CODEWITHSUNDEEP
azureazure-active-directory
opticyclic
opticyclic

Reputation: 8154

How Do I Query Azure Active Directory For An Application Client Secret?

I need to link my API Management with an Azure Active Directory Identity Provider.

In order to do that I have to use the REST API which requires the client secret as a part of the body:

https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/identityprovider/createorupdate

I don't want to check in the client secret to source control so I thought I would retrieve the client secret from Active Directory on the fly:

When I try to list the app credentials with az ad app credential list --id xxxx-my-long-id-xxx it doesn't return the secret:

[
  {
    "additionalProperties": null,
    "customKeyIdentifier": null,
    "endDate": "2020-08-16T14:11:44.782000+00:00",
    "keyId": "xxxxx-xxxx-x-xxx--xx-xxxxx",
    "startDate": "2019-08-16T14:11:53.862000+00:00",
    "value": null
  }
]

Is there an alternative way to get the client secret?

Maybe via the rest api?

Upvotes: 2

Views: 891

Answers (2)

Dmitri M
Dmitri M

Reputation: 1176

You can't see it after creation, however you can save it to Azure Key Vault and pull the value from there each time you need to make a request.

Upvotes: 0

Charles Xu
Charles Xu

Reputation: 31462

For the service principal secret, you can just get it to see in the creation time. You will never see it anyway after the creation time. So if you forget the service principal secret, you just can reset the secret and then you can get a new one. You can see the messages here:

Make sure you copy this value - it can't be retrieved. If you forget the password, reset the service principal credentials.

The reset command here:

az ad sp credential reset --name yourApplicationName

For more details about the command, see az ad sp credential reset.

Upvotes: 2

Related Questions