login: Login fails when the service principal key starts with '-'

When the service principal secret starts with -, a known bug in the az cli is triggered, and the login action fails with:

Error: : argument --password/-p: expected one argument

The workaround is to use the -p=<the_secret> syntax instead of -p <the_secret>.

I see there’s actually already an open PR that would fix this.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 6
  • Comments: 21 (2 by maintainers)

Most upvoted comments


I was able to recreate this issue while going through an AKS learn module w/the github project mslearn-aks-deployment-pipeline-github-actions.

I ran into the issue in Unit 10 of the learn module when asked to create a secret.

az ad sp create-for-rbac --role Contributor --scopes /subscriptions/<SUBSCRIPTION-ID> --sdk-auth

After running the az cli, command, you should get a json payload similar to

  "clientId": "<guid/>",
  "clientSecret": "-x68Q~fJhoGVA35Vbo68K5m4TsLzoLR5kqzxido3",
  "subscriptionId": "<guid/>",
  "tenantId": "<guid/>",

If the “clientSecret” starts with a dash, then that service principal is an error condition. To work around the issue for the learn module, I deleted the service principal and created a new one. For you, Microsoft, you can try and recreate service principals until you get one with a “-” clientSecret.

To delete the service principal, you will need the id, to get the id, get the guid taht is the “clientId” and run the following command.

az ad sp list --filter "appId eq '<clientId/>'" -o table

You should get the “Id” as the 2nd column. Then you can delete the service principal and try again repeating the az ad sp create-for-rbac statement until you get a “bad” one.

az ad sp delete --id "<Id/>"

For those who need a work around, recreating a service principal and deleting the “bad” one might be the best alternative, with the az cli commands above can be helpful.

Reference links (note both are the same actual links, just different anchors/fragment) https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-list https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-delete

Is there any timeline for release? We ran into this issue today as well.

We’re planning the release. Thank you for your patience.

@BALAGA-GAYATRI the fix was merged, could you release it to Github Marketplace?

Sorry for the delayed response. We shall take a look and let you know about the changes. Thanks!