How to rotate access key for Azure SignalR Service

Each Azure SignalR Service instance has a pair of access keys called Primary and Secondary keys. They're used to authenticate SignalR clients when requests are made to the service. The keys are associated with the instance endpoint url. Keep your keys secure, and rotate them regularly. You're provided with two access keys, so you can maintain connections by using one key while regenerating the other.

Why rotate access keys?

For security reasons and compliance requirements, routinely rotate your access keys.

Regenerate access keys

  1. Go to the Azure portal, and sign in with your credentials.

  2. Find the Keys section in the Azure SignalR Service instance with the keys that you want to regenerate.

  3. Select Keys on the navigation menu.

  4. Select Regenerate Primary Key or Regenerate Secondary Key.

    A new key and corresponding connection string are created and displayed.

    Regenerate Keys

You also can regenerate keys by using the Azure CLI.

Update configurations with new connection strings

  1. Copy the newly generated connection string.

  2. Update all configurations to use the new connection string.

  3. Restart the application as needed.

Forced access key regeneration

Azure SignalR Service might enforce a mandatory access key regeneration under certain situations. The service notifies customers via email and portal notification. If you receive this communication or encounter service failure due to an access key, rotate the keys by following the instructions in this guide.

Next steps

Rotate your access keys regularly as a good security practice.

In this guide, you learned how to regenerate access keys. Continue to the next tutorials about authentication with OAuth or with Azure Functions.