Need a long-lasting client secret for a non-production app? Here are two ways to create a secret that mimics no expiry β ideal for automation, CI/CD, or UAT setups.
β Option 1: Azure CLI
Use this for a quick and easy credential reset:
az ad app credential reset --id ********-****-****-****-************ --years 299 --append --display-name uat-automation-secret-longterm--years 299: Secret valid for ~299 years--append: Keeps existing secrets--display-name: Helps identify the secret
π Option 2: Microsoft Graph API (addPassword)
You can also use Microsoft Graphβs addPassword endpoint for full control.
POST Request
POST https://graph.microsoft.com/v1.0/applications/{app-id}/addPassword
Authorization: Bearer <token>
Content-Type: application/jsonRequest Body
{
"passwordCredential": {
"displayName": "uat-automation-secret-longterm",
"endDateTime": "2324-07-17T23:59:59Z"
}
}Tip: endDateTime is in UTC format. Set a far future date (e.g., 299 years ahead) to mimic “no expiry”.
β οΈ Security Reminder
- Use only in non-production scenarios
- Store secrets in Key Vault, not in code
- Prefer Managed Identity or Federated Credentials for production
Both methods are effective β choose the one that fits your environment or automation strategy.
Techy Chalkboard in bits and pieces 