Sep 22 2020 06:25 AM
Sep 22 2020 06:25 AM
We ran into this issue recently, where the Azure DevOps pipeline Service Principal's secret expired without any indication that this date was nearing. I would have assumed that critical components such as this would give some alert a week or so in advance, in order to update them in a timely manner.
The update process was also terribly confusing, and obfuscated by the preview 'View' for Service Connections, which no longer allowed editing of the password. When we were alerted the passphrase expired, we were sent to a wizard to add a new password. However, this does not change the password it uses only passwords that are 'available', so the process did not fix anything.
I believe this process has some opportunity for improvement, pushing some of the management responsibilities back into Azure where they make the most sense. (tracking them uniquely from a particular user's calendar is not an ideal solution for an enterprise product.)
Sep 25 2020 02:24 PM - edited Sep 25 2020 02:25 PM
@Jonathan_Rudolph that's a good point, but there are alert for that matter (at least yet). Our Ops team created a shared calendar to track that sort of events (more about that here: https://www.quadrotech-it.com/blog/create-a-company-shared-calendar-in-office-365/) so we're tracking the SSL certificates and SPs expiration, and some other things. We plan the operations like this well in advance and had no issues with that so far.
Oct 04 2020 11:26 AM
@Jonathan_Rudolph Agreed, this would be very useful feature. The applicability extends to Application registrations in the Azure AD also.
Oct 08 2020 06:16 AM
I worked with a customer where we wrote an Azure Automation Runbook to check the expiration of Service Principals and Certificates weekly and would send an email two weeks before the expiration so the change request could be reviewed by the orgs change control board.
Apr 20 2021 08:03 AM
Jun 15 2021 01:16 AM - edited Jun 15 2021 01:24 AM
May you please help with the runbook script?
Jun 15 2021 01:48 AM
Jun 30 2021 12:59 PM
Sep 27 2021 03:58 AM
@Rajivmishra do you have any solution for this secrets notification alert