2

The cloud engineer in my organization has set up an Azure KeyVault and a Service Principal. I know the id of this Service Principal, but I also need clientId, clientSecret, and tenantId.

The documentation shows that these variables are exposed to you when you create a Service Principal using Azure CLI, but in my case, there is one already. I don't have the credentials to create a new one, and frankly speaking, I don't need to.

So, how can I retrieve the clientId, clientSecret, and tenantId associated with the existing Service Principal?

Zizzipupp
  • 1,301
  • 1
  • 11
  • 27
  • Client id and tenant id you can get, but client secret you cannot retrieve. It is shown once when the secret is created and can't be read from anywhere. You need a new secret if it is not available. – juunas Mar 04 '21 at 10:31
  • @juunas doesn't this mean that I need a new service principal to be created? – Zizzipupp Mar 04 '21 at 10:34
  • Just reset it https://learn.microsoft.com/en-us/cli/azure/ad/sp/credential?view=azure-cli-latest#az_ad_sp_credential_reset – silent Mar 04 '21 at 10:39

1 Answers1

3

You can get the Service Principal's Client Id and Tenant Id using CLI command like below:

az ad sp list --query "[].{id:appId, tenant:appOwnerTenantId}"

You can even get many more values of the Service Principals - refer to ServicePrincipalInner class.

Further, as mentioned in the comments, you cannot retrieve the Client Secret created by somebody else. You will have to reset it:

az ad sp credential reset --name APP_ID
Nimantha
  • 6,405
  • 6
  • 28
  • 69
Harshita Singh
  • 4,590
  • 1
  • 10
  • 13