到期时自动更新服务主体客户端密码？

Question

I have a Service Principal for a Power Platform environment which will be used by a DevOps platform to make deployments to this environment.

The service principal requires me to set a client secret which will be referenced by my Service Connection in DevOps

You must set a client secret expiry date of up to 2 years and after that time, it won't work. So I would need to go into the Azure portal, update the client secret and then into DevOps and update the service connection.

Is there a way I can do this automatically?

Answer 1

You must set a client secret expiry date of up to 2 years and after that time, it won't work.

Actually, no need to do that, in azure portal, the maximum is 2 years, but you could use azure powershell to create a near-permanent secret, eg 100 years.

If you want to custom the secret value, use Az module, login with Connect-AzAccount , then use New-AzADAppCredential as below.

$SecureStringPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force
New-AzADAppCredential -ApplicationId <ApplicationId of the App Registration> -CustomKeyIdentifier "test" -Password $SecureStringPassword -EndDate (Get-Date).AddYears(100)

If you want to generate a secret value automatically, use AzureAD module, login with Connect-AzureAD , then use as New-AzureADApplicationPasswordCredential below.

New-AzureADApplicationPasswordCredential -ObjectId <ObjectId of the App Registration> -EndDate (Get-Date).AddYears(100)