Reputation: 167
Can I programmatically create new passwords for Azure Service Principals?
I am trying to make a program that does secret rotation for Azure resources. One of the secrets I want to rotate is a Service principal password. I was wondering if I have the ability to programmatically do the following:
- Make a new password for an existing service principal
- Delete a password for an existing service principal
I haven't been able to find anything in the docs for the C# sdk, the REST API, the cli, or Powershell. Any help would be appreciated. Thanks!
Upvotes: 3
Views: 2450
Answers (4)
Reputation: 176
Theres this little utility on Github, that rotates it through an azure function. C# code with Managed Identity
https://github.com/3mcloud/azure-keyvault-rotator
Upvotes: 1
Reputation: 91
That's relatively simple stuff that can be achieved with Azure CLI. Make sure you have Azure CLI 2.0 installed. To manage SP's use: az ad sp (check what it does with az ad sp --help).
To manage credentials use: az ad sp credential (it has delete/list/reset commands available). Using this CLI commands you should be able to achieve the desired effect.
Upvotes: 4
Reputation: 42123
Try the powershell command below.
Create new password: New-AzureADApplicationPasswordCredential
Delete a password: Remove-AzureADApplicationPasswordCredential
Upvotes: 0
Related Questions
- How do I retrieve the service principal password after creation using the azure cli?
- How to bulk create and update Azure Key Vault secrets using scripts?
- azure cli equivalent of Add-AzureADDirectoryRoleMember
- Is it possible to script the configuration of Azure App Service Authentication?
- How to set properties of Azure Active Directory service principal from code?
- Create service principal from azure cli
- Can Azure Service Principal Update Its Own Passwords?
- Azure AD - create a new Service Principal programmatically
- Automate Authentication to Azure as Service Principal using Windows Powershell
- Automated Azure Password change