https://pulumi.com logo
#azure
Title
# azure
e

enough-grass-76480

01/24/2024, 10:35 PM
What resource does a "ServicePrincipalPassword" actually create? I have been unable to figure out how to create a client secret through pulumi for a service principal.
a

adventurous-butcher-54166

01/29/2024, 10:19 AM
That will indeed create client credentials which value you will then be able to read from the output of
ServicePrincipalPassword.value
What is the error you are getting?
e

enough-grass-76480

01/29/2024, 4:50 PM
I'm not getting an error, just don't see a secret or anything in azure portal.
a

adventurous-butcher-54166

01/30/2024, 12:15 PM
And if you navigate to the app registration in Entra, are there no client secrets listed under "Certificates & secrets"? Can you share the code you're using?
e

enough-grass-76480

01/30/2024, 6:46 PM
Copy code
application, err := azuread.NewApplication(ctx, fmt.Sprintf("%s-Application", subscriptionObject.Name), &azuread.ApplicationArgs{
	DisplayName: pulumi.Sprintf("%s Infrastructure Application", subscriptionObject.Environment),
	Description: pulumi.String("Service principal for subscription"),
}, pulumi.Provider(azProvider))

servicePrincipal, err := azuread.NewServicePrincipal(ctx, fmt.Sprintf("%s-Service-Principal", subscriptionObject.Name), &azuread.ServicePrincipalArgs{
	ClientId: application.ClientId,
}, pulumi.Provider(azProvider))
if err != nil {
	return nil, err
}

spPassword, err := azuread.NewServicePrincipalPassword(ctx, fmt.Sprintf("%s-Service-Principal-Password", subscriptionObject.Name), &azuread.ServicePrincipalPasswordArgs{
	ServicePrincipalId: servicePrincipal.ObjectId,
	DisplayName:        pulumi.Sprintf("%s Infrastructure Secret", subscriptionObject.Environment),
}, pulumi.Provider(azProvider))
a

adventurous-butcher-54166

01/30/2024, 7:48 PM
This should do what you intend to. Do you not see any Client Secrets listed under the App registration in Azure portal / Entra? Please note that if you are looking for the client secret value you'd have to export that during creation as it can't be retreived afterwords.
e

enough-grass-76480

01/30/2024, 7:52 PM
Yes, it is working as intended. We output the value to keyvault and have been using it successfully. But there are no listed secrets in app registration.
image.png
a

adventurous-butcher-54166

01/30/2024, 10:27 PM
I'm so sorry – It's actually the ApplicationPassword that creates client credentials. https://www.pulumi.com/registry/packages/azuread/api-docs/applicationpassword/
e

enough-grass-76480

01/31/2024, 2:14 AM
Ok, great, I will try that out. I would still like to know what password I'm generating and where it can be referenced.