I'm dealing with a frustrating issue where all my Azure DevOps pipelines suddenly stopped functioning. After some investigation, I found that several of the service principal secrets had expired. I regenerated these secrets and updated the service connection details accordingly. Despite this, the problem persists.
The error message I'm seeing includes a response indicating an invalid client, specifically mentioning: "The provided client secret keys for app '***' are expired." It's important to note that there haven't been any changes made to the repository code. Has anyone else encountered this issue or has suggestions on how to resolve it?
5 Answers
If you’re using agents, try rebooting them as well. Sometimes, that can kickstart things back into working order!
It looks like the main issue is right in your error message: the client secret keys for your app are expired. Client secrets can simply expire without any code changes, so renewing that secret and updating it wherever necessary is key. Don't forget to double-check that you've used the latest one everywhere!
Definitely consider moving over to workload identity federation. It's really user-friendly to set up and a lot more secure compared to traditional secrets.
I'd suggest switching from client secrets to workload identity credentials if that fits your setup. It's a more modern approach and can generally make things easier in the long run. However, without seeing your specific code or setup, it's hard to pinpoint everything that's going wrong.
Just a heads up, I managed to resolve my own issue! It turns out I was mistakenly updating the wrong service connection since there were two with similar names. Make sure you're updating the right one!
Good catch! Also, if you switch to workload identity, the service connection won’t expire, but keep in mind it usually only lasts for 60 minutes. So, if you have longer-running pipelines, that might be something to think about.