Az cli to reset the service principal without overwriting

Question

Through az cli I am getting "Insufficient privileges to complete the operation" while trying to append the service principal without overwriting where as through azure portal I can append new secret. Is the below command correct?

az ad sp credential reset --display-name --id xxxxxxxxxxxxxx --append --years 1 Insufficient privileges to complete the operation

Answer 1

The error "Insufficient privileges to complete the operation" usually occurs if you don't have sufficient roles or permissions to perform the operation.

I tried to reproduce the same in my environment and got below results:

I have one service principal with one existing secret named new like below:

I used below CLI command to connect my Azure account:

az login --allow-no-subscriptions --only-show-errors

Response:

When I ran same command as you to add secret, I got same error as you like below:

az ad sp credential reset --display-name --id xxxxxxxxxxxxxx --append --years 1

To resolve the error, I assigned Application Administrator role to the user like below:

Now, I logged in with above user credentials again and ran below modified command to add secret:

az ad app credential reset --display-name secret --id <appID> --append --years 1

Response:

To confirm that, I checked the same in Portal where I can see both old and new secrets successfully like below:

In your case, check how you are signing to your account from CLI and make sure to have proper directory role like Application Administrator to add secret in application.