See below for creating Azure Key Vault credentials with the Azure CLI.

To create Azure Key Vault credentials with the Azure CLI

1. Create a service principal. 
   az ad sp create-for-rbac --name "KeyVault-Discovery-Plugin"
2. Copy the following from the command output.
   • The clientId application identifier.
   • The clientSecret password.
   • The tenantId tenant identifier.
3. Grant Key Vault permissions. 
   az keyvault set-policy --name your-keyvault-name \

   --spn <clientId> \

   --certificate-permissions get list \

   --key-permissions get list \

   --secret-permissions get list