Login to Azure without exposing password using PowerShell

0
votes

So, I have been trying to find a way to login to azure with PowerShell without user prompts and most importantly without exposing password in the script to manage App Services and other Administrative tasks on Azure, upon doing some research I've figured different way to get it working all the way from using the Export-Clixml & Import-Clixml commands, using Azure AAD service principle's or Azure Key Vault, unfortunately didn't come across anything which does not expose password in the script. Hence posting here to see if anyone has any suggestions.

Note: I even have MFA enabled for logging in.

1
azurepowershellazure-active-directoryazure-powershellazure-keyvault
You're talking about logging in to the Azure Portal, or storing a credential to use with something like the AzureRm PowerShell module? I would strongly discourage automating anything through the Azure Portal, and instead recommend you use the numerous Rest APIs or PowerShell Modules. - FoxDeploy
Are you trying to log into Azure AD in PowerShell? If yes, you should create a service principal (with a PfxCertificate) and use it to sign in. See docs.microsoft.com/en-us/powershell/module/azuread/…. - Allen Wu

1 Answers

0
votes

You should authenticate to Azure with a username/client certificate which is stored on the machine where the authentication is taking place. The client certificate should be imported into the local machine's store and have export private key disabled.

The login can take place from powershell by having PS grab the certificate to send to Azure. Credentials will be returned and then you can use those to handle whatever operations you require.