Skip to content

Creating Non-Expiring Secrets for Azure App Registrations

Published: at 19:01

One common requirement for Azure App Registrations during application development is the need for long-lived credentials. While Azure App Registration secrets typically have an expiration date, there’s a workaround to create non-expiring keys using the Azure CLI. However, this should only be a temporary solution, typically used until a more secure one is in place such as the use of certificates. For more information refer to the official announcement from Microsoft which explains why the non-expiring option was removed and describes alternatives.

The following command will create a secret lasting for 100 years for the given App Registration. Specify the Client Id, which you can find under Essentials in the Overview blade in the Azure Portal.

# optionally add --append to avoid overwriting existing secrets
az ad app credential reset --id $appClientId --display-name client-secret --years 100

Do not forget to copy the generated secret as it will not be visible again.

While this approach offers greater flexibility in managing secrets, it’s essential to adhere to security best practices and periodically review and rotate keys to mitigate potential risks, or use alternative methods such as certificates.

Read more about the az ad app credential command.