How do I import an Azure AD Service Principal Password into Terraform?

We’re using Terraform to build our cloud infrastructure. Previously we had a few service principals created without Terraform that are being used right now on production and can’t be changed. Now we want to move to Terraform the creation of that service principals, but we’re unable to import the previous ones while keeping a structure to create new ones using random_string.

resource "azuread_service_principal_password" "service-images" {
  for_each             = toset(var.profiles)
  service_principal_id = azuread_service_principal.service-images[each.value].id
  end_date             = "2222-01-01T23:00:00Z"
  value                = random_string.images_password[each.value].result
}
resource "random_string" "images_password" {
  for_each = toset(var.profiles)
  length   = 32
  special  = true
}

When we create a new service principal (by adding an element to var.profiles list) it works fine, but when it’s a already used service principal, we’re worried that Terraform will smash the previous value and go down in production.

Also, Terraform seems to have an import interface for azuread_service_principal_password:

terraform import azuread_service_principal_password.test 00000000-0000-0000-0000-000000000000/11111111-1111-1111-1111-111111111111

Where first part is ServicePrincipalObjectId and second part is ServicePrincipalPasswordKeyId, however I can’t find that latter value on Azure Portal (where is it?).

How would you proceed?

Hello,

I’m not sure if this is still an Issue for you but I’ve had the same objective the last couple of days.

you can use the azure cli tool to access the properties of your SP:

az ad sp list --filter "objectId eq 'YOUR_OBJECT_ID'"

this will print out the SP. The keyID is located in the Block "passwordCredentials": [
under "keyId": "YOUR_KEY_ID"

I hope this will help.

Best Regards,
Timo