az ad sp credential

Manage a service principal's credentials.

The credential update will be applied on the Application object the service principal is associated with. In other words, you can accomplish the same thing using "az ad app credential".

Commands

az ad sp credential delete

Delete a service principal's credential.

az ad sp credential list

List a service principal's credentials.

az ad sp credential reset

Reset a service principal credential.

az ad sp credential delete

Delete a service principal's credential.

az ad sp credential delete --id
                           --key-id
                           [--cert]

Examples

Delete a service principal's credential. (autogenerated)

az ad sp credential delete --id 00000000-0000-0000-0000-000000000000 --key-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Required Parameters

--id

Service principal name, or object id.

--key-id

Credential key id.

Optional Parameters

--cert

A certificate based credential.

az ad sp credential list

List a service principal's credentials.

az ad sp credential list --id
                         [--cert]

Examples

List a service principal's credentials. (autogenerated)

az ad sp credential list --id 00000000-0000-0000-0000-000000000000

Required Parameters

--id

Service principal name, or object id.

Optional Parameters

--cert

A certificate based credential.

az ad sp credential reset

Reset a service principal credential.

Use upon expiration of the service principal's credentials, or in the event that login credentials are lost.

The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. As an alternative, consider using managed identities if available to avoid the need to use credentials.

az ad sp credential reset --id
                          [--append]
                          [--cert]
                          [--create-cert]
                          [--display-name]
                          [--end-date]
                          [--keyvault]
                          [--years]

Examples

Append a certificate to the service principal with the certificate string.

az ad sp credential reset --id myapp --cert "MIICoT..." --append

Append a certificate to the service principal with the certificate file.

az ad sp credential reset --id myapp --cert "@~/cert.pem" --append
cert.pem contains the following content
-----BEGIN CERTIFICATE-----  <<< this line is optional
MIICoT...
-----END CERTIFICATE-----    <<< this line is optional

Reset a service principal credential. (autogenerated)

az ad sp credential reset --id MyAppURIForCredential

Required Parameters

--id

Service principal name, or object id.

Optional Parameters

--append

Append the new credential instead of overwriting.

--cert

Certificate to use for credentials.

--create-cert

Create a self-signed certificate to use for the credential.

--display-name

Friendly name for the password.

--end-date

Finer grain of expiry time if '--years' is insufficient, e.g. '2020-12-31T11:59:59+00:00' or '2299-12-31'.

--keyvault

Name or ID of a KeyVault to use for creating or retrieving certificates.

--years

Number of years for which the credentials will be valid. Default: 1 year.