-
Notifications
You must be signed in to change notification settings - Fork 495
/
Copy pathcredential.yml
169 lines (164 loc) · 6.62 KB
/
credential.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
### YamlMime:AzureCLIGroup
uid: az_ad_sp_credential
name: az ad sp credential
summary: |-
Manage a service principal's password or certificate credentials.
status: GA
sourceType: Core
directCommands:
- uid: az_ad_sp_credential_delete
name: az ad sp credential delete
summary: |-
Delete a service principal's password or certificate credentials.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/role/_help.py
syntax: >-
az ad sp credential delete --id
--key-id
[--cert]
examples:
- summary: |-
Delete a service principal's password credential
syntax: az ad sp credential delete --id 00000000-0000-0000-0000-000000000000 --key-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- summary: |-
Delete a service principal's certificate credential
syntax: az ad sp credential delete --id 00000000-0000-0000-0000-000000000000 --key-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --cert
requiredParameters:
- isRequired: true
name: --id
summary: |-
Service principal name, or object id.
- isRequired: true
name: --key-id
summary: |-
Credential key id.
optionalParameters:
- name: --cert
defaultValue: "False"
summary: |-
Operate on certificate credentials.
- uid: az_ad_sp_credential_list
name: az ad sp credential list
summary: |-
List a service principal's password or certificate credential metadata. (The content of the password or certificate credential is not retrievable.).
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/role/_help.py
syntax: >-
az ad sp credential list --id
[--cert]
examples:
- summary: |-
List a service principal's password credentials
syntax: az ad sp credential list --id 00000000-0000-0000-0000-000000000000
- summary: |-
List a service principal's certificate credentials
syntax: az ad sp credential list --id 00000000-0000-0000-0000-000000000000 --cert
requiredParameters:
- isRequired: true
name: --id
summary: |-
Service principal name, or object id.
optionalParameters:
- name: --cert
defaultValue: "False"
summary: |-
Operate on certificate credentials.
- uid: az_ad_sp_credential_reset
name: az ad sp credential reset
summary: |-
Reset a service principal's password or certificate credentials.
description: |-
By default, this command clears all passwords and keys, and let graph service generate a password credential.
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. As an alternative, consider using [managed identities](https://aka.ms/azadsp-managed-identities) if available to avoid the need to use credentials.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/role/_help.py
syntax: >-
az ad sp credential reset --id
[--append]
[--cert]
[--create-cert]
[--display-name]
[--end-date]
[--keyvault]
[--years]
examples:
- summary: |-
Reset a service principal's credential with a password
syntax: az ad sp credential reset --id 00000000-0000-0000-0000-000000000000
- summary: |-
Reset a service principal's credential with a new self-signed certificate
syntax: az ad sp credential reset --id 00000000-0000-0000-0000-000000000000 --create-cert
- summary: |-
Append a certificate to the service principal with the certificate string.
syntax: az ad sp credential reset --id 00000000-0000-0000-0000-000000000000 --cert "MIICoT..." --append
- summary: |-
Append a certificate to the service principal with the certificate file.
syntax: >-
az ad sp credential reset --id 00000000-0000-0000-0000-000000000000 --cert "@~/cert.pem" --append
`cert.pem` contains the following content
-----BEGIN CERTIFICATE----- <<< this line is optional
MIICoT...
-----END CERTIFICATE----- <<< this line is optional
requiredParameters:
- isRequired: true
name: --id
summary: |-
Service principal name, or object id.
optionalParameters:
- name: --append
defaultValue: "False"
summary: |-
Append the new credential instead of overwriting.
- name: --cert
summary: |-
Certificate to use for credentials. When used with `--keyvault,`, indicates the name of the cert to use or create. Otherwise, supply a PEM or DER formatted public certificate string. Use `@{path}` to load from a file. Do not include the private key.
- name: --create-cert
defaultValue: "False"
summary: |-
Create a self-signed certificate to use for the credential. Only the current OS user has read/write permission to this certificate. Use with `--keyvault` to create the certificate in Key Vault. Otherwise, a certificate will be created locally.
- name: --display-name
summary: |-
Friendly name for the credential.
- name: --end-date
summary: |-
Finer grain of expiry time if '--years' is insufficient, e.g. '2020-12-31T11:59:59+00:00' or '2299-12-31'.
- name: --keyvault
summary: |-
Name or ID of a KeyVault to use for creating or retrieving certificates.
- name: --years
summary: |-
Number of years for which the credentials will be valid. Default: 1 year.
commands:
- az_ad_sp_credential_delete
- az_ad_sp_credential_list
- az_ad_sp_credential_reset
globalParameters:
- name: --debug
summary: |-
Increase logging verbosity to show all debug logs.
- name: --help -h
summary: |-
Show this help message and exit.
- name: --only-show-errors
summary: |-
Only show errors, suppressing warnings.
- name: --output -o
defaultValue: "json"
parameterValueGroup: "json, jsonc, none, table, tsv, yaml, yamlc"
summary: |-
Output format.
- name: --query
summary: |-
JMESPath query string. See <a href="http://jmespath.org/">http://jmespath.org/</a> for more information and examples.
- name: --subscription
summary: |-
Name or ID of subscription. You can configure the default subscription using `az account set -s NAME_OR_ID`.
- name: --verbose
summary: |-
Increase logging verbosity. Use --debug for full debug logs.
metadata:
ms.date: 11/12/2024
description: Manage a service principal's password or certificate credentials.