I’m trying to figure out the difference between this 2 resources (azuread_service_principal_password and azuread_application_password) . I’m creating with code below and expected it to create service principal
resource "azuread_application" "sp-application" {
display_name = "${azurerm_storage_account.dataplatform.name}-app"
owners = local.owners
tags = ["Auto-rotate"]
}
resource "azuread_service_principal" "sp-serviceprincipal" {
application_id = azuread_application.sp-application.application_id
app_role_assignment_required = false
owners = local.owners
notes = "Service principal for Databricks application to access storage account"
tags = ["Auto-rotate"]
}
resource "azuread_service_principal_password" "sp-password" {
service_principal_id = azuread_service_principal.sp-serviceprincipal.object_id
rotate_when_changed = {
rotation = time_rotating.sp-password-rotation.id
}
}
It does create a password which I can capture in output but I don’t see this password as part of service principal secret in portal. Objecty_id being returned actually is object_id of application itself and not service principal derived from it. I don’t see any option to see any passwords present in Enterprise Application either. Confused about what password being created and where.