Skip to content

feat: add workflow that rotates client secrets in azure automatically #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
barkerl wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: add workflow that rotates client secrets in azure automatically #87

barkerl wants to merge 5 commits into from
+158 −0

Conversation

@barkerl
Copy link
Contributor

@barkerl barkerl commented Sep 22, 2025

Description

Re-usable workflow that will rotate a cliend secret for an existing clientID in AWS.

Related issue: JIRA_TICKET_NUMBER

Before submitting (or marking as "ready for review")

  • Does the pull request title follow the conventional commit specification?
  • Have you performed a self-review of the code
  • Have you have added tests that prove the fix or feature is effective and working
  • Did you make sure to update any documentation relating to this change?

matthew2564
matthew2564 reviewed Oct 14, 2025
View reviewed changes
.github/workflows/Azure-token-rotation.yaml
Comment on lines +81 to +84
run: |
aws secretsmanager put-secret-value \
--secret-id "${{ inputs.aws-secret-id }}" \
--secret-string "{\"clientId\":\"$CLIENT_ID\",\"clientSecret\":\"$AZURE_NEW_SECRET\"}"
Copy link
Contributor

@matthew2564 matthew2564 Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow looks good to me, the only query I have is re this last bit.

Would it make sense that AZURE_NEW_SECRET is an output to this workflow instead of updating in place?

Currently, for example, the equivalent CVS secret has more detail that just clientId & clientSecret in the JSON, therefore this would overwrite those extra values.

The other option would be we retrieve the secret as is and merge the two objects together, which will update these keys but also retain the other contents?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthew2564 matthew2564 matthew2564 left review comments

@dhcrees dhcrees Awaiting requested review from dhcrees

@JoshCarter-ops JoshCarter-ops Awaiting requested review from JoshCarter-ops

@matbeales matbeales Awaiting requested review from matbeales

@cmarstondvsa cmarstondvsa Awaiting requested review from cmarstondvsa

@dineshkmuardvsa dineshkmuardvsa Awaiting requested review from dineshkmuardvsa

@Wi11Shell Wi11Shell Awaiting requested review from Wi11Shell

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@barkerl @matthew2564