az login using service principal on Windows logs clear-text passwords in process auditing arguments

[bpickhardt]

Describe the bug

Using the "az login" command to use a service principal with the Azure CLI on a Windows system with auditing of process creation enabled with the setting "Include command line in process creation events" turned on results in event logs that contain the plain text password of the service principal. This results in exposure of the Azure client secret for the service principal to anyone with access to the event viewer and results in the client secret being ingested into the SIEM logs. Note that following best practices of the Azure CLI documentation, the plain text password was not provided at the command line and thus is not in the shell command history logs. The process creation audit logs observed appear to be something internal to Azure CLI.

Reference Links:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4688.

Related command

This command comes from https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli-service-principal?view=azure-cli-latest

$AzCred = Get-Credential -UserName
az login --service-principal --username $AzCred.UserName --password $AzCred.GetNetworkCredential().Password --tenant

Errors

There are 2 logged events when running the related command above both with event id 4688. Below is the Process Command Line including the passwords.

Event 1:
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd" login --service-principal --username --password --tenant "

Event 2:
"C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\..\python.exe" -IBm azure.cli login --service-principal --username --password --tenant

Issue script & Debug output

cli.knack.cli: Command arguments: ['login', '--service-principal', '--username', '', '--password', '', '--tenant', '', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x012F9578>, <function OutputProducer.on_global_arguments at 0x0164B0C8>, <function CLIQuery.on_global_arguments at 0x0166B2A8>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.012 2 8
cli.azure.cli.core: Total (1) 0.012 2 8
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x03381F78>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users<redacted username>.azure\commands\2025-09-05.08-59-45.login.7736.log'.
az_command_data_logger: command args: login --service-principal --username {} --password {} --tenant {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x033A3B68>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x033BC708>, <function register_cache_arguments..add_cache_arguments at 0x033CBA28>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x033CBA78>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x0164B118>, <function CLIQuery.handle_query_parameter at 0x0166B2F8>, <function register_ids_argument..parse_ids_arguments at 0x033CB988>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users<redacted username>.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/
msal.authority: openid_config("https://login.microsoftonline.com//v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com//discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com//v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com//kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
msal.application: Region to be used: None
cli.azure.cli.core.auth.msal_credentials: ServicePrincipalCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 440e3d88-d138-43df-9409-51b4a22f4165
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\\.azure\service_principal_entries.bin', encrypt=True
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/
msal.authority: openid_config("https://login.microsoftonline.com//v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com//discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com//v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com//oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com//kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
msal.application: Region to be used: None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token_info: scopes=('https://management.core.windows.net//.default',), options={}
cli.azure.cli.core.auth.msal_credentials: ServicePrincipalCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: bb7ef2bb-6d19-41da-84db-df9fd2922e0c
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions?api-version=2022-12-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '940555e5-8a60-11f0-9e6a-6045bded00f6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'login'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--service-principal --username --password --tenant --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.77.0 (MSI) azsdk-python-core/1.35.0 Python/3.13.7 (Windows-2019Server-10.0.17763-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions?api-version=2022-12-01 HTTP/1.1" 200 943
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '943'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-tenant-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '903955fa-2c46-4823-998c-1d6def4641d8'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '903955fa-2c46-4823-998c-1d6def4641d8'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'EASTUS2:20250905T135947Z:903955fa-2c46-4823-998c-1d6def4641d8'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: D2EEF9444BCF4546BE827B783F865CD7 Ref B: MNZ221060610047 Ref C: 2025-09-05T13:59:47Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 05 Sep 2025 13:59:47 GMT'
cli.azure.cli.core.sdk.policies: Response content:

Expected behavior

We would like it if our systems could continue to log the process arguments of newly created processes without having to worry about exposing secrets. Passwords should be passed in such a way where they are not provided via clear text as arguments.

Environment Summary

azure-cli 2.77.0

core 2.77.0
telemetry 1.1.0

Dependencies:
msal 1.34.0b1
azure-mgmt-resource 23.3.0

Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Config directory 'C:\Users<redacted username>.azure'
Extensions directory 'C:\Users<redacted username>.azure\cliextensions'

Python (Windows) 3.13.7 (tags/v3.13.7:bcee1c3, Aug 14 2025, 14:06:58) [MSC v.1944 32 bit (Intel)]

Additional context

For now we have mitigated this by removing the logging of process arguments on all systems with the Azure CLI installed. This solves the leak issue but reduces our visibility into what is being run on our systems which reduces our potential to detect if users are running malicious scripts or commands.

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

This issue is related to security. Please pay attention.

Powered by issue-sentinel

[jiasli]

I don't think following https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli-service-principal?view=azure-cli-latest to use Get-Credential will hide the secret from the audit logs. It only hides the secrets from the command line window.

For example, first run

$AzCred = Get-Credential -UserName 111     

and provide the tenant ID 72f988bf-86f1-41af-91ab-2d7cd011db47 as secret. Then call

az login --tenant $AzCred.GetNetworkCredential().Password

This will make Azure CLI block and wait for user input.

From the Task Manager, we can see the command line does include the tenant ID, which we input as a secret:

---

Same for the Linux command read.

First run

read -sp "Azure password: " AZ_PASS

and provide the tenant ID 72f988bf-86f1-41af-91ab-2d7cd011db47 as secret. Then call

set -vx

According to help set and https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html

-v  Print shell input lines as they are read.
-x  Print commands and their arguments as they are executed.

Then running a command with AZ_PASS will show the secret in the command line:

$ az login --tenant $AZ_PASS
az login --tenant $AZ_PASS
+ az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47

You can see the -x flag prints the +-prefixed line with the secret.

Press ctrl+Z to throw az login command into the background, then ps command will also show the secret:

$ ps -f
UID          PID    PPID  C STIME TTY          TIME CMD
user2        406     405  0 15:49 pts/0    00:00:00 -bash
user2        668     406  0 15:59 pts/0    00:00:00 bash /usr/bin/az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47
user2        671     668  0 15:59 pts/0    00:00:00 /usr/bin/../../opt/az/bin/python3 -Im azure.cli login --tenant 72f98
user2        700     406  0 16:00 pts/0    00:00:00 ps -f

[jiasli]

The only way to resolve this secret leak issue is to support environment variable authentication as tracked by #10241.