Jun 032021

Occasionally you may be alerted to an existing Azure AD service principal whose client secret is scheduled to expire soon. From the Azure AD portal -> Application Registrations -> App -> Certificates & Secrets blade it is not possible to extend the expiration of an existing secret. You can only create a new one.

This can be a problem because the portal auto-generates the secret to be a random value. So you would have to go and update all your application code\configs to use this new secret value.

Luckily, with Azure PowerShell module you can both create a new secret with the same value as your existing one and set it’s expiration date manually preventing any unnecessary work to update application code\configs.

Example Script:

# Get service principal
$sp = Get-AzADServicePrincipal -DisplayName "MyTestApp"

# View current password Ids and expirations
Get-AzADSpCredential -ObjectId $sp.Id

#choose expiration date
$start = get-date
$end = $start.AddYears(150)

#Set same password as current password
$SecureStringPassword = ConvertTo-SecureString -String "c0[Ndh_@G/j8tB4aqbq66R]P*0MVwB.h" -AsPlainText -Force
New-AzADAppCredential -ApplicationId $sp.ApplicationId -StartDate $start -EndDate $end -Password $SecureStringPassword

# Verify new credential expiration
Get-AzADAppCredential -ApplicationId $sp.ApplicationId