Hi All - I need to generate API keys to access Rancher. Is it possible to authenticate to Rancher using an Azure AD Service Principle instead of an actual user account?

Possibly so, but the familiar pattern to me would be the Azure Service Principle having permission to read the Rancher API credential in secret store/vault.

Yeah, the issue is that we have a key person dependency - when someone generates an API key, it's tied to their Azure AD account they used to login to Rancher. I've tried using an SP to auth into Rancher to generate a Rancher API key, but there doesn't seem to be any support for using SPs in this way (this is not surprising either)