[英]Automatically update Service Principal client secret on expiry?
I have a Service Principal for a Power Platform environment which will be used by a DevOps platform to make deployments to this environment.我有一个 Power Platform 环境的服务主体,DevOps 平台将使用它来部署到这个环境。
The service principal requires me to set a client secret which will be referenced by my Service Connection in DevOps服务主体要求我设置一个客户端密码,该密码将由我在 DevOps 中的服务连接引用
You must set a client secret expiry date of up to 2 years and after that time, it won't work.您必须设置最多 2 年的客户端机密到期日期,在此之后,它就不起作用了。 So I would need to go into the Azure portal, update the client secret and then into DevOps and update the service connection.所以我需要进入 Azure 门户,更新客户端机密,然后进入 DevOps 并更新服务连接。
Is there a way I can do this automatically?有没有办法可以自动执行此操作?
You must set a client secret expiry date of up to 2 years and after that time, it won't work.您必须设置最多 2 年的客户端机密到期日期,在此之后,它就不起作用了。
Actually, no need to do that, in azure portal, the maximum is 2 years, but you could use azure powershell to create a near-permanent secret, eg 100 years.其实没必要这样做,在azure portal中,最长是2年,但是你可以用azure powershell来创建一个近乎永久的秘密,比如100年。
If you want to custom the secret value, use Az
module, login with Connect-AzAccount
, then use New-AzADAppCredential
as below.如果要自定义密钥值,请使用Az
模块,使用Connect-AzAccount
登录,然后使用New-AzADAppCredential
,如下所示。
$SecureStringPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force
New-AzADAppCredential -ApplicationId <ApplicationId of the App Registration> -CustomKeyIdentifier "test" -Password $SecureStringPassword -EndDate (Get-Date).AddYears(100)
If you want to generate a secret value automatically, use AzureAD
module, login with Connect-AzureAD
, then use as New-AzureADApplicationPasswordCredential
below.如果要自动生成机密值,请使用AzureAD
模块,使用Connect-AzureAD
登录,然后使用下面的New-AzureADApplicationPasswordCredential
。
New-AzureADApplicationPasswordCredential -ObjectId <ObjectId of the App Registration> -EndDate (Get-Date).AddYears(100)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.