Listing the passwords of an Application or Service Principal

[bloudraak]

What is the equivalent Go implementation of the PowerShell Get-AzureADApplicationPasswordCredential cmdlet?

I have a Go application that bootstraps and maintains applications and service principals for automation. It typically creates a "privileged" application and service principal, generates passwords, and stores them in Key Vault. This allows a CI/CD system to access "privileged" credentials when it needs to deploy while also allowing us to aggressively "rotate" those privileged passwords once a day.

Several conditions result in passwords and the key vault being out of sync, resulting in application failure. Using Go, I'm trying to "list" all the passwords previously registered for applications. I only need to know the name and when it expires. I can then correlate that with the secrets in Key Vault and take the appropriate action. One such action would be to "detect" a key manually created by an administrator and gracefully "refresh" it.

It may also be beneficial to know when was the last time a particular password was used so that dormant passwords can be aged out, especially for privileged applications.

[baywet]

I believe it'll be part of the password credentials part of the application response.
It seems that you can add or remove a password but not update an existing one as far as I can tell.