DEV Community

Cover image for Register an application in Azure AD, generate and store a secret in Azure Key Vault using PowerShell
Adrian Mudzwiti
Adrian Mudzwiti

Posted on • Originally published at adrianthegreat.com

1 1

Register an application in Azure AD, generate and store a secret in Azure Key Vault using PowerShell

My exposure to PowerShell over the past few months has definitely made me appreciate the finer things in life.

I've always been a You Can't PowerShell Your Way Through Life type of guy which kind of works on once of use cases but when you have tasks that are repeatable, using the GUI takes time and it becomes a hindrance. My new mindset is If you have to do something more than once, it's time to script or automate it where possible.

I have created a fair share of Azure AD Applications using the GUI, then had to generate a client secret, set an expiry date for that secret, copy and paste the value into 1 Password, then navigate towards Azure Key Vault and import the secret. As you can imagine, that's a pretty mundane task with a lot of clicking.

As with anything in the field of tech, you start of by channeling your inner Google-Fu to see if there are others that have walked down the path you are embarking on (Research, cough cough). I spent a considerable amount of time reading docs and blog posts, most of which only catered to certain aspects of this challenge.

I came across a pretty insightful blog post by Olivier Miossec that laid a solid foundation.

Prerequisites:

Application Administrator AD Role

Access to an existing Azure Key Vault


The script requires you to authenticate to Azure Active Directory, once authenticated a few variables are declared and passed through commands that first creates the application in Azure AD, generates a secret and sets an expiry date.


The secret value is then converted from a plain text password to a secure string, you are then prompted to authenticate against Azure and last but not least the last command stores the secret generated earlier in Azure Key Vault.


I have added the script below in it's entirety, you'll notice that I have excluded the Redirect URI as it is an optional parameter.


# Create Azure Active Directory Application, generate and store secret in Azure Key Vault
# Application Administrator role Azure AD built-in role required
# Requires access to Key Vault
# Provide TenantId
$TenantId = 'aaaa-aaaa-aaaa-aaaa'
# Connect to Azure Active Directory
Connect-AzureAD -TenantID $TenantId
# Create Application
$ApplicationName = "Application Name"
$StartDate = Get-Date
$EndDate = $StartDate.AddYears(1)
$AzureApplicationObject = New-AzureADApplication -DisplayName $ApplicationName -AvailableToOtherTenants $false
# Generate Client Secret for App Registration and set expiry date for secret
$AzureApplicationSecret = New-AzureADApplicationPasswordCredential -ObjectId $AzureApplicationObject.ObjectID -EndDate $EndDate
# Convert plain text password to a secure string
$SecretValue = ConvertTo-SecureString $AzureApplicationSecret.Value -AsPlainText -Force
# Connect to Azure with an authenticated account
Connect-AzAccount -TenantId $TenantId
# Store Secret in Key Vault
$Secret = Set-AzKeyVaultSecret -VaultName "<Key Vault Name>" -Name $ApplicationName -SecretValue $SecretValue



Remember to automate / script all the mundane and repeatable tasks. Life's too short.

Image of AssemblyAI tool

Transforming Interviews into Publishable Stories with AssemblyAI

Insightview is a modern web application that streamlines the interview workflow for journalists. By leveraging AssemblyAI's LeMUR and Universal-2 technology, it transforms raw interview recordings into structured, actionable content, dramatically reducing the time from recording to publication.

Key Features:
🎥 Audio/video file upload with real-time preview
🗣️ Advanced transcription with speaker identification
⭐ Automatic highlight extraction of key moments
✍️ AI-powered article draft generation
📤 Export interview's subtitles in VTT format

Read full post

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay