Skip to content

[FEATURE REQ] Allow certificate rotation for Azure.Identity TokenCredentials #46373

New issue
New issue
Open
Open
[FEATURE REQ] Allow certificate rotation for Azure.Identity TokenCredentials#46373

Description

@johnthcall

johnthcall
openedon Sep 30, 2024

Library name

Azure.Identity

Please describe the feature.

TokenCredentials like ClientCertificateCredential only have constructors which accept a X509Certificate2, when the certificate rotates the only way to update it is to create a new credential and recreate all dependent clients. Azure.Identity should support rotation by exposing IX509Certificate2Provider constructors and X509Certificate2FromObjectProvider with a new method to update the certificate.

These changes would allow consumers to create a X509Certificate2FromObjectProvider with their certificate, create a ClientCertificateCredential with it and then create all their SDK Client. When the certificate rotates they just need to update the certificate in X509Certificate2FromObjectProvider and then all downstream clients continue to work.

I would be happy to pick up this change.

Tasks
Beta Give feedback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Azure.IdentityClientThis issue points to a problem in the data-plane of the library.customer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-requestThis issue requires a new behavior in the product in order be resolved.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK team

Type

No type

Projects

Azure Identity SDK Improvements

  • Status

    Not Started

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions