diff --git a/.env.sample b/.env.sample
index ce598f2..d4e4b04 100644
--- a/.env.sample
+++ b/.env.sample
@@ -59,18 +59,15 @@ COMPOSE_FILE="compose.yml"
 #SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
 
 ## Azure, https://azure.com
+## To insert your Azure client secret:
+## abra app secret insert {myapp.example.coop} azure_secret v1 "<CLIENT_SECRET>"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
-#AZURE_TENANT_ID_FILE=/run/secrets/AZURE_TENANT_ID
-#AZURE_CLIENT_ID_FILE=/run/secrets/AZURE_CLIENT_ID
-#AZURE_CLIENT_SECRET_FILE=/run/secrets/AZURE_CLIENT_SECRET
-#AZURE_SUBSCRIPTION_ID_FILE=/run/secrets/AZURE_SUBSCRIPTION_ID
-#AZURE_RESOURCE_GROUP_FILE=/run/secrets/AZURE_RESOURCE_GROUP
-
-#SECRET_AZURE_TENANT_ID_VERSION=v1
-#SECRET_AZURE_CLIENT_ID_VERSION=v1
-#SECRET_AZURE_CLIENT_SECRET_VERSION=v1
-#SECRET_AZURE_SUBSCRIPTION_ID_VERSION=v1
-#SECRET_AZURE_RESOURCE_GROUP_VERSION=v1
+#AZURE_ENABLED=1
+#AZURE_TENANT_ID=
+#AZURE_CLIENT_ID=
+#AZURE_SUBSCRIPTION_ID=
+#AZURE_RESOURCE_GROUP=
+#SECRET_AZURE_SECRET_VERSION=v1
 
 #####################################################################
 # Manual wildcard certificate insertion                             #
diff --git a/compose.azure.yml b/compose.azure.yml
index a069bca..4faf82c 100644
--- a/compose.azure.yml
+++ b/compose.azure.yml
@@ -3,31 +3,15 @@ version: "3.8"
 services:
   app:
     environment:
-      - AZURE_TENANT_ID_FILE=${AZURE_TENANT_ID_FILE}
-      - AZURE_CLIENT_ID_FILE=${AZURE_CLIENT_ID_FILE}
-      - AZURE_CLIENT_SECRET_FILE=${AZURE_CLIENT_SECRET_FILE}
-      - AZURE_SUBSCRIPTION_ID_FILE=${AZURE_SUBSCRIPTION_ID_FILE}
-      - AZURE_RESOURCE_GROUP_FILE=${AZURE_RESOURCE_GROUP_FILE}
-    secrets:
       - AZURE_TENANT_ID
       - AZURE_CLIENT_ID
-      - AZURE_CLIENT_SECRET
       - AZURE_SUBSCRIPTION_ID
       - AZURE_RESOURCE_GROUP
+      - AZURE_CLIENT_SECRET_FILE=/run/secrets/azure_secret
+    secrets:
+      - azure_secret
 
 secrets:
-  AZURE_TENANT_ID:
-    name: ${STACK_NAME}_AZURE_TENANT_ID_${SECRET_AZURE_TENANT_ID_VERSION}
+  azure_secret:
+    name: ${STACK_NAME}_azure_secret_${SECRET_AZURE_CLIENT_SECRET_VERSION}
     external: true
-  AZURE_CLIENT_ID:
-    name: ${STACK_NAME}_AZURE_CLIENT_ID_${SECRET_AZURE_CLIENT_ID_VERSION}
-    external: true
-  AZURE_CLIENT_SECRET:
-    name: ${STACK_NAME}_AZURE_CLIENT_SECRET_${SECRET_AZURE_CLIENT_SECRET_VERSION}
-    external: true
-  AZURE_SUBSCRIPTION_ID:
-    name: ${STACK_NAME}_AZURE_SUBSCRIPTION_ID_${SECRET_AZURE_SUBSCRIPTION_ID_VERSION}
-    external: true
-  AZURE_RESOURCE_GROUP:
-    name: ${STACK_NAME}_AZURE_RESOURCE_GROUP_${SECRET_AZURE_RESOURCE_GROUP_VERSION}
-    external: true
\ No newline at end of file
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index f4e6232..8da044b 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
 {{ end }}
 
+{{ if eq (env "AZURE_ENABLED") "1" }}
+export AZURE_CLIENT_SECRET=$(cat "$AZURE_CLIENT_SECRET_FILE")
+{{ end }}
+
 /entrypoint.sh "$@"