Using service principals is the great way to ensure that Dataverse connections in your Power Automate flows are not user-dependent and nothing is going to break when the original creator’s account gets disabled. These are good step-by-step instructions: How to setup a Common Data Service Application User (and why) (I’ll give Nick Doelman a separate Spießrutenlaufen later on for granting permissions nobody needs).
One of the steps is to create a secret and as of lately, the maximum expiration date can only be up to 2 years in the future. (And no, using custom is not going to help). But what if we want to last longer?
Yes, it’s a good idea to rotate your secrets. No, it’s not a good idea to do so until there are tools to automatically update all connections / connection references in your environment to use the new secret (managed identities / Azure Vaults, anyone?). I was indirectly told that Isaac Stephens figured it all out and it is indeed possible. Turns out, it’s not that complicated.
- Navigate to your app registration in Azure portal. (I trust you know how to do that as you presumably created that registration before, right?)
- Get your object id. (I knew it’ll come handy one day!)
- Open Azure CLI prompt and sign in. I like using in-place prompt.
- Enter this command to regenerate a secret that expires in 42 years.
az ad app credential reset --id 42937242-dead-beef-dead-42d833e1cb42 --years 42
- Don’t forget to copy the generated secret from the output – that will be displayed only once!
For additional syntax see az ad app credential | Microsoft Docs.