Home > Blockchain >  How to auto renew Service Principals secrets in Azure
How to auto renew Service Principals secrets in Azure

Time:08-10

I have an issue how to auto renew Service Principals secrets in Key Vault Azure?

CodePudding user response:

In short - you can't.

Azure KeyVault only provides the option to auto rotate keys. This feature enables end-to-end zero-touch key rotation for Azure services data encryption with customer-managed key (CMK) stored in Azure Key Vault. https://azure.microsoft.com/en-us/updates/automated-key-rotation-in-azure-key-vault-is-now-available/

What you are trying to achieve is different. Azure AD Service principals are managed by Azure AD. So, you need some sort of automation which generates a new secret there and updates it in keyvault.

A better way (if possible) would be managed identity. Managed Identities can be used like service principals but a fully managed and the secrets are managed behind the scenes for you.
https://azure.microsoft.com/en-us/updates/automated-key-rotation-in-azure-key-vault-is-now-available/

  • Related