The cloud engineer in my organization has set up an Azure KeyVault and a Service Principal. I know the id of this Service Principal, but I also need clientId, clientSecret, and tenantId.
The documentation shows that these variables are exposed to you when you create a Service Principal using Azure CLI, but in my case, there is one already. I don’t have the credentials to create a new one, and frankly speaking, I don’t need to.
So, how can I retrieve the clientId, clientSecret, and tenantId associated with the existing Service Principal?
Advertisement
Answer
You can get the Service Principal’s Client Id and Tenant Id using CLI command like below:
az ad sp list --query "[].{id:appId, tenant:appOwnerTenantId}"
You can even get many more values of the Service Principals – refer to ServicePrincipalInner class.
Further, as mentioned in the comments, you cannot retrieve the Client Secret created by somebody else. You will have to reset it:
az ad sp credential reset --name APP_ID