![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 7.000000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,106 questions
Hello @Rajesh Ambakkat
Here is an approach of how to automate the rotation of a secret:
- Thirty days before the expiration date of a secret, Key Vault publishes the near expiry event to Event Grid.
- Event Grid checks the event subscriptions and uses HTTP POST to call the function app endpoint that's subscribed to the event.
- An Azure Function is used with managed identity to rotate service principal keys.
- An Azure Function adds the new regenerated key to Azure Key Vault as the new version of the secret.
https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azure-cli
If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.
