Azure AD application adding a key via Powershell

4
votes

I'm trying to add a key in my Azure AD application using PowerShell. Unfortunately i was try first with Azure CLI, but after some research and some stackoverflow answers I figure out, that this cannot be done.

I'm trying to automate the task from the link below via Powershell: http://blog.davidebbo.com/2014/12/azure-service-principal.html

I'm also following these steps: https://blogs.technet.microsoft.com/kv/2015/06/02/azure-key-vault-step-by-step/

Is there any way to create/retrieve the following things in Powershell:

VaultUrl, AuthClientId, AuthClientSecret.

3
azureazure-active-directoryazure-powershell

3 Answers

3
votes

This can be done using either the method New-AzureRmADApplication (to include it when you create the application), but apparently not with Set-AzureRmADApplication (i.e. to set it after creating the app; I'm not sure there is a way to do that via powershell). But it's not clear how to set this just from knowing the methods. This site led me to the answer: https://sabin.io/blog/adding-an-azure-active-directory-application-and-key-using-powershell/.

The gist is that you have to provide what those methods refer to as PasswordCredentials, though the Azure portal seems to call them keys, and some powershell commands, like SqlAzureAuthenticationContext call the value you are setting the Secret (all of which are confusing terms). Here's how I did it to create with the credential:

# Be sure to note $KeyValue! It can't be retrieved.
# It's the "Secret" you can pass to methods like Add-SqlAzureAuthenticationContext in order to authenticate.
$KeyValue = [guid]::NewGuid()
Write-Output "The password you've set is $KeyValue"

$psadCredential = New-Object Microsoft.Azure.Commands.Resources.Models.ActiveDirectory.PSADPasswordCredential
$startDate = Get-Date
$psadCredential.StartDate = $startDate
$psadCredential.EndDate = $startDate.AddYears(1)
$psadCredential.KeyId = [guid]::NewGuid()
$psadCredential.Password = $KeyValue

$adApplication = New-AzureRmADApplication –DisplayName “MyNewApp”`
-HomePage "http://MyNewApp"`
-IdentifierUris "http://MyNewApp"`
-PasswordCredentials $psadCredential
1
votes

The only way I could find to create an AAD application in PowerShell and keep some record of the key was to use the Graph API. This way, I could generate the key value myself and pass it in explicitly, rather than try to capture it in the output.

Script here: https://gist.github.com/bjh1977/0953b96e7148d6a845f5d331cb7206a5#file-createaadapplication-ps1

0
votes

Below will retrieve ClientID from existing AD application:

$ADApp = Get-AzureRmADApplication -DisplayName "AzureADApplicationName"
write-host $ADApp.ApplicationId

Below will retrieve Vault Uri:

$KeyVault= Get-AzureRmKeyVault -VaultName "VaultName"
write-host $KeyVault.VaultUri

I am also looking for options to add key from powershell. When I added key manually then there was message displayed which says "Copy and store the key value. You won't be able to retrieve it after you leave this page". But still trying to figure out option to retrieve key(ClientSecret) using powershell.