Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
##
# Create new Service Principal with Cert configured
##
Login-AzureRmAccount -SubscriptionId XXXXXXXX-XXXX-XXXX-XXXX-86b9ebca2d13
# $credValue comes from the previous script and contains the X509 cert we wish to use.
# $validFrom comes from the previous script and is the validity start date for the cert.
# $validTo comes from the previous script and is the validity end data for the cert.
$adapp = New-AzureRmADApplication -DisplayName "KeyVault Reader - Cert" -HomePage "https://keyvaultreadr/" `
-IdentifierUris "https://keyvaultreadr/" -CertValue $credValue `
-StartDate $validFrom -EndDate $validTo
#
# DisplayName : KeyVault Reader - Cert
# ObjectId : XXXXXXXX-XXXX-XXXX-XXXX-1029a4c5be13
# IdentifierUris : {https://keyvaultreadr/}
# HomePage : https://keyvaultreadr/
# Type : Application
# ApplicationId : XXXXXXXX-XXXX-XXXX-XXXX-b1aa47a95554
# AvailableToOtherTenants : False
# AppPermissions :
# ReplyUrls : {}
#
New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId
# DisplayName Type ObjectId
# ----------- ---- --------
# KeyVault Reader - Cert ServicePrincipal XXXXXXXX-XXXX-XXXX-XXXX-11b962b59eef
####
# Grant Service Principal Read-Only on Secrets in our KeyVault
####
Set-AzureRmKeyVaultAccessPolicy -VaultName 'mytestvault' -ResourceGroupName 'your-awesome-rg' `
-ServicePrincipalName $adapp.ApplicationId.Guid `
-PermissionsToSecrets get
##
# Print Out the Service Principal's App ID (GUID) to use later in our Function setup.
##
$adapp.ApplicationId
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment