I have created a RBAC enabled service principal in Azure to configure Key Vault access within my OS using environment variables. When you create a service principal, the Azure CLI responds with the service principal details, containing the clientSecret value. Creation command:
az ad sp create-for-rbac -n <http://my-name> --sdk-auth
I would like to know if and how I can request the clientSecret later on. When I use
az ad sp show --id <my-service-principal-uuid>
or
az ad sp credential list --id <my-service-principal-uuid>
the clientSecret is not in the response information.
Is there any way to retrieve the clientSecret other than at the moment of creation?
You cannot retrieve it after creation. The best you can do is to reset it, at which point you will be shown the new value:
PS C:\> az ad sp credential reset --name foo
{
"appId": "...",
"name": "foo",
"password": "...",
"tenant": "..."
}
This means that you will need to update the credential manually wherever you've made use of it, for example in Azure DevOps if you've created an Azure RM service connection with that particular service principal.