Possible azure credentials file for Heptio Ark

azure-credentials

subscription_id: ...
tenant_id: ...
resource_group: ...
client_id: ...
client_secret: ...
storage_account_name: ...
storage_key: ...

this looks bog standard to me, I'd run with it. However, the client secret client id stuff gets confusing because Azure AD uses different words in the api bodies. Just make sure we have a clear mapping as to how and where to find your "client id" and "client secret". :-)

az ad sp create-for-rbac -n testingsps 

Retrying role assignment creation: 1/36
{
  "appId": "57657ab3-8cd1-45ef-9bef-b4c9c0b3cd27",
  "displayName": "testingsps",
  "name": "http://testingsps",
  "password": "3a1007d1-f8ba-4cb3-84c8-d8add130e51b",
  "tenant": "guid that represents the controlling AAD domain"
}

here the appid IS the client id, and the password IS the client secret.

:-|

But how this ends up looking is:

➜  ~ az ad app list --display-name testingsps
[
  {
    "appId": "57657ab3-8cd1-45ef-9bef-b4c9c0b3cd27",
    "appPermissions": null,
    "availableToOtherTenants": false,
    "displayName": "testingsps",
    "homepage": "http://testingsps",
    "identifierUris": [
      "http://testingsps"
    ],
    "objectId": "27634111-f1a7-4cf8-83c9-15a43e97d002",
    "objectType": "Application",
    "replyUrls": []
  }
]
➜  ~ az ad sp list --display-name testingsps
[
  {
    "appId": "57657ab3-8cd1-45ef-9bef-b4c9c0b3cd27",
    "displayName": "testingsps",
    "objectId": "dbfcaa01-0a5a-41a2-954d-e0f301ade4c2",
    "objectType": "ServicePrincipal",
    "servicePrincipalNames": [
      "http://testingsps",
      "57657ab3-8cd1-45ef-9bef-b4c9c0b3cd27"
    ]
  }
]

the relevant documentation is here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects

Thanks! If you look at the Ark docs, we do call out what appId and password are used for. But it's definitely worth noting.

I haven't looked, but will. Sounds like you're doing precisely the right thing.