Update Service principle key to Azure Service Connections

Updating Service connection Keys for Automatic Service principle keys can be a real challenging task, as we all know we cant set more than 2yrs for a service principle key expiry. Now since we have managed identity support for most of the services so our best bet will be going with managed identity.

But what if you have 100s or pipelines and an ARM service connection created on automatic mode and the secret gets expired.

Get a new secret for the Azure Service Principal you can create a new secret and just edit description for the service connection it will try to fetch the new secret.

What if this doesn’t work ? We got you covered, it’s just a little tricky

Option 2 ( Going with REST API )

• Generate a PAT token for yourself to be able to call the APIs via POSTMAN or some other tool capable of sending HTTP requests
• Get the ID of the service connection utilizing the Get Endpoint API
• Set the new password using the Update Endpoint API (There’s also the Update Endpoints API that takes in an array in a single call)

First we will get the JSON for the Service connection : Send a Get request with POSTMAN and set Authorization to Basic Auth and put PAT in Password and leave Username blank.

https://dev.azure.com/<Organization>/<Project>/_apis/serviceendpoint/endpoints?endpointNames=<endpoint name>&api-version=6.0-preview.4

{
    "count": 1,
    "value": [
        {
            "data": {
                "subscriptionId": "#################################",
                "subscriptionName": "#####",
                "environment": "AzureCloud",
                "scopeLevel": "Subscription",
                "creationMode": "Automatic",
                "azureSpnRoleAssignmentId": "###################",
                "azureSpnPermissions": "[{\"roleAssignmentId\":\"##############\",\"resourceProvider\":\"Microsoft.RoleAssignment\",\"provisioned\":true}]",
                "spnObjectId": "###################",
                "appObjectId": "####################"
            },

Once you get the response copy the response – > Duplicate postman tab -> Change method to PUT -> Click on Body and Change to raw JSON -> Paste and Remove following from top

{
    "count": 1,
    "value": [
        {

and bottom :

    ]
}

Update following in the Body :

"authenticationType": "spnKey",

# Add your service principle key after above line 
"serviceprincipalkey": "#####################"

Remove anything related to spn in data Like :

"spnObjectId": "########",

Change the URL to

https://dev.azure.com/<Organization>/<Project>/_apis/serviceendpoint/endpoints/<endpoint ID>?api-version=6.0-preview.4

Endpoint ID you will find in the URL when you open your Azure DevOps service connection on portal.

Send the request and Voila, you service principle is working again 🙂