litodam · November 15, 2016 18:27
diff --git a/Create-CertSP.ps1 b/Create-CertSP.ps1
 ##
 # Create new Service Principal with Cert configured
 ##

 Login-AzureRmAccount -SubscriptionId XXXXXXXX-XXXX-XXXX-XXXX-86b9ebca2d13

 # $credValue comes from the previous script and contains the X509 cert we wish to use.
 # $validFrom comes from the previous script and is the validity start date for the cert.
 # $validTo comes from the previous script and is the validity end data for the cert.

 $adapp = New-AzureRmADApplication -DisplayName "KeyVault Reader - Cert" -HomePage "https://keyvaultreadr/" `
                                  -IdentifierUris "https://keyvaultreadr/" -CertValue $credValue `
                                  -StartDate $validFrom -EndDate $validTo
 #
 # DisplayName             : KeyVault Reader - Cert
 # ObjectId                : XXXXXXXX-XXXX-XXXX-XXXX-1029a4c5be13
 # IdentifierUris          : {https://keyvaultreadr/}
 # HomePage                : https://keyvaultreadr/
 # Type                    : Application
 # ApplicationId           : XXXXXXXX-XXXX-XXXX-XXXX-b1aa47a95554
 # AvailableToOtherTenants : False
 # AppPermissions          :
 # ReplyUrls               : {}
 #

 New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId

 # DisplayName                    Type                           ObjectId
 # -----------                    ----                           --------
 # KeyVault Reader - Cert         ServicePrincipal               XXXXXXXX-XXXX-XXXX-XXXX-11b962b59eef

 ####
 # Grant Service Principal Read-Only on Secrets in our KeyVault
 ####

 Set-AzureRmKeyVaultAccessPolicy -VaultName 'mytestvault' -ResourceGroupName 'your-awesome-rg' `
                                -ServicePrincipalName $adapp.ApplicationId.Guid `
                                -PermissionsToSecrets get

 ##
 # Print Out the Service Principal's App ID (GUID) to use later in our Function setup.
 ##
 $adapp.ApplicationId
	##
	# Create new Service Principal with Cert configured
	##

	Login-AzureRmAccount -SubscriptionId XXXXXXXX-XXXX-XXXX-XXXX-86b9ebca2d13

	# $credValue comes from the previous script and contains the X509 cert we wish to use.
	# $validFrom comes from the previous script and is the validity start date for the cert.
	# $validTo comes from the previous script and is the validity end data for the cert.

	$adapp = New-AzureRmADApplication -DisplayName "KeyVault Reader - Cert" -HomePage "https://keyvaultreadr/" `
	-IdentifierUris "https://keyvaultreadr/" -CertValue $credValue `
	-StartDate $validFrom -EndDate $validTo
	#
	# DisplayName : KeyVault Reader - Cert
	# ObjectId : XXXXXXXX-XXXX-XXXX-XXXX-1029a4c5be13
	# IdentifierUris : {https://keyvaultreadr/}
	# HomePage : https://keyvaultreadr/
	# Type : Application
	# ApplicationId : XXXXXXXX-XXXX-XXXX-XXXX-b1aa47a95554
	# AvailableToOtherTenants : False
	# AppPermissions :
	# ReplyUrls : {}
	#

	New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId

	# DisplayName Type ObjectId
	# ----------- ---- --------
	# KeyVault Reader - Cert ServicePrincipal XXXXXXXX-XXXX-XXXX-XXXX-11b962b59eef

	####
	# Grant Service Principal Read-Only on Secrets in our KeyVault
	####

	Set-AzureRmKeyVaultAccessPolicy -VaultName 'mytestvault' -ResourceGroupName 'your-awesome-rg' `
	-ServicePrincipalName $adapp.ApplicationId.Guid `
	-PermissionsToSecrets get

	##
	# Print Out the Service Principal's App ID (GUID) to use later in our Function setup.
	##
	$adapp.ApplicationId