Azure Create Client Secret with predetermined value

Question

When generating a Client Secret in Azure, is it possible to give it a value yourself? Or is it mandatory that Azure generate the secret itself and you copy it?

The reason I'm asking this is because I'm managing a platform that is using a specific client secret that recently expired, but to update the client secret value, it I'd need to do a full redeployment and it'd be best to wait for that one until the start of February due to several reasons.

Answer 1

Unfortunately no, you cannot. At least not when you're using the Azure Portal. If you do that, the secret is automatically generated by the platform.

After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

Taken from Create a new application secret.

Also, in other pieces of documentation, the client secret is described as:

The client secret that you generated for your app in the app registration portal.

or mentioned as

[...] you can get the client ID (Application ID) and generate the client secret (key) values.

Based on what you need it for, you could look into using either certificates or Managed identities for Azure Resources.

EDIT:
You can, hoewever, use the Azure CLI like Joy specified in this answer.

Answer 2

Actually, you can. Just need to use the Azure CLI az ad app credential reset, make sure you have installed the Azure CLI first.

My test sample:

If you want to create a new client secret, just use the --append parameter.

az ad app credential reset --id "<application id or object id>" --password "Password12345678!"

---

After creating the secret, we try to use it to login, it works fine.

az login --service-principal --username '<application id>' --password 'Password12345678!' --tenant '<tenant id>'