diff --git a/endpoints/2-cloud-endpoints.md b/endpoints/2-cloud-endpoints.md
index f398aa9..07561ae 100644
--- a/endpoints/2-cloud-endpoints.md
+++ b/endpoints/2-cloud-endpoints.md
@@ -45,7 +45,6 @@ Note that cloud credentials are validated only during async process.
 ]
 ```
 
-
 *   For AWS cloud:
 
 ```json
@@ -88,10 +87,11 @@ Note that cloud credentials are validated only during async process.
     "cloudProviderName": "azure",
     "cloudType": "PUBLIC",
     "subnet": null,
-    "securityGroup": "{{azure-securityGroup}}",
+    "securityGroup": null,
     "sshCredentials": {
-      "username": "{{azure-username}}",
+      "username": "ubuntu",
       "keyPairName": null,
+      "publicKey": "{{azure-publickey}}",
       "privateKey": "{{azure-password}}"
     },
     "endpoint": null,
@@ -105,7 +105,7 @@ Note that cloud credentials are validated only during async process.
       "user": "{{azure-user}}",
       "secret": "{{azure-secret}}",
       "domain": "{{azure-domain}}",
-      "subscriptionId": "{{azure-subscription}}"
+      "subscriptionId": "{{azure-subscription_id}}"
     },
     "blacklist": null
   }
@@ -134,7 +134,8 @@ Contains SSH access information for the cloud. For Open Stack and AWS should be
 
     - `username` (string): The SSH username.
     - `keyPairName` (string): The name of the key pair used for SSH access.
-    - `privateKey` (string or `null`): The private key in RSA format, with line breaks represented by `\n` for JSON compatibility. If not required, use `null`.
+    - `publicKey` (string or `null`): The public key in RSA format. If not required, use `null`.
+    - `privateKey` (string or `null`): The private key in RSA format, with line breaks represented by `\n` for JSON compatibility. If not required, use `null`. For Azure, set it to the VM ssh password.
 
 - `endpoint` (string or `null`):
     The authentication endpoint for the cloud provider. For OpenStack, use your specific authentication URL. AWS and Azure does not require this field, so it can be `null`.
@@ -155,10 +156,11 @@ Contains authentication details for accessing the cloud. The fields are:
 
   - `user` (string): The cloud username or access key.
   - `secret` (string): The cloud password or secret access key.
-  - `domain` (string or `null`): The domain for the cloud account, required by OpenStack and Azure. For AWS, set this to `null`.
-  - `subscriptionId` (string or `null`): This field is used only for the Azure cloud, For Open Stack and AWS, set this to `null`.
+  - `domain` (string or `null`): The domain for the cloud account, required by OpenStack. For AWS, set this to `null`.
+  - `subscriptionId` (string or `null`): The subscription id for the cloud account, required by Azure. For AWS and OpenStack, set this to `null`.
 
-- `blacklist` (string or `null`): Allows you to specify any blacklisted regions (e.g. locations). Use `null` if not applicable.
+- `blacklist` (string or `null`):
+Allows you to specify any blacklisted regions (e.g. locations). Use `null` if not applicable.
 
 #### 2.2- GetAllClouds endpoint:
 
diff --git a/sal-common/src/main/java/org/ow2/proactive/sal/model/SSHCredentials.java b/sal-common/src/main/java/org/ow2/proactive/sal/model/SSHCredentials.java
index e3c2981..d1970fc 100644
--- a/sal-common/src/main/java/org/ow2/proactive/sal/model/SSHCredentials.java
+++ b/sal-common/src/main/java/org/ow2/proactive/sal/model/SSHCredentials.java
@@ -33,6 +33,11 @@ public class SSHCredentials implements Serializable {
     @JsonProperty("keyPairName")
     private String keyPairName = null;
 
+    @Lob
+    @Column(name = "PUBLIC_KEY")
+    @JsonProperty("publicKey")
+    private String publicKey = null;
+
     @Lob
     @Column(name = "PRIVATE_KEY")
     @JsonProperty("privateKey")
@@ -49,11 +54,12 @@ public boolean equals(Object o) {
         SSHCredentials sshCredentials = (SSHCredentials) o;
         return Objects.equals(this.username, sshCredentials.username) &&
                Objects.equals(this.keyPairName, sshCredentials.keyPairName) &&
+               Objects.equals(this.publicKey, sshCredentials.publicKey) &&
                Objects.equals(this.privateKey, sshCredentials.privateKey);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(username, keyPairName, privateKey);
+        return Objects.hash(username, keyPairName, publicKey, privateKey);
     }
 }
diff --git a/sal-service/src/main/java/org/ow2/proactive/sal/service/service/CloudService.java b/sal-service/src/main/java/org/ow2/proactive/sal/service/service/CloudService.java
index ac7cf36..c222a85 100644
--- a/sal-service/src/main/java/org/ow2/proactive/sal/service/service/CloudService.java
+++ b/sal-service/src/main/java/org/ow2/proactive/sal/service/service/CloudService.java
@@ -460,8 +460,15 @@ private Credentials hideCredentials(Credentials creds) {
     private SSHCredentials hideSshCredentials(SSHCredentials creds) {
         SSHCredentials newCreds = new SSHCredentials();
         if (creds != null) {
-            newCreds.setKeyPairName(creds.getKeyPairName());
-            newCreds.setUsername(creds.getUsername());
+            if (creds.getUsername() != null) {
+                newCreds.setUsername(creds.getUsername());
+            }
+            if (creds.getKeyPairName() != null) {
+                newCreds.setKeyPairName(creds.getKeyPairName());
+            }
+            if (creds.getPublicKey() != null) {
+                newCreds.setPublicKey(creds.getPublicKey());
+            }
             if (creds.getPrivateKey() != null) {
                 newCreds.setPrivateKey(hideString(creds.getPrivateKey(), 3));
             }
diff --git a/sal-service/src/main/java/org/ow2/proactive/sal/service/service/NodeService.java b/sal-service/src/main/java/org/ow2/proactive/sal/service/service/NodeService.java
index 93da6c9..0d09fc8 100644
--- a/sal-service/src/main/java/org/ow2/proactive/sal/service/service/NodeService.java
+++ b/sal-service/src/main/java/org/ow2/proactive/sal/service/service/NodeService.java
@@ -248,6 +248,7 @@ private void defineNSWithDeploymentInfo(String nodeSourceName, PACloud cloud, De
                     variables.put("vmSizeType", deployment.getNode().getNodeCandidate().getHardware().getProviderId());
                     variables.put("vmUsername", cloud.getSshCredentials().getUsername());
                     variables.put("vmPassword", cloud.getSshCredentials().getPrivateKey());
+                    variables.put("vmPublicKey", cloud.getSshCredentials().getPublicKey());
                     variables.put("region", deployment.getNode().getNodeCandidate().getLocation().getName());
                     break;
                 default:
diff --git a/sal-service/src/main/resources/Define_NS_Azure.xml b/sal-service/src/main/resources/Define_NS_Azure.xml
index 473b308..03ff0ba 100644
--- a/sal-service/src/main/resources/Define_NS_Azure.xml
+++ b/sal-service/src/main/resources/Define_NS_Azure.xml
@@ -17,7 +17,7 @@
     <variable name="imageOSType" value=""     />
     <variable name="vmSizeType" value=""     />
     <variable name="vmUsername" value=""     />
-    <variable name="vmPassword" value=""     />
+    <variable name="vmPassword" value="" model="PA:HIDDEN"    />
     <variable name="vmPublicKey" value=""     />
     <variable name="resourceGroup" value=""     />
     <variable name="region" value=""     />