The KeyCredentials attribute should be listed when you run Get-MgServicePrincipal.
Here is what I used to get the keys:
Connect-MgGraph
$servicePrincipals = Get-MgServicePrincipal -All
$Result = @()
foreach ($sp in $servicePrincipals) {
if ($sp.KeyCredentials) {
foreach ($key in $sp.KeyCredentials) {
$Result += New-Object PSObject -Property @{
SPId = $sp.Id
SPName = $sp.DisplayName
SPAppId = $sp.AppId
KeyName = $key.DisplayName
KeyType = $key.Type
Key = $key.Key
}
}
}
}
Disconnect-MgGraph
$Result | Where-Object {$_.KeyType -eq "Symmetric"} | Export-CSV SymmetricKeys.csv -NoTypeInformation