Renew an Azure DevOps Service Connection’s expired secret

We ran into an issue this morning where we needed to renew our Azure DevOps Service Connection’s expired secret but there is no officially supported way to do this. The error was AADSTS7000215 - invalid clientid or secret. Thankfully, it’s not that difficult to solve.

Fake a change

  1. Open your project in ADO ([GROUP]/[PROJECT])
  2. At the bottom-left, choose Project settings
  3. In the Pipelines section, choose Service connections
  4. Select the service connection you’re having issues with
  5. If you click the Edit Service Principal link, you should see a red warning at the top of the page stating that one or more secrets for this service principal have expired; you can verify this by clicking the Certificates and secrets link on the blade and seeing that the single secret expired in the past
  6. Close this tab
  7. Click the Edit button
  8. You’ll notice there is no visible way to actually refresh the secret, however if you first click Verify (which should fail), make a simple change to the Description (add an extra space, for example; anything to make it different than it was)
  9. Now click Save
  10. Now if you re-open the Edit Service Principal link, you should no longer see the warning about expired secrets, and if you go to the Certificates and secrets link on the blade, there should be exactly one secret and should be valid for 2 years from today’s date

Now, if you ever need to renew an Azure DevOps Service Connection’s expired secret, hopefully you can avoid wasting precious time by trying to figure out how to do it manually and just trick the system into doing it for you.

Microsoft Ignite 2019 Sessions: Were you there?

Microsoft has posted all of the content from their Microsoft Ignite 2019 Sessions, including videos, slides, demos, and other content! You can access them by visiting

I strongly recommend the OPS[10|20|30|40] track if you are at all interested in streamlining your organization’s operations. All 5 presenters (David Blank-Edeman: OPS10, Jason Hand: OPS20, Jeremiah Dooley: OPS30, and Neil Peterson: OPS40) were all super knowledgable and were great to chat to after the sessions too. Their sessions were not Azure-specific, but rather focused on operations in general. All 4 sessions were hugely beneficial to me and I hope they are for you too.

If you are in any kind of position that has any sway over the IT or IS arm of your company, you should definitely check out the Microsoft Ignite 2019 sessions content as I am confident there is something valuable in there for everyone.