12

Am using Azuredevops & Azure cloud, my deployment got failed with this error AADSTS7000222: The provided client secret keys are expired. Am not sure where to check this , can someone help me on this?

Arun Kumar
  • 125
  • 1
  • 2
  • 6
  • your azure devops pipeline runs using a service principal. when you create the service principal, the dedault client_secret/password expired after a year. check the service principal you;re using and create/generate a new client_secret/password for this SP – Thomas Sep 18 '20 at 11:52
  • Could you elaborate your issue? Did you run a pipeline to deploy to Azure in DevOps? How was your pipeline like? When did you get this error? Please share detailed log. – Cece Dong - MSFT Sep 21 '20 at 02:04

3 Answers3

10

The error AADSTS7000222 occurs when you need to update an expired client secret for a service connection in Azure DevOps. The steps to do this are outlined in the Microsoft docs.

  1. Go to Project settings > Service connections, and then select the service connection you want to modify.

  2. Select Edit in the upper-right corner, and then make any change to your service connection. The easiest and recommended change is to add a description.

  3. Select Save to save the service connection. Don't try to verify the service connection at this step.

  4. Exit the service connection edit window, and then refresh the service connections page.

  5. Select Edit in the upper-right corner, and now select Verify.

  6. Select Save to save your service connection.

Craig Brown
  • 1,891
  • 1
  • 24
  • 25
  • I followed these steps, but in the Edit screen, there didn't seem to be a Verify option in Azure DevOps. Has it been removed since this answer was posted? – Bleak Morn Feb 06 '23 at 22:16
  • @BleakMorn I just checked this, the Verify button is still there. You should see it below the 'Resource group' dropdown, and above the 'Service connection name' field. – Craig Brown Feb 10 '23 at 18:49
  • Initially this did not work for me because I had started the job before updating the service connection, however after following these steps exactly and only then starting the job running, did they then work. I guess they are fed into the job at startup rather than being used on demand in the process. – user1867382 Mar 01 '23 at 19:39
5

Check the error code here:

https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes

AADSTS7000222: InvalidClientSecretExpiredKeysProvided - The provided client secret keys are expired. Visit the Azure portal to create new keys for your app, or consider using certificate credentials for added security: https://aka.ms/certCreds

Assuming you got the error from pipeline during deployment. Check the service connection you use and update the key or create a new service connection.

Cece Dong - MSFT
  • 29,631
  • 1
  • 24
  • 39
  • 2
    Thank you , it worked after deleting the old one in certificates&secrets in Azure portal and created new one. – Arun Kumar Sep 28 '20 at 10:59
  • I am facing the same problem, but the same code if I am running at my local machine, it is working fine without any error or warning but as I am running into Azure DevOps, it is giving AADSTS7000222 error. – Ashish-BeJovial Mar 16 '21 at 12:19
  • 3
    how can we find the service connection? – Rails Developer Aug 09 '21 at 09:16
  • @RailsDeveloper 's question seems especially relevant to me since the error `AADSTS7000222: The provided client secret keys for app '***' are expired.` doesn't seem to tell me which app is having the issue. Any idea how I can find out which app "***" is? – Bleak Morn Feb 06 '23 at 22:18
0

The key used for service connection is expired.Please refer the bellow mention link.

Azure App Service deploy Failed to get resource ID for resource type 'Microsoft.Web/Sites'

Nayeem
  • 26
  • 4