To use driftctl, we need credentials to make authenticated requests to your Azure account. We retrieve configuration from environment variables.
You can check the Terraform documentation for a guide to configure Azure authentication.
You can also authenticate using az CLI. In that case you will only have
AZURE_SUBSCRIPTION_ID to specify:
driftctl needs to have read only access to your account, if you want to scan your whole Azure account you can set up the Reader role on your subscription.
You may want to scan only a resource group, you can assign Reader role only on some restricted resources groups too.