How create/delete secrets of Azure service principal by using another service principal with REST API or Python SDK?
Question:
I have 2 app registration (2 service principals).
First of them I use as my credentials to have token.
I need from my Python script to create and delete the secrets of the second service principal.
Unfortunately, I did not find such an example in the documentation.
How can I do that?
Answers:
You can use the below code for your requirement :
Add Client_Secret:
from azure.identity import ClientSecretCredential
from msgraph.core import GraphClient
import json
clientid= "Serviceprincipal1"
clientsecret = "secret"
tenantid = "tenantId"
credentials=ClientSecretCredential(tenant_id=tenantid,client_id=clientid,client_secret=clientsecret)
graph_client = GraphClient(credential=credentials)
#get details of another service principal by providing the object id of the application
app = graph_client.get('/applications/serviceprincipal2objectid')
print(app.json())
#add new client sceret to that ad app
body={
"passwordCredential": {
"displayName": "NewPaasswordCreatedfromPythonSDK"
}
}
addpass=graph_client.post('/applications/serviceprincipal2objectid/addPassword',json=json.dumps(body))
print("HTTP_request_Response:",addpass.status_code)
Outputs:
Remove Client_Secret:
#remove a client secret for that ad app
body= {
"keyId": "1636f0ce-1b8c-46a0-a580-d0df086b91c7"## keyid of the key added earlier
}
removepass=graph_client.post('/applications/serviceprincipal2objectid/removePassword',json=body)
print("HTTP_request_Response:",removepass.status_code)
Output:
Note: MSGRAPH-core python sdk is in Preview only and to use you have to install using pip install msgraph-core
You can use Graph API for this
https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=http
I have 2 app registration (2 service principals).
First of them I use as my credentials to have token.
I need from my Python script to create and delete the secrets of the second service principal.
Unfortunately, I did not find such an example in the documentation.
How can I do that?
You can use the below code for your requirement :
Add Client_Secret:
from azure.identity import ClientSecretCredential
from msgraph.core import GraphClient
import json
clientid= "Serviceprincipal1"
clientsecret = "secret"
tenantid = "tenantId"
credentials=ClientSecretCredential(tenant_id=tenantid,client_id=clientid,client_secret=clientsecret)
graph_client = GraphClient(credential=credentials)
#get details of another service principal by providing the object id of the application
app = graph_client.get('/applications/serviceprincipal2objectid')
print(app.json())
#add new client sceret to that ad app
body={
"passwordCredential": {
"displayName": "NewPaasswordCreatedfromPythonSDK"
}
}
addpass=graph_client.post('/applications/serviceprincipal2objectid/addPassword',json=json.dumps(body))
print("HTTP_request_Response:",addpass.status_code)
Outputs:
Remove Client_Secret:
#remove a client secret for that ad app
body= {
"keyId": "1636f0ce-1b8c-46a0-a580-d0df086b91c7"## keyid of the key added earlier
}
removepass=graph_client.post('/applications/serviceprincipal2objectid/removePassword',json=body)
print("HTTP_request_Response:",removepass.status_code)
Output:
Note: MSGRAPH-core python sdk is in Preview only and to use you have to install using pip install msgraph-core
You can use Graph API for this
https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=http