az ad app credential
Manage an application's password or certificate credentials.
Commands
Name | Description | Type | Status |
---|---|---|---|
az ad app credential delete |
Delete an application's password or certificate credentials. |
Core | GA |
az ad app credential list |
List an application's password or certificate credential metadata. (The content of the password or certificate credential is not retrievable.). |
Core | GA |
az ad app credential reset |
Reset an application's password or certificate credentials. |
Core | GA |
az ad app credential delete
Delete an application's password or certificate credentials.
az ad app credential delete --id
--key-id
[--cert]
Examples
Delete an application's password credentials
az ad app credential delete --id 00000000-0000-0000-0000-000000000000 --key-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Delete an application's certificate credentials
az ad app credential delete --id 00000000-0000-0000-0000-000000000000 --key-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --cert
Required Parameters
Identifier uri, application id, or object id.
Credential key id.
Optional Parameters
Operate on certificate credentials.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad app credential list
List an application's password or certificate credential metadata. (The content of the password or certificate credential is not retrievable.).
az ad app credential list --id
[--cert]
Examples
List an application's password credentials
az ad app credential list --id 00000000-0000-0000-0000-000000000000
List an application's certificate credentials
az ad app credential list --id 00000000-0000-0000-0000-000000000000 --cert
Required Parameters
Identifier uri, application id, or object id.
Optional Parameters
Operate on certificate credentials.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad app credential reset
Reset an application's password or certificate credentials.
By default, this command clears all passwords and keys, and let graph service generate a password credential.
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. As an alternative, consider using managed identities if available to avoid the need to use credentials.
az ad app credential reset --id
[--append]
[--cert]
[--create-cert]
[--display-name]
[--end-date]
[--keyvault]
[--years]
Examples
Reset an application's credential with a password
az ad app credential reset --id 00000000-0000-0000-0000-000000000000
Reset an application's credential with a new self-signed certificate
az ad app credential reset --id 00000000-0000-0000-0000-000000000000 --create-cert
Append a certificate to the application with the certificate string.
az ad app credential reset --id 00000000-0000-0000-0000-000000000000 --cert "MIICoT..." --append
Append a certificate to the application with the certificate file.
az ad app credential reset --id 00000000-0000-0000-0000-000000000000 --cert "@~/cert.pem" --append
`cert.pem` contains the following content
-----BEGIN CERTIFICATE----- <<< this line is optional
MIICoT...
-----END CERTIFICATE----- <<< this line is optional
Required Parameters
Identifier uri, application id, or object id.
Optional Parameters
Append the new credential instead of overwriting.
Certificate to use for credentials. When used with --keyvault,
, indicates the name of the cert to use or create. Otherwise, supply a PEM or DER formatted public certificate string. Use @{path}
to load from a file. Do not include private key info.
Create a self-signed certificate to use for the credential. Only the current OS user has read/write permission to this certificate. Use with --keyvault
to create the certificate in Key Vault. Otherwise, a certificate will be created locally.
Friendly name for the credential.
Finer grain of expiry time if '--years' is insufficient, e.g. '2020-12-31T11:59:59+00:00' or '2299-12-31'.
Name or ID of a KeyVault to use for creating or retrieving certificates.
Number of years for which the credentials will be valid. Default: 1 year.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.