Reputation: 41
Rotate Secrets using Azure Key VAult
I have a number of cosmos db deployed and would like to automatically manage the secrets and keys for the same. I am looking at KeyVault integration documents and found these :
Manage storage account using AKV: https://learn.microsoft.com/en-us/azure/key-vault/key-vault-overview-storage-keys-powershell#manage-storage-account-keys
Use Azure Automation for Key rotation : https://learn.microsoft.com/en-us/azure/key-vault/key-vault-key-rotation-log-monitoring#key-rotation-using-azure-automation
I would like to know if there is inbuilt support from Cosmos team for AKV integration to maintain secrets/keys ?
Upvotes: 2
Views: 2312
Answers (1)
Reputation: 8783
There is currently no support to directly rotate keys in Cosmos DB and update AKV. You will need to write and run a PowerShell or az cli script to do this.
Here are samples for regenerating keys for Cosmos. PS: https://learn.microsoft.com/en-us/azure/cosmos-db/manage-with-powershell#regenerate-keys
cli: https://learn.microsoft.com/en-us/azure/cosmos-db/manage-with-cli#regenerate-account-key
Hope this is helpful.
Upvotes: 2
Related Questions
- Key Rotation impacting secret value in Key Vault | Best practice on storing secret values
- How to update Key Vault secret value without changing secret identifier?
- Handling key rotation in azure function app which pulls latest secret version from key vault
- Managing the rotation of Azure storage account keys with Azure Function and Key Vault
- Azure Key Vault - How to update the secrets
- Azure Key Vault Secrets Query
- How to automate the process "rotation of keys in Azure Key Vault"
- How to handle key rotations in azure key vault
- Azure KeyVault key rotation
- Azure Key-vault Encryption