You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs-ref-autogen/ad/sp.pycliyml
+40-30Lines changed: 40 additions & 30 deletions
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ commandList:
12
12
description: ''
13
13
href: sp#list
14
14
- name: az ad sp reset-credentials
15
-
description: Reset credential, on expiration or you forget it.
15
+
description: Reset service principal credentials.
16
16
href: sp#reset-credentials
17
17
- name: az ad sp show
18
18
description: ''
@@ -79,6 +79,10 @@ children:
79
79
code: az ad sp create-for-rbac -n "http://MyApp" --role contributor --scopes /subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/MyResourceGroup /subscriptions/11111111-2222-3333-4444-666666666666/resourceGroups/MyAnotherResourceGroup
80
80
- title: Create using self-signed certificte
81
81
code: az ad sp create-for-rbac --create-cert
82
+
- title: Create self-signed certificate within KeyVault
83
+
code: az ad sp create-for-rbac --key-vault <vault name> --cert <name> --create-cert
84
+
- title: Create using existing certificate in KeyVault
85
+
code: az ad sp create-for-rbac --key-vault <vault name> --cert <name>
82
86
- title: Login with a service principal.
83
87
code: az login --service-principal -u <name> -p <password> --tenant <tenant>
84
88
- title: Login with self-signed certificate
@@ -89,45 +93,47 @@ children:
89
93
code: az role assignment create --assignee <name> --role Contributor
90
94
- title: Revoke the service principal when done with it.
91
95
code: az ad app delete --id <name>
92
-
- title: Create using certificate from Key Vault
93
-
code: "az keyvault certificate download --vault-name vault -n cert-name -f cert.pem \n az ad sp create-for-rbac --cert @cert.pem"
94
96
parameters:
95
-
- name: --cert
96
-
isRequired: False
97
-
summary: PEM or DER formatted public certificate using string or @<file path> to load from a file. Do not include private key info.
98
-
description: ''
99
-
- name: --create-cert
100
-
isRequired: False
101
-
summary: Create and upload self-signed certificate which you can use to login.
102
-
description: ''
103
97
- name: --expanded-view
104
98
isRequired: False
105
99
summary: Once created, display more information like subscription and cloud environments.
106
100
description: ''
107
101
- name: --name -n
108
102
isRequired: False
109
-
summary: A display name or an app id uri. Command will generate one if missing.
110
-
description: ''
111
-
- name: --password -p
112
-
isRequired: False
113
-
summary: The password used to login. If missing, command will generate one.
103
+
summary: Display name or an app ID URI. Command will generate one if missing.
114
104
description: ''
115
105
- name: --role
116
106
isRequired: False
117
-
summary: Role the service principal has on the resources.
107
+
summary: Role the service principal has in regard to resources.
118
108
description: ''
119
109
defaultValue: Contributor
120
110
- name: --scopes
121
111
isRequired: False
122
-
summary: Spaceseparated scopes the service principal's role assignment applies to. Defaults to the root of the current subscription.
112
+
summary: Space-separated list of scopes the service principal's role assignment applies to. Defaults to the root of the current subscription.
123
113
description: ''
124
114
- name: --skip-assignment
125
115
isRequired: False
126
116
summary: Do not create default assignment.
127
117
description: ''
118
+
- name: --cert
119
+
isRequired: False
120
+
summary: Certificate to use for credentials in lieu of password.
121
+
description: When using --key-vault, indicates the name of the cert to use or create. Otherwise, supply a PEM or DER formatted public certificate string. Use @<file path> to load from a file. Do not include private key info.
122
+
- name: --create-cert
123
+
isRequired: False
124
+
summary: Create a self-signed certificate to use for the credential.
125
+
description: Use with --key-vault to create the certificate in Key Vault. Otherwise, a certificate will be created locally.
126
+
- name: --keyvault
127
+
isRequired: False
128
+
summary: Name or ID of a KeyVault to use for creating or retrieving certificates.
129
+
description: ''
130
+
- name: --password -p
131
+
isRequired: False
132
+
summary: The password used to login. If missing, command will generate one.
133
+
description: ''
128
134
- name: --years
129
135
isRequired: False
130
-
summary: 'Years the password will be valid. Default: 1 year.'
136
+
summary: 'Number of years for which the credentials will be valid. Default: 1 year.'
131
137
description: ''
132
138
- name: --debug
133
139
isRequired: False
@@ -258,23 +264,27 @@ children:
258
264
parameters:
259
265
- name: --name -n
260
266
isRequired: True
261
-
summary: The name, can be the app id uri, app id guid, or display name.
267
+
summary: Display name or an app ID URI.
262
268
description: ''
263
269
- name: --cert
264
270
isRequired: False
265
-
summary: PEM formatted public certificate. Do not include private key info.
266
-
description: ''
271
+
summary: Certificate to use for credentials in lieu of password.
272
+
description: When using --key-vault, indicates the name of the cert to use or create. Otherwise, supply a PEM or DER formatted public certificate string. Use @<file path> to load from a file. Do not include private key info.
267
273
- name: --create-cert
268
274
isRequired: False
269
-
summary: Re-create and upload self-signed certificate.
275
+
summary: Create a self-signed certificate to use for the credential.
276
+
description: Use with --key-vault to create the certificate in Key Vault. Otherwise, a certificate will be created locally.
277
+
- name: --keyvault
278
+
isRequired: False
279
+
summary: Name or ID of a KeyVault to use for creating or retrieving certificates.
270
280
description: ''
271
-
- name: --password
281
+
- name: --password -p
272
282
isRequired: False
273
283
summary: The password used to login. If missing, command will generate one.
274
284
description: ''
275
285
- name: --years
276
286
isRequired: False
277
-
summary: 'Years the password will be valid. Default: 1 year.'
287
+
summary: 'Number of years for which the credentials will be valid. Default: 1 year.'
278
288
description: ''
279
289
- name: --debug
280
290
isRequired: False
@@ -306,8 +316,8 @@ children:
306
316
children: []
307
317
uid: az_ad_sp_reset-credentials
308
318
name: az ad sp reset-credentials
309
-
description: ''
310
-
summary: Reset credential, on expiration or you forget it.
319
+
description: Use upon expiration of the existing credentials or in the even that you forget them.
0 commit comments