How to pass Azure managed identity to Mongo Client Side field level encryption KMS provider

I have a working C# (dot net core) project using CSFLE, with local master key.
I am trying to setup using Azure Key vault. I do not have direct access to key vault client secret, tenant ID etc… in the code, as I am using azure app services with System managed Identity.
I can access key vault using Azure.Identity ( DefaultAzureCredential method) and pull the master key, and store as if its a local key and this works fine.

But to implement proper decryption of the datakeys on the KMS I need to somehow pass in the tenant info, client secret etc… to the Mongo driver, as per the docs…

var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>();

var azureTenantId = Environment.GetEnvironmentVariable("FLE_AZURE_TENANT_ID");
var azureClientId = Environment.GetEnvironmentVariable("FLE_AZURE_CLIENT_ID");
var azureClientSecret = Environment.GetEnvironmentVariable("FLE_AZURE_CLIENT_SECRET");
var azureKmsOptions = new Dictionary<string, object>
    { "tenantId", azureTenantId },
    { "clientId", azureClientId },
    { "clientSecret", azureClientSecret },

kmsProviders.Add("azure", azureKmsOptions);

Is there any way to provide an Azure identity object to the driver, without having to directly access and set the secret/clientId etc…??


Update - To workaround this problem, I ended up pulling the masterkey from KeyVault and storing as a local provider during the session for Mongo driver to use. Not ideal, but works for now.