[英]How to retrieve Azure Service Principal's secret in Powershell 7
I recently started using PowerShell 7.x and I've came around some problems.我最近开始使用 PowerShell 7.x 并且遇到了一些问题。 I am not able to retrieve the secret of my service principal when I create it through PowerShell 7. The return body does not give the "Secret" property.当我通过 PowerShell 7 创建服务主体时,我无法检索服务主体的机密。返回正文未提供“机密”属性。 I used to work with PowerShell 5.x and I used to get a "Secret" property in the return object after creating a service principal.我曾经使用 PowerShell 5.x,并且在创建服务主体后,我曾经在返回 object 中获得“秘密”属性。 I've added the screenshots of creating service principal through both PowerShell 7.x and PowerShell 5.x.我添加了通过 PowerShell 7.x 和 PowerShell 5.x 创建服务主体的屏幕截图。
As you can see while working with Powershell 5 I could just use an object and save the returned object in it and access the secret like:正如您在使用 Powershell 5 时看到的那样,我可以只使用 object 并在其中保存返回的 object 并访问如下秘密:
$sp = New-AzADServicePrincipal -DisplayName "xyz"
$secret = $sp.Secret
$plainSecret = convertFromSecureString $secret
convertFromSecrureString
is just a basic function which converts the secret to plain text
. convertFromSecrureString
只是一个基本的 function ,它将秘密转换为plain text
。
But I cannot use the same approach with PowerShell 7. How can I retrieve the secret?但是我不能对 PowerShell 7 使用相同的方法。如何检索秘密?
$sp = New-AzADServicePrincipal -DisplayName "xyz" $secret = $sp.Secret $plainSecret = convertFromSecureString $secret $sp = New-AzADServicePrincipal -DisplayName "xyz" $secret = $sp.Secret $plainSecret = convertFromSecureString $secret
We have tested the above shared cmdlets in our local environment which has PowerShell running with different versions 5.1 & 7.2.我们已经在我们的本地环境中测试了上述共享 cmdlet,其中 PowerShell 运行不同的版本 5.1 和 7.2。
Using those cmdlets we are able to create the service principal & able to see the same properties in the output in either of both versions.使用这些 cmdlet,我们能够创建服务主体并能够在两个版本中的 output 中看到相同的属性。
Here is the sample output screenshot for reference:这是示例 output 屏幕截图供参考:
New-AzADServicePrincipal returns the IMicrosoftGraphServicePrincipal structure, which didn't match the example code. New-AzADServicePrincipal 返回与示例代码不匹配的 IMicrosoftGraphServicePrincipal 结构。
IMicrosoftGraphServicePrincipal Interface (latest PS version) IMicrosoftGraphServicePrincipal 接口(最新 PS 版本)
Here is the code that works for me:这是对我有用的代码:
Connect-AzAccount -Tenant 'TENANT_ID' -Subscription 'SUBSCRIPTION_ID'
$sp = New-AzADServicePrincipal -DisplayName $Name
$clientsec = [System.Net.NetworkCredential]::new("", $sp.passwordCredentials.secretText).Password
$jsonresp =
@{clientId=$sp.appId
clientSecret=$clientsec
}
$jsonresp | ConvertTo-Json
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.