The --keyvault argument can be added to use a certificate in Azure Key Vault. Client secret: Must be a password. When you create an AKS cluster in the Azure portal or using the az aks create command from the Azure CLI, Azure can automatically generate a service principal. You can use an existing Azure AD service principal that meets the following requirements, or create a new one. To successfully complete the operation, your Azure account must have the proper rights to create a service principal. 1. Role: Contributor 3. Scope: Resource group 2. When you create an AKS cluster in the Azure portal or using the az aks create command from the Azure CLI, Azure can automatically generate a service principal. In this case, the --cert value is the name of the certificate.

az ad sp create-for-rbac --name ServicePrincipalName --cert CertName --keyvault VaultName. Azure CLI. az aks update-credentials -g MyResourceGroup -n MyManagedCluster --reset-service-principal --service-principal MyNewServicePrincipalID --client-secret MyNewServicePrincipalSecret Update an existing Azure Active Directory Kubernetes cluster with new server app secret key. az aks create --name myAKSCluster --resource-group myResourceGroup Manually create a service principal.

To manually create a service principal with the Azure CLI, use the az ad sp create-for-rbac command. Notice that the --assignee here is nothing but the service principal and you're going to need it. Currently, you can't use a service principal set up for certificate authentication. Notice that the --assignee here is nothing but the service principal and you're going to need it.