az ad sp credential
Manage a service principal's credentials.
The credential update will be applied on the Application object the service principal is associated with. In other words, you can accomplish the same thing using "az ad app credential".
Commands
| az ad sp credential delete |
Delete a service principal's credential. |
| az ad sp credential list |
List a service principal's credentials. |
| az ad sp credential reset |
Reset a service principal credential. |
az ad sp credential delete
Delete a service principal's credential.
az ad sp credential delete --id
--key-id
[--cert]Examples
Delete a service principal's credential. (autogenerated)
az ad sp credential delete --id 00000000-0000-0000-0000-000000000000 --key-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxRequired Parameters
Service principal name, or object id.
Credential key id.
Optional Parameters
A certificate based credential.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp credential list
List a service principal's credentials.
az ad sp credential list --id
[--cert]Examples
List a service principal's credentials. (autogenerated)
az ad sp credential list --id 00000000-0000-0000-0000-000000000000Required Parameters
Service principal name, or object id.
Optional Parameters
A certificate based credential.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp credential reset
Reset a service principal credential.
Use upon expiration of the service principal's credentials, or in the event that login credentials are lost.
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. As an alternative, consider using managed identities if available to avoid the need to use credentials.
az ad sp credential reset --id
[--append]
[--cert]
[--create-cert]
[--display-name]
[--end-date]
[--keyvault]
[--years]Examples
Append a certificate to the service principal with the certificate string.
az ad sp credential reset --id myapp --cert "MIICoT..." --appendAppend a certificate to the service principal with the certificate file.
az ad sp credential reset --id myapp --cert "@~/cert.pem" --append
cert.pem contains the following content
-----BEGIN CERTIFICATE----- <<< this line is optional
MIICoT...
-----END CERTIFICATE----- <<< this line is optionalReset a service principal credential. (autogenerated)
az ad sp credential reset --id MyAppURIForCredentialRequired Parameters
Service principal name, or object id.
Optional Parameters
Append the new credential instead of overwriting.
Certificate to use for credentials.
Create a self-signed certificate to use for the credential.
Friendly name for the password.
Finer grain of expiry time if '--years' is insufficient, e.g. '2020-12-31T11:59:59+00:00' or '2299-12-31'.
Name or ID of a KeyVault to use for creating or retrieving certificates.
Number of years for which the credentials will be valid. Default: 1 year.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Submit and view feedback for