1

Hi I want to auto generate client secret for service principal before the current client secret expires automatically what would be the best approach for the same.

Stanley Gong
  • 11,522
  • 1
  • 8
  • 16
ashish
  • 273
  • 1
  • 5
  • 16

1 Answers1

0

You can use the Microsoft Graph API to do this, just try the request below:

Request URL:

POST https://graph.microsoft.com/v1.0/myorganization/applications/<app_object_id>/addPassword

Request Body

{
    "passwordCredential": {
        "displayName": "<secret name>",
        "endDateTime": "2023-04-20T08:49:57.334Z",
        "startDateTime": "2021-04-20T08:50:07.909Z"
    }
}

Result: enter image description here

enter image description here

Let me know if you have any more questions.

Stanley Gong
  • 11,522
  • 1
  • 8
  • 16
  • Actually i want it to be automated that is when it is about to expire it sutomatically creates a new secret. I saw somewhere with event grid and azure function we can but i am not sure how to do – ashish Apr 20 '21 at 09:19
  • @ashish Yes, you can use Azure function with time trigger to call graph API to see if there is any secret about to expire for example check it each 10 days. And if there is some secret about to expire(for example, expires after 10 days) you create a new one. You can find Azure functon time trigger guide here:https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-timer?tabs=csharp – Stanley Gong Apr 20 '21 at 09:39
  • @ashish if you are afraid of secret expiring ,you can just create a secret with a long vaild time, i,e 10 years (endDateTime - startDateTime) – Stanley Gong Apr 20 '21 at 09:41
  • @ashish,how's going? Do you have any more questions pls ? – Stanley Gong Apr 21 '21 at 01:52