title | titleSuffix | description | author | manager | ms.service | ms.custom | ms.topic | ms.date | ms.author | |
---|---|---|---|---|---|---|---|---|---|---|
Rotate keys in Azure AI services |
Azure AI services |
Learn how to rotate API keys for better security, without interrupting service |
PatrickFarley |
nitinme |
azure-ai-services |
|
how-to |
01/20/2024 |
pafarley |
Each Azure AI services resource has two API keys to enable secret rotation. This is a security precaution that lets you regularly change the keys that can access your service, protecting the privacy of your resource if a key gets leaked.
You can rotate keys using the following procedure:
-
If you're using both keys in production, change your code so that only one key is in use. In this guide, assume it's key 1.
This is a necessary step because once a key is regenerated, the older version of that key stops working immediately. This would cause clients using the older key to get
401 access denied
errors. -
Once you have only key 1 in use, you can regenerate key 2. Go to your resource's page on the Azure portal, select the Keys and Endpoint tab, and select the Regenerate Key 2 button at the top of the page.
-
Next, update your code to use the newly generated key 2.
It helps to have logs or availability to check that users of the key have successfully swapped from using key 1 to key 2 before you proceed.
-
Now you can regenerate key 1 using the same process.
-
Finally, update your code to use the new key 1.