🔥 3-day streak
Microsoft Azure Solutions Architect Expert121 / 187
Question 121 of 187

Contoso runs CI/CD pipelines in GitHub Actions that deploy resources to Azure. Currently the pipelines authenticate to Azure using a service principal with a client secret stored as a GitHub repository secret. The security team wants to eliminate the long-lived secret entirely, avoid any manual secret rotation, and still allow the pipeline to authenticate to Microsoft Entra ID. Which solution should you recommend?

Reviewed for accuracy · Report an issueNext question