DEV Community

Cover image for Register an application in Azure AD, generate and store a secret in Azure Key Vault using PowerShell
Adrian Mudzwiti
Adrian Mudzwiti

Posted on • Originally published at

Register an application in Azure AD, generate and store a secret in Azure Key Vault using PowerShell

My exposure to PowerShell over the past few months has definitely made me appreciate the finer things in life.

I've always been a You Can't PowerShell Your Way Through Life type of guy which kind of works on once of use cases but when you have tasks that are repeatable, using the GUI takes time and it becomes a hindrance. My new mindset is If you have to do something more than once, it's time to script or automate it where possible.

I have created a fair share of Azure AD Applications using the GUI, then had to generate a client secret, set an expiry date for that secret, copy and paste the value into 1 Password, then navigate towards Azure Key Vault and import the secret. As you can imagine, that's a pretty mundane task with a lot of clicking.

As with anything in the field of tech, you start of by channeling your inner Google-Fu to see if there are others that have walked down the path you are embarking on (Research, cough cough). I spent a considerable amount of time reading docs and blog posts, most of which only catered to certain aspects of this challenge.

I came across a pretty insightful blog post by Olivier Miossec that laid a solid foundation.


Application Administrator AD Role

Access to an existing Azure Key Vault

The script requires you to authenticate to Azure Active Directory, once authenticated a few variables are declared and passed through commands that first creates the application in Azure AD, generates a secret and sets an expiry date.

The secret value is then converted from a plain text password to a secure string, you are then prompted to authenticate against Azure and last but not least the last command stores the secret generated earlier in Azure Key Vault.

I have added the script below in it's entirety, you'll notice that I have excluded the Redirect URI as it is an optional parameter.

Remember to automate / script all the mundane and repeatable tasks. Life's too short.

Top comments (0)