Back to homepage
Documentation

SecretExpiry Documentation

Short, clear, and practical: monitor Microsoft Entra app registrations, secrets, and certificates.

QuickstartView dashboard

Ready in minutes

Sign in via Magic Link or Microsoft, then connect your first tenant with admin consent.

Quick flow

The typical onboarding flow from a customer perspective.

  • Sign in with Magic Link or Microsoft.
  • Connect a tenant (optional domain) and grant admin consent.
  • The first sync starts automatically; data usually appears within minutes.
  • You receive an onboarding email with next steps.

Overview across all tenants

The dashboard shows connected tenants, sync status, and key hints about your plan and licenses.

What you see

A fast status check for all customer tenants.

  • Tenant cards with sync status (Success, Syncing, Error, Pending).
  • Last sync per tenant and inactive markers.
  • Warnings for payment status or exceeded license limits.

Tenant details and actions

Each tenant has a detail page with app registrations and all related secrets/certificates.

What's inside

Everything you need for the current tenant.

  • List of app registrations with secret/certificate type and expiry date.
  • Status badges and sync errors if something goes wrong.
  • Actions: "Sync now" or "Disconnect" (monitoring stops).

All secrets and certificates

A consolidated view across all tenants - perfect for prioritization.

Filters and views

Find critical items quickly.

  • Filter by tenant, status (expired, < 30 days, ok) and type.
  • Switch between list and grouped view.
  • Open the Entra Portal link or copy it.

Notifications

SecretExpiry sends email alerts as expirations get closer.

Settings

Configurable per account.

  • Thresholds in days before expiry (default: 90, 30, 14, 7, 1).
  • Optional notification email, otherwise your login email.
  • If there are many alerts: the 20 most urgent emails plus a summary.
  • If consent is revoked, you receive a connection-lost email.

Billing and licenses

You pay per tenant and choose monthly or annual billing.

Key points

Transparent control of your licenses.

  • Licenses define how many tenants are actively monitored.
  • If you exceed the limit, extra tenants are paused.
  • Subscription management runs through Stripe.
  • Active plans sync daily; inactive/free sync less often (weekly).

Security and privacy

The architecture is privacy-first - we only see metadata.

What we do (not) read

Secret values never leave your tenant.

  • Secret values are never read, transmitted, or stored.
  • We only read app names, IDs, and expiry dates via Microsoft Graph.
  • EU hosting (Frankfurt) plus TLS and AES-256 encryption.
  • Row-level security, CSP, and rate limiting protect your data.

API and integrations

There is no public API at the moment.

Integration status

Reach out to support if you need integrations or exports.

Frequently asked questions