Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

Handle client secret rotation for certified connectors


What will be the best practice to implement client secret rotation for a certified custom connector that uses OAuth?

Will the connector needs to be updated (recertified) each time a client secret is rotated (for security reasons), how will this affect existing flows?


Best practice would be to rotate secret with a set timeline that aligns with your security requirement. If you decide 1 year rotation time, make sure a new client id and secret is created at least a month BEFORE the expiration. Submit a connector certification request with the same set of connector files even if there is no update. Once the new secrets are submitted it will be securely stored and securely deployed during the deployment. If the existing secrets aren't expired, the new ones are valid, and there is no other change in the connector, existing flows will not be impacted.

If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

Helpful resources

UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Kudoed Authors
Users online (2,057)