How do I retrieve the service principal password after creation using the azure cli?

Question

When I create a service principal using the az cli tool like such

az ad sp create-for-rbac --name <name>

I get all the information printed

{
  "appId": "...",
  "displayName": "...",
  "name": "...",
  "password": "...",
  "tenant": "..."
}

That is all good, but how do I retrieve that information at a later point? Using

az ad sp list --display-name <name>

does give me almost what I want, but I'm missing the password. How do I retrieve the password without resetting it?

Answer 1

To get a password you can run this command instead

az ad sp create-for-rbac --name $NAME --query password -o tsv

And If you would like to get objectId or appId

You could run this command

# objectId
az ad sp list --display-name $NAME --query [].objectId -o tsv

# appId
az ad sp list --display-name $NAME --query [].appId -o tsv

Answer 2

How do I retrieve the password without reseting it?

In short, impossible.

When you use commond az ad sp create-for-rbac to create a service principal, output for a service principal with password authentication includes the password key. Make sure you copy this value - it can't be retrieved. If you forget the password, reset the service principal credentials.

As of Azure CLI 2.0.68, the --password parameter to create a service principal with a user-defined password is no longer supported to prevent the accidental use of weak passwords.

When use az ad sp show --id xxxxx to get the details of a service principal. (autogenerated) The passwordCredentials is always null, so, the password could only retrieve when created.