I am using terraform to manage azure AD credentials as follows -
resource "time_rotating" "password_rotate" {
rotation_days = 60
}
resource "azuread_application_password" "password" {
application_object_id = azuread_application.application.object_id
end_date_relative = "2400h"
rotate_when_changed = {
rotation = time_rotating.password_rotate.id
}
}
When the rotation is triggered, it deletes the existing password and creates a new one. This behavior is undesirable for me because the deletion of the existing passwords causes the application to break. I want the old password to be still valid while the new secret is being deployed. Is there a way to achieve this?