key Vault Secret Rotation

Question

How to rotate key vault secrets? This secrets are getting used in authentication from Azure to Jenkins for delpyment using pipelines?
Any other solutions apart from the below mentioned link:

https://techcommunity.microsoft.com/t5/integrations-on-azure-blog/automate-secret-rotation-in-key-vault/ba-p/3275149

I did get the above link but wanted to have other option as well without the use of an event grid or maybe through an automation account?

Answer 1

Hi @Jyoti Kothiyal (EXTERNAL) ,

Thanks for your post and sorry for the delayed response! The recommended approach is to use an Event Grid as it integrates automatically and allows for user notifications, and the current official examples use Event Grids. Is there any reason why you do not want to use one for your scenario? If so, I can take this request to the product/content team and see if there are better official guidelines we can provide without the use of an Event Grid.

There are, however, some examples in blogs online for automatically rotating the key vault keys and secrets through an automation account. For example, this script on Reddit uses an automation account, runs every six months, and re-creates the key with the expiry. There are also some examples for using Azure Logic Apps to send email requests to rotate the keys based on HTTP triggers.

Let me know if this is what you are looking for and if you have further questions.

For additional automatic secret rotation tutorials, see:
Support for Azure Keyvault key rotation and rotation policy
How to Configure Key Rotation
Manage credentials
Official, more recent tutorial using an Event Grid
Tutorial rotation using one set of authentication credentials

-

If the information helped you, please Accept the answer. This will help us and other community members as well.