https://github.com/l480/check-entra-id-sp-expiration

🔑 Checks for expiring Entra ID service principal secrets
https://github.com/l480/check-entra-id-sp-expiration

azure azure-ad azuread entra-id entraid service-principal workload-identity-federation

Last synced: 7 months ago
JSON representation

🔑 Checks for expiring Entra ID service principal secrets

• Host: GitHub
• URL: https://github.com/l480/check-entra-id-sp-expiration
• Owner: L480
• License: apache-2.0
• Created: 2024-11-25T06:28:12.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2025-03-16T08:16:09.000Z (7 months ago)
• Last Synced: 2025-03-19T23:33:20.303Z (7 months ago)
• Topics: azure, azure-ad, azuread, entra-id, entraid, service-principal, workload-identity-federation
• Language: TypeScript
• Homepage:
• Size: 90.8 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# check-entra-id-sp-expiration

![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/L480/check-entra-id-sp-expiration/check-sp-expiration.yml?label=Secret%20Expiration%20Check)

Checks for expiring Entra ID service principal secrets.

The [GitHub Actions workflow](https://github.com/L480/check-entra-id-sp-expiration/actions/workflows/check-sp-expiration.yml) fails if secrets are found that are about to expire (by default within the next [60 days](.github/workflows/check-sp-expiration.yml#L34)).

## Setup

1. Create a new repository from this template.

2. Create an Entra ID service principal with `Application.Read.All` Graph API permissions.

3. Create Entra ID federated credentials for your service principal and use the "GitHub Actions deploying Azure resources" scenario.

4. Add `AZURE_CLIENT_ID` and `AZURE_TENANT_ID` as repository secrets.