feat(storage-azure): add support for managed identities

[pbr1111]

What?

Add support for Azure managed identities authentication to the @payloadcms/storage-azure plugin by introducing a new credentials option that accepts TokenCredential objects from @azure/identity.

Why?

Currently, the Azure Storage plugin only supports connection string authentication, which has security limitations:

• Connection strings contain sensitive access keys that need to be stored as environment variables
• They don't leverage Azure's native identity and access management capabilities
• In production environments, User-managed identities are often preferred for better security and easier credential management

This enhancement allows users to authenticate using Azure's identity-based authentication methods, providing a more secure and flexible authentication approach and it is the recommended way to instantiate a BlobServiceClient according to Microsoft's documentation.

How?

1. Added new optional credentials property to AzureStorageOptions type:

   credentials?: TokenCredential

2. Updated authentication logic in getStorageClient utility to support both authentication methods:

   • If connectionString is provided, use connection string authentication (existing behavior)
   • If credentials is provided, use identity-based authentication with the base URL

3. Maintained backward compatibility - existing configurations using connectionString continue to work unchanged

[pablocoberly]

This looks really useful and more secure than using the connection string. Any idea what happened to this @pbr1111? Just waiting for review?

[pablocoberly]

This similar PR from April got closed #12004

[pbr1111]

This looks really useful and more secure than using the connection string. Any idea what happened to this @pbr1111? Just waiting for review?

Yes, I'm currently awaiting review

[valeriocomo]

hi @denolfe! Just checking if there are any updates on this PR. This feature would be really useful.