No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

What resource does a "ServicePrincipalPassword" actually create?  I have been unable to figure out how to create a client secret through pulumi for a service principal.

That will indeed create client credentials which value you will then be able to read from the output of `ServicePrincipalPassword.value`

What is the error you are getting?

I'm not getting an error, just don't see a secret or anything in azure portal.

Screenshot 2024-01-30 at 12.14.41.png

And if you navigate to the app registration in Entra, are there no client secrets listed under "Certificates &amp; secrets"?

Can you share the code you're using?

```application, err := azuread.NewApplication(ctx, fmt.Sprintf("%s-Application", subscriptionObject.Name), &amp;azuread.ApplicationArgs{
	DisplayName: pulumi.Sprintf("%s Infrastructure Application", subscriptionObject.Environment),
	Description: pulumi.String("Service principal for subscription"),
}, pulumi.Provider(azProvider))

servicePrincipal, err := azuread.NewServicePrincipal(ctx, fmt.Sprintf("%s-Service-Principal", subscriptionObject.Name), &amp;azuread.ServicePrincipalArgs{
	ClientId: application.ClientId,
}, pulumi.Provider(azProvider))
if err != nil {
	return nil, err
}

spPassword, err := azuread.NewServicePrincipalPassword(ctx, fmt.Sprintf("%s-Service-Principal-Password", subscriptionObject.Name), &amp;azuread.ServicePrincipalPasswordArgs{
	ServicePrincipalId: servicePrincipal.ObjectId,
	DisplayName:        pulumi.Sprintf("%s Infrastructure Secret", subscriptionObject.Environment),
}, pulumi.Provider(azProvider))```

This should do what you intend to. Do you not see any Client Secrets listed under the App registration in Azure portal / Entra? Please note that if you are looking for the client secret value you'd have to export that during creation as it can't be retreived afterwords.

Yes, it is working as intended. We output the value to keyvault and have been using it successfully. But there are no listed secrets in app registration.

image.png

I'm so sorry – It's actually the ApplicationPassword that creates client credentials.
<https://www.pulumi.com/registry/packages/azuread/api-docs/applicationpassword/>

Ok, great, I will try that out. I would still like to know what password I'm generating and where it can be referenced.