment
      azd exec --environment dev ./deploy.sh


# Deploy to production
      azd exec --environment prod ./deploy.sh

Debugging

Terminal window
# Enable debug logging
      azd exec --debug ./deploy.sh


# Check available environment variables
      azd exec --debug 'env | grep AZURE_'

Working with Key Vault

Terminal window
# Set Key Vault reference
azd env set-secret API_KEY


# Script automatically gets the resolved secret value
azd exec ./deploy.sh


# Fail-fast on Key Vault errors
azd exec --stop-on-keyvault-error ./deploy.sh

Environment Variables

azd exec automatically provides these environment variables to your scripts:

Variable Description Example
AZURE_ENV_NAME Azure environment name from azd dev, staging, prod
AZURE_SUBSCRIPTION_ID Active Azure subscription ID 12345678-1234-...
AZURE_LOCATION Azure region for resources eastus, westeurope
AZURE_RESOURCE_GROUP Resource group name (if configured) rg-myapp-dev
AZURE_TENANT_ID Azure AD tenant ID 87654321-4321-...

Additionally, all variables from your .env file are loaded.

Exit Codes

azd exec uses these exit codes:

Code Meaning
0 Success - script executed without errors
1 Script execution failed or script not found
2 Invalid arguments or configuration
Non-zero Exit code from the executed script

Related Documentation

Getting Started Examples Security Guidelines