Menu
I have created a RBAC enabled service principal in Azure to configure Key Vault access within my OS using environment variables. When you create a service principal, the Azure CLI responds with the service principal details, containing the clientSecret value. Creation command:
az ad sp create-for-rbac -n <http://my-name> --sdk-auth
I would like to know if and how I can request the clientSecret later on. When I use
az ad sp show --id <my-service-principal-uuid>
or
az ad sp credential list --id <my-service-principal-uuid>
the clientSecret is not in the response information.
Is there any way to retrieve the clientSecret other than at the moment of creation?
346
You cannot retrieve it after creation. The best you can do is to reset it, at which point you will be shown the new value:
PS C:\> az ad sp credential reset --name foo
{
"appId": "...",
"name": "foo",
"password": "...",
"tenant": "..."
}
This means that you will need to update the credential manually wherever you've made use of it, for example in Azure DevOps if you've created an Azure RM service connection with that particular service principal.
138
You can get like below
SPA_SP_APP_ID=$(az ad sp create-for-rbac --name $AKS_SP_NAME --skip-assignment --query appId)
SPA_SP_SECRET=$(az ad sp credential reset --name $SPA_SP_APP_ID --query "password")
EDIT
As Moss Mentioned above, you cannot retrieve once it is created.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
