Azure cli cant connect due to Invalid client secret provided

Question

Pipeline error code AADSTS7000215- Invalid client secret is provided. however, the client secret provided is correct because when I run the script locally and provide client secret in .env file it runs. However, creating a yaml file with azurecli I get the error.

- task: AzureCLI@2
  inputs:
    azureSubscription: 'Subscription'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: 'python script.py'
    workingDirectory: 'workingdirectory'

Full ERROR: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app

Answer 1

Client secrets for Service Principals have a maximum lifetime of two years

it’s necessary to update those from time to time. As it’s not completely straight-forward here’s a quick step-by-step guide on how to do it for connections of the type “Azure Resource Manager”.

• Go into Azure DevOps => Project settings => Service connections and find your broken connection.

• (this step is sometime not needed) From there select “Manage Service Principal” which will redirect you to the Azure Portal. In the Azure Portal go to Certificates & secrets. Here, create a new client secret and delete the expired secret.

• Back in Azure DevOps click “Edit” on your service connection. The verify button will still show an error.

• Make a change to the Description textbox and save without verifying again for the new secret to get registered.

• Now the verify button in the Edit pane should show that your connection has been fixed. Sometimes it takes a second and a few tries,

but eventually this has worked for me everytime.

Source: Azure DevOps: Renew expired Service Connection Secret Credit: Thomas Pentenrieder

Answer 2

Client secret error might be related to service connection you use. Did you verify that service connection and related SPN are properly configured?