Automating the Certificates or Client Secrets rotation with Key Vaults?

EnterpriseArchitect 5,376 Reputation points
2023-11-21T06:05:14.8533333+00:00

How can I perform the automated keyRotation for my Applications and Service Principals with the Azure Key Vault?

https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation#key-rotation-policy

Because in both Applications and Service Principals | manage Certificates & Secrets blade, I cannot find the settings or way to connect it with my Key Vault.

User's image

User's image

Any help would be greatly appreciated.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,283 questions
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
138 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,001 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,689 questions
{count} votes

Accepted answer
  1. Akshay-MSFT 17,786 Reputation points Microsoft Employee
    2023-11-21T13:09:41.7166667+00:00

    @EnterpriseArchitect

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to rotate "certificate & secret" for Entra ID App Registration.

    Please do correct me if this is not the case by responding in the comments section:

    Currently we don't have an option to import or rotate certificate from Azure Key Vault for an Entra ID registered application, however we could a credential from Key Vault.

    Using a Customer managed keys to encrypt data in your tenant using Azure Key Vault in another tenant. This could be done via a managed identity.

    User's image

    User's image

    User's image

    Once Setup, Now you could Navigate to your Keys in KeyVault and setup a rotation policy for the same:

    User's image

    Thanks,

    Akshay Kaushik

    Please do accept the answer and rate your experience if the above-mentioned suggestion works as per your business need

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.