[HOWTO] Renew Client Secret of Azure DevOps Service Connection

When creating a Azure DevOps service connection of type Azure Resource Manager that uses authentication method service principal (automatic), a service principal and a app registration get created in the corresponding Azure tenant. Furthermore a client secret gets added to the app registration for the service connection. Unfortunately the client secret expires after two years and there is currently no way to change the expiration of automatically created client secrets. However there is a pretty straight forward way to renew the client secret for such a service connection.

Prerequisites

• Current user has to be a member of the Azure AD built-in role Application Developer
• Current user has to be an owner of the service connections app registration in Azure
• Current user has to be a organization level administrator of the corresponding service connection
  • Open Project settings of the corresponding project in Azure DevOps
  • Navigate to Service connections
  • Click on the affected service connection
  • Click on the three dots right to the Edit button and select Security
  • Switch to Organization and add make sure your user is in role Administrator

For details concerning the reason for being a organization level administrator see here.

If all prerequisites are fulfilled, proceed as follows to renew the client secret:

1. Open Project settings of the corresponding project in Azure DevOps
2. Navigate to Service connections
3. Click on the affected service connection
4. Click Edit button
5. Click Verify in the Edit service connection wizard
6. After successful verification click Save