0

In the portal, under home > App registrations > Shazoo > Certificates & secrets, I can see a list of 5 different client secrets. When I execute any of the following, I can confirm that both produce a result for the specified GUID that also correlates with the Application ID on the Overview.

az ad sp list --all --query "[?displayName=='Shazoo']" --output table
az ad app list --all --query "[?displayName=='Shazoo']" --output table

Then, I'd like to see (and manage) the secrets shown in the portal. According to docs for service principal and docs for registered applications, I'm supposed to execute the following (replacing the GUID as found in the tables produces above).

az ad app credential list --id 2dda03c9-5d9b-4772-a666-c870a8c933c4
az ad sp credential list --id 2dda03c9-5d9b-4772-a666-c870a8c933c4

The first one results in an array containing a single credential, the key not corresponding to any of the shown in the portal. The second one results in an empty array. It confuses me and I suspect that the crentials accessed this way belong to elsewhere than the view in question. (The same goes for resetting the credential as no new one appears in the list visible in the portal.)

What am I missing and how do I manage my list of secrets from Azure CLI?

There was some confusion in docs in this regard but it seems to have been resolved about a year ago. I've seen a similar question but it doesn't discuss listing (and, also, I noticed that it didn't produced the requested result for some reason). I also see the commands suggested under Credentials creation with a client secret inthis blog but with no screenshots form the portal to verify.

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438

1 Answers1

1

The portal display of secrets has a lag. It can take a minute before refreshing the page shows the actual set of secrets. Very sneaky and confusing!

I suspect you're plugging in the wrong GUID when trying to view the credential for the service principal retrieved in step 1.

az ad sp list --display-name Shazoo --output table

From the table output, make sure you copy the AppId (not the Id)

az ad app credential list --id <AppId>

This will list the data for your secret in the app registration.

Also, notice the small change to the query in step 1. Instead of az ad sp list --all --query "[?displayName=='Shazoo']" --output table, consider using the --display-name parameter instead. It will result in a more efficient and faster query for you.

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
Rick Rainey
  • 11,096
  • 4
  • 30
  • 48
  • The hint for a cleaner syntax is great. I wasn't aware of it and it's... less than convenient to do the query-jerking each time. Regrettably, your suspicion was incorrect. I tripple-checked (both the previous executions and now again. It still returns an array containing a single element, not resembling any of those in the portal. – Konrad Viltersten Aug 03 '23 at 16:31
  • Oh, crap... I removed all the current secrets now. I though the command would **add** a secret. This is going to hurt. So... you kind of solved the reported issue. I may have reset the secrets while the portal didn't refresh leading me to confusion. I see no command to **add** a secret. Nor can i see how to add multiple ones. The reset sets only one... I'm so toasted now... – Konrad Viltersten Aug 03 '23 at 16:39
  • 1
    I'll take a liberty and add a sentence in the beginning of your answer. It's great and helpful but needs this extra piece to be perfect. It was really misleading and confusing. Feel free to alter my addition if you feel like it's too intrusive to your content. – Konrad Viltersten Aug 03 '23 at 16:57