In the first post of the series regarding secrets auto-rotation I mentioned AAD certificate as part of communication process between a client and Key Vault. Now it's time to touch this topic in more details.
You may need AAD application for different reasons, and Key Vault access is one of them (how it was in the case of the first post).
NOTE: If you have Azure connected VM you can reach Key Vault using MSI (managed service identity). There are many other use cases where you may need AAD application, and you can't leverage the power of MSI so this post will be useful anyway.
Certificate-based authentication with AAD application is not the only one option (you can use keys or user credentials), but this method indeed the most practical from my experience.
Summarizing above, the algorithm of ADD certificate auto-rotation is on the way!