CODEWITHSUNDEEP
azureazure-cli
mjwrazor
mjwrazor

Reputation: 1964

Azure subscription/service principal retrieve app_id and app secret for rbac role after creation

After creating an rbac role for the subscription or service principal you are given the app id and the app secret, but how do you retrieve these later?

For instance creating the rbac role

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"

You then get the reply of the reply of

{
  "appId": "{appid_hash}",
  "displayName": "----------------------------",
  "name": "http://----------------------------",
  "password": "{password_hash}",
  "tenant": "{tenant_hash}"
}

I am looking to find the passowrd and appId again but am finding it hard to figure that out. Any suggestions? Working through the cli would be preferable. I already know where to get the appId from the Portal but want to be able to retrieve this through a script if lost. Or do I just need to save these some place that can be retrieved.

And if so how is that done?

Upvotes: 1

Views: 595

Answers (1)

Setanta
Setanta

Reputation: 996

It's not possible to retrieve the password after creation:

Get existing service principle

az ad sp list or az ad sp show get the user and tenant, but not any authentication secrets or the authentication method. Secrets for certificates in Key Vault can be retrieved with az keyvault secret show, but no other secrets are stored by default. If you forget an authentication method or secret, reset the service principal credentials.

You can list other details of a service principle but you need to know either the name or the ID e.g:

az ad sp show --id "http://testsp"
az ad sp show --id "21cd9589-6f82-435b-9193-b5238fa194e4"

You can list all service principles with az ad sp list but you might have created a hundred of them. You should store the ID and secret securely and retrieve them later as required

Upvotes: 1

Related Questions