How Do I Query Azure Active Directory For An Application Client Secret?

Question

I need to link my API Management with an Azure Active Directory Identity Provider.

In order to do that I have to use the REST API which requires the client secret as a part of the body:

https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/identityprovider/createorupdate

I don't want to check in the client secret to source control so I thought I would retrieve the client secret from Active Directory on the fly:

When I try to list the app credentials with az ad app credential list --id xxxx-my-long-id-xxx it doesn't return the secret:

[
  {
    "additionalProperties": null,
    "customKeyIdentifier": null,
    "endDate": "2020-08-16T14:11:44.782000+00:00",
    "keyId": "xxxxx-xxxx-x-xxx--xx-xxxxx",
    "startDate": "2019-08-16T14:11:53.862000+00:00",
    "value": null
  }
]

Is there an alternative way to get the client secret?

Maybe via the rest api?

Answer 1

For the service principal secret, you can just get it to see in the creation time. You will never see it anyway after the creation time. So if you forget the service principal secret, you just can reset the secret and then you can get a new one. You can see the messages here :

Make sure you copy this value - it can't be retrieved. If you forget the password, reset the service principal credentials.

The reset command here:

az ad sp credential reset --name yourApplicationName

For more details about the command, see az ad sp credential reset .

Answer 2

创建后看不到它，但可以将它保存到 Azure Key Vault 并在每次需要发出请求时从那里提取值。