Refreshing Storage Account Keys

Vivek Chauhan 0 Reputation points
2024-04-19T13:01:29.28+00:00

Your Training article says the following:

To refresh keys:

  • Change each trusted app to use the secondary key.
  • Refresh the primary key in the Azure portal. This will be the new secondary key value.

This is very confusing. When you refresh the primary key in the Azure portal, how and why it becomes the secondary key? In the next refresh, will this secondary key become the new primary key? And what happened to the earlier secondary key: has that become primary key now?

This needs much clarity?

This question is related to the following Learning Module

Azure Training
Azure Training
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Training: Instruction to develop new skills.
932 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 810 Reputation points
    2024-04-19T13:51:36.68+00:00

    I understand the confusion. The process of refreshing keys in Azure can indeed be a bit complex. Let me clarify:

    In Azure, each service (like Azure Storage, Azure Functions, etc.) has two keys: a primary key and a secondary key. These keys are used for authentication and are interchangeable. The idea behind having two keys is to ensure that your applications remain accessible during a key rotation.

    Now how the key rotation process typically works:

    1. Initial State: At the start, your applications are configured to use the primary key.
    2. Switch to Secondary Key: You update your applications to use the secondary key. This allows you to refresh the primary key without interrupting service.
    3. Refresh Primary Key: You refresh the primary key in the Azure portal. This generates a new key value. At this point, the old primary key is no longer valid.
    4. Primary Key Becomes Secondary: The refreshed primary key now effectively becomes a secondary key. This is because your applications are still using the original secondary key.
    5. Repeat for Secondary Key: If you want to refresh the secondary key as well, you would switch your applications back to using the new primary key, and then refresh the secondary key.

    So, to answer your question, when you refresh the primary key, it becomes the new secondary key in the sense that it’s now the backup key, not being used by your applications. The original secondary key is still the active key until you switch your applications back to using the new primary key and refresh the secondary key.

    I hope this clears up the confusion! If you have any more questions or need further clarification, feel free to ask, if the information is helpful, please Accept Answer so that it would be helpful to community members.

    0 comments