Client wanted the ability to rotate app registration secrets based on requirements around expiration time, where the secret is delivered and notifications are sent out.

I was able to create an Azure solution using python function app to utilize the Graph API to rotated secrets. The function app would then take that secret and place it into multiple vaults that they specified. Application would then send email out based on entering grace period/generated, about to expire, and being deleted.

Azure Functions

Private Endpoints

Key Vault

Storage accounts

Application Registration

Azure DevOps/Pipelines

Azure Communication Service/Email Communication Service

Python

Azure CLI

Bicep - Infrastructure as code

VsCode

Git