Rotating Service Principal Secrets Automatically in Azure Key Vault

If you are a developer for any large organization you will know that sometimes you need to integrate an innovative development project or third party software to Azure resources. You do some research, think about rolling your own IAM, cry about that idea and then finally you reach out to your friendly IT counterpart.

He immediately responds to your plea for direction with a simple answer: “You could use a Service Principal”. And you think, “Sure, that’s a simple enough solution”.
The benefits are clear:
1. You do not have to store and manage security of your credentials.
2. You do not need to stand up an IAM solution because your company already uses Azure Active Directory!
3. You can use the full suite of directory services to manage that service principals access and even allow for different access levels to your system.

After this injection of hope, you run off and implement an authentication solution using AAD as the provider! It works and you are able to secure those system calls! It is so exciting that you even spam every contact in your slack channels. Over the next 3 months more and more people start to use service principals to authenticate their apps. Your organization is teeming with secure machine-to-machine APIs which accelerates your business outcomes while making your boss reconsider that bonus he didn’t give you last year.