-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathAzureADCheckSecretsToExpire.ps1
More file actions
40 lines (36 loc) · 1.25 KB
/
AzureADCheckSecretsToExpire.ps1
File metadata and controls
40 lines (36 loc) · 1.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Connect-AzureAD
$LimitExpirationDays = 31 #secret expiration date filter
#Retrieving the list of secrets that expires in the above days
$SecretsToExpire = Get-AzureADApplication -All:$true | ForEach-Object {
$app = $_
@(
Get-AzureADApplicationPasswordCredential -ObjectId $_.ObjectId
Get-AzureADApplicationKeyCredential -ObjectId $_.ObjectId
) | Where-Object {
$_.EndDate -lt (Get-Date).AddDays($LimitExpirationDays)
} | ForEach-Object {
$id = "Not set"
if($_.CustomKeyIdentifier) {
$id = [System.Text.Encoding]::UTF8.GetString($_.CustomKeyIdentifier)
}
[PSCustomObject] @{
App = $app.DisplayName
ObjectID = $app.ObjectId
AppId = $app.AppId
Type = $_.GetType().name
KeyIdentifier = $id
EndDate = $_.EndDate
}
}
}
#Gridview list
#$SecretsToExpire | Out-GridView
#Printing the list of secrets that are near to expire
if($SecretsToExpire.Count -EQ 0) {
Write-Output "No secrets found that will expire in this range"
}
else {
Write-Output "Secrets that will expire in this range:"
Write-Output $SecretsToExpire.Count
Write-Output $SecretsToExpire
}