Search code examples
pythonazureazure-keyvaultazure-sdk-pythonservice-principal

Azure KeyVault: how to retrieve clientId, clientSecret and the tenantId for an existing Service Principal?


The cloud engineer in my organization has set up an Azure KeyVault and a Service Principal. I know the id of this Service Principal, but I also need clientId, clientSecret, and tenantId.

The documentation shows that these variables are exposed to you when you create a Service Principal using Azure CLI, but in my case, there is one already. I don't have the credentials to create a new one, and frankly speaking, I don't need to.

So, how can I retrieve the clientId, clientSecret, and tenantId associated with the existing Service Principal?


Solution

  • You can get the Service Principal's Client Id and Tenant Id using CLI command like below:

    az ad sp list --query "[].{id:appId, tenant:appOwnerTenantId}"
    

    You can even get many more values of the Service Principals - refer to ServicePrincipalInner class.

    Further, as mentioned in the comments, you cannot retrieve the Client Secret created by somebody else. You will have to reset it:

    az ad sp credential reset --name APP_ID