diff --git a/Makefile b/Makefile
index 335ff5ee4..c74ae3682 100644
--- a/Makefile
+++ b/Makefile
@@ -352,6 +352,10 @@ dev-vsphere-creds: envsubst
 
 dev-eks-creds: dev-aws-creds
 
+.PHONY: dev-aks-creds
+dev-aks-creds: envsubst
+	@NAMESPACE=$(NAMESPACE) $(ENVSUBST) -no-unset -i config/dev/aks-credentials.yaml | $(KUBECTL) apply -f -
+
 .PHONY: dev-apply ## Apply the development environment by deploying the kind cluster, local registry and the HMC helm chart.
 dev-apply: kind-deploy registry-deploy dev-push dev-deploy dev-templates dev-release
 
diff --git a/config/dev/aks-clusterdeployment.yaml b/config/dev/aks-clusterdeployment.yaml
new file mode 100644
index 000000000..ecbef22f2
--- /dev/null
+++ b/config/dev/aks-clusterdeployment.yaml
@@ -0,0 +1,18 @@
+apiVersion: hmc.mirantis.com/v1alpha1
+kind: ClusterDeployment
+metadata:
+  name: azure-aks-dev
+  namespace: ${NAMESPACE}
+spec:
+  template: azure-aks-0-0-1
+  credential: azure-aks-credential
+  propagateCredentials: false
+  config:
+    location: "westus"
+    machinePools:
+      system:
+        count: 1
+        vmSize: Standard_A4_v2
+      user:
+        count: 1
+        vmSize: Standard_A4_v2
diff --git a/config/dev/aks-credentials.yaml b/config/dev/aks-credentials.yaml
new file mode 100644
index 000000000..0632111c6
--- /dev/null
+++ b/config/dev/aks-credentials.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: azure-aks-credential
+  namespace: ${NAMESPACE}
+stringData:
+  AZURE_CLIENT_ID: "${AZURE_CLIENT_ID}"
+  AZURE_CLIENT_SECRET: "${AZURE_CLIENT_SECRET}"
+  AZURE_SUBSCRIPTION_ID: "${AZURE_SUBSCRIPTION_ID}"
+  AZURE_TENANT_ID: "${AZURE_TENANT_ID}"
+type: Opaque
+---
+apiVersion: hmc.mirantis.com/v1alpha1
+kind: Credential
+metadata:
+  name: azure-aks-credential
+  namespace: ${NAMESPACE}
+spec:
+  description: Azure AKS credentials
+  identityRef:
+    apiVersion: v1
+    kind: Secret
+    name: azure-aks-credential
+    namespace: ${NAMESPACE}
diff --git a/internal/webhook/clusterdeployment_webhook.go b/internal/webhook/clusterdeployment_webhook.go
index ef8923c7c..0ae339121 100644
--- a/internal/webhook/clusterdeployment_webhook.go
+++ b/internal/webhook/clusterdeployment_webhook.go
@@ -277,7 +277,8 @@ func isCredMatchTemplate(cred *hmcv1alpha1.Credential, template *hmcv1alpha1.Clu
 				return errMsg(provider)
 			}
 		case "infrastructure-azure":
-			if idtyKind != "AzureClusterIdentity" {
+			if idtyKind != "AzureClusterIdentity" &&
+				idtyKind != "Secret" {
 				return errMsg(provider)
 			}
 		case "infrastructure-vsphere":