Hello @Choudhary, Roshankumar - Welcome to Microsoft Q&A and thanks for reaching out.
A client secret is a string value your app can use in place of a certificate to identity itself and sometimes called as application password.
Client secrets are considered less secure than certificate credentials. Application developers sometimes use client secrets during local app development because of their ease of use. However, you should use certificate credentials for any of your applications that are running in production.
- In the Azure portal, in App registrations, select your application.
- Select Certificates & secrets > Client secrets > New client secret.
- Add a description for your client secret.
- Select an expiration for the secret or specify a custom lifetime.
- Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months.
- Microsoft recommends that you set an expiration value of less than 12 months.
- Select Add.
- Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.
For application security recommendations, see Microsoft identity platform best practices and recommendations.
Also take a look at this doc for more reference: Add a client Secret
Hope this helps. and please feel free to reach out if you have any further questions.
------------------------------------------------------------------
If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community