Update service principal credentials
This article explains how to update the secrets in the data controller.
For example, if you:
- Deployed the data controller using a specific set of values for service principal tenant ID, client ID, and client secret
- Change one or more of these values
You need to update the secrets in the data controller.
Background
The service principal was created at Create service principal.
Steps
Access the service principal secret in the default editor.
kubectl edit secret/upload-service-principal-secret -n <name of namespace>For example, to edit the service principal secret to a data controller in the
arcnamespace, run the following command:kubectl edit secret/upload-service-principal-secret -n arcThe
kubectl editcommand opens the credentials .yml file in the default editor.Edit the service principal secret.
In the default editor, replace the values in the data section with the updated credential information.
For instance:
# Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: authority: <authority id> clientId: <client id> clientSecret: <client secret>== tenantId: <tenant id> kind: Secret metadata: creationTimestamp: "2020-12-02T05:02:04Z" name: upload-service-principal-secret namespace: arc resourceVersion: "7235659" selfLink: /api/v1/namespaces/arc/secrets/upload-service-principal-secret uid: <globally unique identifier> type: OpaqueEdit the values for
clientID,clientSecretand/ortenantIDas appropriate.
Note
The values need to be base64 encoded. Do not edit any other properties.
If an incorrect value is provided for clientId, clientSecret, or tenantID the command returns an error message as follows in the control-xxxx pod/controller container logs:
YYYY-MM-DD HH:MM:SS.mmmm | ERROR | [AzureUpload] Upload task exception: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000215: Invalid client secret is provided.
Related content
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for