Share via

azure app client secret expiry

Sushil Dangi 0 Reputation points
2025-11-10T19:05:20.83+00:00

We have created an app in azure entra and got client id, client secret. looks like there is an expiry for the client secret. is there any way to set that and it wont expire? or any notification kind do we get to knw it is goign to expire soon? becasue we are using this client secret in api calls and flow will break if we dont create and update our app with new one. Please suggest available option

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2025-11-10T19:06:08.6866667+00:00

    In Azure Entra, client secrets do have an expiry period, and you cannot set them to never expire. However, you can renew the client secret before it expires to ensure that your application continues to function without interruption. Notifications are provided in the Configuration Manager console starting in version 2006 to alert you when a client secret is about to expire or has already expired. This allows you to take action before the secret becomes invalid.

    To renew a client secret, you can follow these steps:

    1. Sign in to the Azure portal and navigate to the Microsoft Entra service.
    2. Select the application under App Registrations.
    3. Go to Certificates & Secrets and create a new client secret.
    4. Update your application with the new client secret value.

    Make sure to store the new secret securely, as it will only be displayed immediately after creation.

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

    1 person found this answer helpful.
  2. Rukmini 41,715 Reputation points Microsoft External Staff Moderator
    2025-11-13T11:12:14.09+00:00

    Hello Sushil Dangi,

    As of right now, Azure Entra ID does not automatically rotate client secrets. For security reasons, secrets always have an expiration date.

    • To completely avoid secret expiration, use Managed Identity or certificates.
    • Configure alerts for expiration using: Power Automate flow or Azure Logic App
    • Using a PowerShell script or Azure Automation Runbook to notify or automatically generate new secrets.
    • Secrets can be programmatically rotated and pushed to Azure Key Vault using the Microsoft Graph API.

    To request an ability rotate secrets from the platform itself, you can leave feedback in the feedback portal. I have shared this feedback as well with the product team. https://feedback.azure.com/

    If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.