2.5 KiB
Azure Function App for Secret Expiry Notifications
This Azure Function App fetches Azure App Registrations, checks for expiring secrets, and sends email notifications to the owners.
Prerequisites
- Azure Subscription
- Azure CLI
- Python 3.11
- Azure DevOps account
- Self-hosted agent (optional)
Setup
Local Development
-
Clone the repository:
git clone https://github.com/OliPassey/AzAppRegistrationExpiry.git cd AzAppRegistrationExpiry -
Create local dev environment & Install dependencies: Make sure you have Python3.11 installed, then run:
python3.11 -m venv .venv source .venv/bin/activate pip install -r requirements.txt -
Configure environment variables: Create a local.settings.json file in the root of the function app directory with the following contents
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "",
"FUNCTIONS_WORKER_RUNTIME": "python",
"AZURE_CLIENT_ID": "",
"AZURE_CLIENT_SECRET": "",
"AZURE_TENANT_ID": "",
"SMTP_SERVER": "",
"SMTP_PORT": "",
"SMTP_USERNAME": "",
"SMTP_PASSWORD": "",
"FROM_EMAIL": "",
"FROM_NAME": "",
"TO_EMAIL": ""
}
} -
Run the function locally: Use the Azure Functions Core Tools to run the function:
func start
Usage
Once the function is running, it will run every week day morning at 9am and send an email with results. The TO_EMAIL should be the administrator email for EntraID or whoever looks after App Registrations. It will also CC: all App Owners as listed in the App Registration.
Deployment
- Create an Azure DevOps Project (Private)
- Create a Variable Group in Azure DevOps:
Go to Pipelines > Library.
Click on + Variable group.
Name your variable group (e.g., MyVariableGroup).
Add the following variables and mark sensitive variables as secrets:
AzureWebJobsStorage
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_TENANT_ID
SMTP_SERVER
SMTP_PORT
SMTP_USERNAME
SMTP_PASSWORD
FROM_EMAIL
FROM_NAME
TO_EMAIL
- Create a Pipeline from the Azure-pipeline.yaml file in the root of the repo
- Run the Pipeline:
Trigger the pipeline to deploy the infrastructure and the function app code.