Skip to content
Advertisement

Azure KeyVault: how to retrieve clientId, clientSecret and the tenantId for an existing Service Principal?

The cloud engineer in my organization has set up an Azure KeyVault and a Service Principal. I know the id of this Service Principal, but I also need clientId, clientSecret, and tenantId.

The documentation shows that these variables are exposed to you when you create a Service Principal using Azure CLI, but in my case, there is one already. I don’t have the credentials to create a new one, and frankly speaking, I don’t need to.

So, how can I retrieve the clientId, clientSecret, and tenantId associated with the existing Service Principal?

Advertisement

Answer

You can get the Service Principal’s Client Id and Tenant Id using CLI command like below:

az ad sp list --query "[].{id:appId, tenant:appOwnerTenantId}"

You can even get many more values of the Service Principals – refer to ServicePrincipalInner class.

Further, as mentioned in the comments, you cannot retrieve the Client Secret created by somebody else. You will have to reset it:

az ad sp credential reset --name APP_ID
Advertisement