如何在 Powershell 中检索 Azure 服务主体的秘密 7

Question

I recently started using PowerShell 7.x and I've came around some problems. I am not able to retrieve the secret of my service principal when I create it through PowerShell 7. The return body does not give the "Secret" property. I used to work with PowerShell 5.x and I used to get a "Secret" property in the return object after creating a service principal. I've added the screenshots of creating service principal through both PowerShell 7.x and PowerShell 5.x.

As you can see while working with Powershell 5 I could just use an object and save the returned object in it and access the secret like:

$sp = New-AzADServicePrincipal -DisplayName "xyz"
$secret = $sp.Secret 
$plainSecret = convertFromSecureString $secret

convertFromSecrureString is just a basic function which converts the secret to plain text .

But I cannot use the same approach with PowerShell 7. How can I retrieve the secret?

Answer 1

$sp = New-AzADServicePrincipal -DisplayName "xyz" $secret = $sp.Secret $plainSecret = convertFromSecureString $secret

We have tested the above shared cmdlets in our local environment which has PowerShell running with different versions 5.1 & 7.2.

Using those cmdlets we are able to create the service principal & able to see the same properties in the output in either of both versions.

Here is the sample output screenshot for reference:

Answer 2

New-AzADServicePrincipal returns the IMicrosoftGraphServicePrincipal structure, which didn't match the example code.

IMicrosoftGraphServicePrincipal Interface (latest PS version)

Here is the code that works for me:

Connect-AzAccount -Tenant 'TENANT_ID' -Subscription 'SUBSCRIPTION_ID'
$sp = New-AzADServicePrincipal -DisplayName $Name
$clientsec = [System.Net.NetworkCredential]::new("", $sp.passwordCredentials.secretText).Password
$jsonresp = 
    @{clientId=$sp.appId 
        clientSecret=$clientsec
    }
$jsonresp | ConvertTo-Json