Home > OS >  az cli - how to login using credentials and supress prompt for password?
az cli - how to login using credentials and supress prompt for password?

Time:03-15

I have created an Azure AD security principle. And I've gone ahead and created a secure string out of the secret, so I don't have to save that in plain text somewhere.

Now in my deployment script that uses az cli, I want to log in to Azure using these credentials, but I keep getting prompted for a password. I'd like to avoid the prompt and just supply either the client secret or the encrypted secret as a parm.

Here's the code:

#Load Environment variables
$localenv = (Get-Content './environmentVars.json' | Out-String | ConvertFrom-Json)
$AzCred = Get-Credential -UserName $localenv .APP_ID
az login --service-principal -u $AzCred.UserName -p $localenv.APP_ID_CLIENT_SECRET --tenant $localenv.AZ_TENANT_ID

When I run the script, it does this:

PS C:\Users\me> .\deploy-resources.ps1

PowerShell credential request
Enter your credentials.
Password for user [GUID for Security Principle]:

Is there a way I can just pass this to the powershell script ?

As far as the encrypted version of the secret, this is how I created it:

$Secure = Read-Host -AsSecureString (supply the secret)
$Encrypted = ConvertFrom-SecureString -SecureString $Secure

And then I create a secure string out of the client secret:

 $Secure2 = ConvertTo-SecureString -String $Encrypted

If there's a way to do so, I'd like to save the contents of $Secure2 in my json file and use that instead of the actual secret value.

Any tips would be appreciated.

CodePudding user response:

We have tried with same PowerShell script that you are using and faced the same issue as password prompted.

enter image description here

we did changes in your script as below and can able to login without prompted to password.

$localenv = (Get-Content -Path "C:\Users\v-aghose\Desktop\environmentVars.json.txt" | Out-String | ConvertFrom-Json)
#$AzCred = Get-Credential -UserName $localenv.APP_ID

az login --service-principal -u $localenv.APP_ID -p $localenv.APP_ID_CLIENT_SECRET --tenant $localenv.AZ_TENANT_ID --allow-no-subscriptions

OUTPUT:-

enter image description here

If we are passing client secret as encrypted secure string that won't work for login . To make it login we have to decode the encrypted string. So there will be waste of encrypting the client secret.

For more information about decrypted the encrypted secure strings please refer this SO THREAD .

Page link:https//www.codepudding.com/os/335787.html

Prev:IotHub Devices created via PowerShell not displaying
Next:pandas: append rows to another dataframe under the similar row based on column condition
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding