From 342716d953ad1c85d38923560f1169d58dcd62fd Mon Sep 17 00:00:00 2001
From: Akiyuki Yamada <65753033+akyamada-ms@users.noreply.github.com>
Date: Wed, 17 Jun 2026 17:01:12 +0900
Subject: [PATCH] Update azure-rm-endpoint.md with secret renewal info

Added note about renewing service principal secret when not expired.
---
 docs/pipelines/release/azure-rm-endpoint.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/pipelines/release/azure-rm-endpoint.md b/docs/pipelines/release/azure-rm-endpoint.md
index 18c71c75516..a2dc0c35fa9 100644
--- a/docs/pipelines/release/azure-rm-endpoint.md
+++ b/docs/pipelines/release/azure-rm-endpoint.md
@@ -198,6 +198,7 @@ The token for your service principal or secret is now renewed for three more mon
 
    > [!NOTE]
    > This operation is available even if the service principal's token hasn't expired.
+   > If **Rotate secret** isn't shown because the current secret hasn't expired, open the service connection, select **Edit**, and then select **Save** to renew the secret.
    > Make sure that the user performing the operation has proper permissions on the subscription and Microsoft Entra ID, because it updates the secret for the app registered for the service principal. For more information, see [Create an app registration with a secret](../library/azure-resource-manager-alternate-approaches.md#create-an-app-registration-with-a-secret-automatic) and [What happens when you create a Resource Manager service connection?](/azure/devops/pipelines/release/azure-rm-endpoint#what-happens-when-you-create-an-azure-resource-manager-service-connection)
 
 ## Failed to obtain the JWT by using the service principal client ID