An Azure DevOps extension with Azure Pipelines tasks to manage Azure AD Applications keys by rotating them.
Azure AD Application Rotator
Rotate your Azure AD Application (App Registration) keys periodically to an Azure KeyVault.
What does it do
Let's say you have some Azure AD Applications for your business applications.
For in example letting users login into a web application with his or her AD account. You need an Azure AD application with a key to do that. Those keys can be rotated into an Azure KeyVault. In that way, you have more security in your business application. The business application can just retrieve the current key from the KeyVault.
Automated via Azure DevOps extension
Install the extension from the marketplace.
Create an Azure Resource Manager Service Connection in your Azure DevOps Team Project manually or let Azure DevOps create one for you.
In the Azure portal, navigate to App Registrations
Select the created app registration. If you can't find it, you probably don't have the right permissions. You can still find the app registration by changing the filter dropdown box to All apps.
Check the Owners of the selected app registration (application). If your not an owner, find an owner or a Global Administrator (you will need a Global Admin in the next steps).
Set the Required Permissions at least with the following Resource Access Windows Azure Active Directory (Microsoft.Azure.ActiveDirectory) with the application permission Read directory data. When you save this, this will result in the following array in the manifest: