Skip to content

Generated client secret from teamsapp provision is unusable by Bot Framework SDK #14188

Open
@yhaskell

Description

@yhaskell

Is your feature request related to a problem? Please describe.

I'm provisioning a Microsoft Teams app using teamsapp provision with the generateClientSecret: true option. The problem is that the generated client secret is in an encrypted format (crypto_xxxx), which cannot be used with the Bot Framework SDK (e.g., with CloudAdapter). This forces me to manually go into the Azure portal, find the corresponding AAD app registration, and create a new client secret just to make the bot work. This breaks the automation flow and is frustrating during both development and CI/CD setup.

Describe the solution you'd like

I’d like teamsapp provision to either:

  • Output the actual client secret (V~...) once at provisioning time so I can store it securely (e.g., in .env), or
  • Provide a CLI command (e.g., teamsapp env decrypt) to retrieve or decrypt the actual value from the generated secret for local development use.

Describe alternatives you've considered
I currently use the Azure portal to generate a new secret manually after provisioning, which is tedious and error-prone. I've also looked into using the Azure CLI (az ad app credential reset) as a workaround, but it adds complexity and deviates from the intended teamsapp workflow.

Additional context
This affects the ability to use teamsapp as a fully automated provisioning tool in real-world bot-enabled Teams apps. Having to manually override secrets reduces confidence in reproducibility and complicates CI/CD.

Metadata

Metadata

Labels

TA:E2ETeam Area: E2Efeature-requestThe issue is a feature request

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions