Automating the Certificates or Client Secrets rotation with Key Vaults?

EnterpriseArchitect 4,846 Reputation points
2023-11-21T06:05:14.8533333+00:00

How can I perform the automated keyRotation for my Applications and Service Principals with the Azure Key Vault?

https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation#key-rotation-policy

Because in both Applications and Service Principals | manage Certificates & Secrets blade, I cannot find the settings or way to connect it with my Key Vault.

User's image

User's image

Any help would be greatly appreciated.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,139 questions
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
113 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,743 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,701 questions
Accepted answer
  1. Akshay-MSFT 16,201 Reputation points Microsoft Employee
    2023-11-21T13:09:41.7166667+00:00

    @EnterpriseArchitect

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to rotate "certificate & secret" for Entra ID App Registration.

    Please do correct me if this is not the case by responding in the comments section:

    Currently we don't have an option to import or rotate certificate from Azure Key Vault for an Entra ID registered application, however we could a credential from Key Vault.

    Using a Customer managed keys to encrypt data in your tenant using Azure Key Vault in another tenant. This could be done via a managed identity.

    User's image

    User's image

    User's image

    Once Setup, Now you could Navigate to your Keys in KeyVault and setup a rotation policy for the same:

    User's image

    Thanks,

    Akshay Kaushik

    Please do accept the answer and rate your experience if the above-mentioned suggestion works as per your business need

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest