diff --git a/.devcontainer/script.sh b/.devcontainer/script.sh
index 9b95c42..d7aba4c 100644
--- a/.devcontainer/script.sh
+++ b/.devcontainer/script.sh
@@ -5,9 +5,9 @@ if [ -z "$ARM_CLIENT_ID" ]; then
     exit 0
 fi
 
-# Check if $ARM_CLIENT_SECRET exists
-if [ -z "$ARM_CLIENT_SECRET" ]; then
-    echo "ARM_CLIENT_SECRET is not set"
+# Check if either $ARM_CLIENT_SECRET or $ARM_CLIENT_CERTIFICATE is set
+if [ -z "$ARM_CLIENT_SECRET" ] && [ -z "$ARM_CLIENT_CERTIFICATE" ]; then
+    echo "Either ARM_CLIENT_SECRET or ARM_CLIENT_CERTIFICATE should be set"
     exit 0
 fi
 
@@ -23,4 +23,11 @@ if [ -z "$ARM_SUBSCRIPTION_ID" ]; then
     exit 0
 fi
 
-az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
\ No newline at end of file
+# If ARM_CLIENT_CERTIFICATE is set, decode it and save to a temp file
+if [ -n "$ARM_CLIENT_CERTIFICATE" ]; then
+    echo "$ARM_CLIENT_CERTIFICATE" | base64 -d > /tmp/certfile
+    az login --service-principal -u $ARM_CLIENT_ID --tenant $ARM_TENANT_ID -p /tmp/certfile
+else
+    # Otherwise, use ARM_CLIENT_SECRET
+    az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
+fi
diff --git a/README.md b/README.md
index 2d92f04..f9d6873 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,12 @@ The easiest way to run this sample is to run it creating a new [GitHub Codespace
     az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/<SUBSCRIPTION_ID>" -o json
     ```
 
+  Note: If your organization has a policy prohibiting Service Principals with passwords on the tenant, create a Service Principal with a certificate:
+
+    ```
+    az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/<SUBSCRIPTION_ID>" --create-cert -o json
+
+
 - In your github account go to Codespaces and Create a new Codespace with "Azure-Sample/azure-openai-terraform-deployment-sample" repository and select the main branch.
 
     ![codespace_create](./images/codespace-create.png)
@@ -32,6 +38,8 @@ The easiest way to run this sample is to run it creating a new [GitHub Codespace
 
     ![codespace_secrets](./images/codespace_secrets.png)
 
+  Note: if using Service Principal certificate set `ARM_CLIENT_CERTIFICATE` as `ARM_CLIENT_CERTIFICATE=$(cat cert-and-private-key.pem| base64)`
+
 - Follow this link to create a new [GitHub Codespace](https://codespaces.new/Azure-Samples/azure-openai-terraform-deployment-sample).
 
 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/Azure-Samples/azure-openai-terraform-deployment-sample)