Description
Is your feature request related to a problem? Please describe.
I'm provisioning a Microsoft Teams app using teamsapp provision
with the generateClientSecret: true
option. The problem is that the generated client secret is in an encrypted format (crypto_xxxx
), which cannot be used with the Bot Framework SDK (e.g., with CloudAdapter
). This forces me to manually go into the Azure portal, find the corresponding AAD app registration, and create a new client secret just to make the bot work. This breaks the automation flow and is frustrating during both development and CI/CD setup.
Describe the solution you'd like
I’d like teamsapp provision
to either:
- Output the actual client secret (
V~...
) once at provisioning time so I can store it securely (e.g., in.env
), or - Provide a CLI command (e.g.,
teamsapp env decrypt
) to retrieve or decrypt the actual value from the generated secret for local development use.
Describe alternatives you've considered
I currently use the Azure portal to generate a new secret manually after provisioning, which is tedious and error-prone. I've also looked into using the Azure CLI (az ad app credential reset
) as a workaround, but it adds complexity and deviates from the intended teamsapp
workflow.
Additional context
This affects the ability to use teamsapp
as a fully automated provisioning tool in real-world bot-enabled Teams apps. Having to manually override secrets reduces confidence in reproducibility and complicates CI/CD.