Managing client secrets in Azure App Registrations can be a bit tricky, especially when it comes to extending their expiration without changing the secret value. In this blog post, we’ll walk through the steps to achieve this using PowerShell.
Why Extend Client Secrets?
Client secrets are essential for authenticating applications in Azure. However, they come with an expiration date, typically set to a maximum of one years
When a client secret expires, it can disrupt your application’s functionality. Extending the client secret without changing its value ensures continuity and avoids the hassle of updating the secret in all dependent applications.
Prerequisites
Before we begin, ensure you have the following:
- Azure PowerShell module installed
- Appropriate permissions to manage app registrations in your Azure AD tenant
Steps to Extend Client Secret
Open PowerShell: Launch PowerShell with administrative privileges or connect to PowerShell from right top protal.azure.com
Run below script:
Connect-AzureAD
$startDate = Get-Date
$endDate = $startDate.AddYears(1)
$aadAppsecret = New-AzureADApplicationPasswordCredential -ObjectId <<your_app_objectid>> -value <<secret_you_want_to_set>> -StartDate $startDate -EndDate $endDate -CustomKeyIdentifier <<any_name_to_set>>Verification
After running the script, verify that the client secret has been updated with the new expiration date:
- Go to the Azure portal.
- Navigate to Azure Active Directory > App registrations.
- Select your app and check the client secrets section to confirm the new expiration date.
Conclusion
By following these steps, you can extend the client secret for your Azure app registration without changing its value. This approach helps maintain application continuity and reduces the need for frequent updates.