Add azure app secret rotator blog

[seanyeh]

Proposed changes

Add blog post for azure app secret rotator. depends on #17781

Unreleased product version (optional)

Related issues (optional)

[claude]

Docs Review — automate-azure-app-secret-rotation-with-esc

Overall this is a clean, focused blog post. A few items to address before merging:

Issues

1. Missing social: block in frontmatter (line 1-14)
   The blog review checklist requires a social: block with twitter, linkedin, and bluesky keys for auto-posting to social media on merge.

2. Broken link: /docs/esc/integrations/rotated-secrets/azure-app-secret/ (line 69)
   This documentation page does not exist in the repo. The PR description notes a dependency on Add azure app secret rotator docs #17781 -- please ensure that PR is merged first, or merge them together. Otherwise this link will 404 on publish.

3. Broken link: /docs/esc/integrations/dynamic-login-credentials/azure-login/ (line 24)
   The actual file is at content/docs/esc/integrations/dynamic-login-credentials/azure-login.md (no trailing directory). Hugo may resolve this depending on config, but verify the URL /docs/esc/integrations/dynamic-login-credentials/azure-login/ actually works, or update to match the canonical URL.

4. Avoid "new" language for feature announcement (line 16)
   Per style guidelines, avoid describing features as "new." Consider changing "With Pulumi ESC's new azure-app-secret rotator" to "With Pulumi ESC's azure-app-secret rotator".

5. Weak closing / CTA (line 69)
   The "Learn more" section ends with just a link to docs. Consider adding a more specific CTA, such as a link to get started with Pulumi ESC or a blog/cta-button shortcode pointing to the relevant getting-started page.

6. First mention of "Pulumi ESC" should be hyperlinked (line 16)
   The first mention of Pulumi ESC in the intro paragraph should link to the ESC product page or docs (e.g., /docs/esc/ or /product/secrets-management/).

7. Prerequisites list uses * instead of - (lines 22-25)
   For consistency with Pulumi docs style (which follows Google style guide), use - for unordered lists instead of *.

Publishing Readiness Checklist

• <!--more--> break present after intro
• meta_image set and not the default placeholder
• meta_image uses current Pulumi logos
• Author profile exists with avatar (data/team/team/sean-yeh.toml)
• All links resolve -- /docs/esc/integrations/rotated-secrets/azure-app-secret/ does not exist yet (depends on Add azure app secret rotator docs #17781)
• Code examples correct with language specifiers (yaml)
• No animated GIFs used as meta_image
• Images have reasonable file sizes (feature: 104KB, meta: 250KB)
• Title under 60 chars (43 chars)
• social: block present with copy for twitter, linkedin, bluesky

---

Mention me (@claude) if you'd like additional reviews or help with fixes.

[pulumi-bot]

Your site preview for commit 0d20bd4 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18294-0d20bd46.s3-website.us-west-2.amazonaws.com.

[claude]

Docs Review — PR #18294

Issues

1. Missing social: block in frontmatter (index.md, line 1–14): Blog posts require a social: block with twitter, linkedin, and bluesky keys for auto-posting to social media on merge. This is missing from the frontmatter.

   schema_type: auto
   social:
       twitter: "Automate Azure app secret rotation with Pulumi ESC — never worry about expired credentials again."
       linkedin: "Automate Azure app secret rotation with Pulumi ESC — never worry about expired credentials again."
       bluesky: "Automate Azure app secret rotation with Pulumi ESC — never worry about expired credentials again."
   

2. Missing <!--more--> break (index.md): The <!--more--> tag is present at line 19, so this is fine. ✓ (Confirmed on re-read.)

3. Broken link: /docs/esc/integrations/rotated-secrets/azure-app-secret/ (index.md, line 69): No documentation page exists at this path. The azure-app-secret page does not exist under content/docs/esc/integrations/rotated-secrets/. The PR description mentions it depends on PR Add azure app secret rotator docs #17781 — confirm that PR adds this page, and that it merges first or simultaneously.

4. Broken link: /docs/esc/integrations/dynamic-login-credentials/azure-login/ (index.md, line 24): The actual file is at content/docs/esc/integrations/dynamic-login-credentials/azure-login.md (a leaf file, not a directory with _index.md). The URL with trailing slash (/azure-login/) may not resolve correctly — verify this renders as expected.

5. Missing author avatar: The author profile data/team/team/sean-yeh.toml exists but does not reference an avatar image. Blog author profiles should have an avatar for proper rendering.

6. Exclamation mark in body text (index.md, line 17): "so you never have to worry about expired credentials again!" — Consider removing the exclamation mark for a more professional tone.

7. "Learn more" section is thin (index.md, lines 67–69): The closing section has only one link. Consider adding a stronger CTA with a specific next step, e.g., linking to the rotation schedule docs or a getting-started guide for ESC. The current "check out the documentation" is somewhat generic.

8. No description frontmatter field (index.md): The frontmatter uses meta_desc but is missing a description field. Verify that the Hugo theme only requires meta_desc — some themes expect both.

Suggestions

• Confirm the dependent PR Add azure app secret rotator docs #17781 lands before or with this PR so the /docs/esc/integrations/rotated-secrets/azure-app-secret/ link doesn't 404.
• Add the social: block to frontmatter with platform-appropriate copy.
• Verify the azure-login link resolves correctly with the trailing slash.

Publishing readiness checklist

• <!--more--> break present after intro
• meta_image set and not the default placeholder
• meta_image uses current Pulumi logos — unable to verify image content in CI
• Author profile exists with name/title
• Author profile has avatar image — not found in profile
• All links resolve — 2 links point to pages that may not exist yet
• Code examples correct with language specifiers
• No animated GIFs used as meta_image
• Images have alt text — images are in frontmatter only (feature/meta), no inline images to check
• Title ≤60 chars (43 chars)
• social: block present — missing

---

Mention me (@claude) if you'd like additional reviews or automated fixes.

[pulumi-bot]

Your site preview for commit e654575 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18294-e6545759.s3-website.us-west-2.amazonaws.com.

[pulumi-bot]

Your site preview for commit c3cfb8d is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18294-c3cfb8df.s3-website.us-west-2.amazonaws.com.

[borisschlosser]

I would add more content about expiration dates and also explain this option in more detail so that users not only understand how but also when they can/should rotate their secrets

[borisschlosser]

Maybe we can add more content or an example about how Azure app registrations are used and when they have client secrets which need to be rotated.

[borisschlosser]

Added needs-design label to let @jeffmerrick double check the images

[pulumi-bot]

Your site preview for commit 193fddc is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18294-193fddcc.s3-website.us-west-2.amazonaws.com.

[pulumi-bot]

Your site preview for commit a660671 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18294-a660671c.s3-website.us-west-2.amazonaws.com.