I wanted to understand reasoning behind below recommendations, I myself have been tasked with recommending practices for handling expired secrets. I suspect some of the below might be related to caching, it would be of great help to understand the rational for the same.
- Why is it that we need to wait minimum of 7 days after expiration to remove the secrets? Especially when the new secrets are recommended to be created minimum 30 days before - this of course implies that the new secret is immediately updated in the respective configuration stores.
- If the secrets are already expired wouldn't it cause errors, irrespective of it not being present in ACS? So, does it really matter deleting expired secrets after its expiry.
We recommend to create new secrets a minimum of 30 days before they expire. This gives you a month of time before the old credentials expire.
We recommend to only remove secrets a minimum of 7 days after expiration, provided you have removed them from the application configuration.
Removing an expired secret from ACS before you remove it from the application configuration will cause errors.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
I wanted to understand reasoning behind below recommendations, I myself have been tasked with recommending practices for handling expired secrets. I suspect some of the below might be related to caching, it would be of great help to understand the rational for the same.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.