Confused about DocumentDB access keys

Question

Confused about DocumentDB access keys

In the Azure Portal, under DocumentDB, I see two access keys i.e. primary and secondary.

Who should I use the DocumentDB call from my application, or should I create a new user account?

+3

azure azure-cosmosdb azureportal

Sam 03 nov. 14 at 18:11

source to share

1 answer

Andrew Liu · Accepted Answer · 2014-11-03T19:32:42+0000

You can use any key to call DocumentDB from your application.

A custom function is typically used to grant permissions to specific resources (collections, documents, etc.) - which can be useful in multi-tenant scenarios.

So why does DocumentDB have two access keys? Its to change the key of the key. If you want to change the key (which is probably the best practice to do every once in a while if it leaked in some way), you will have some downtime if there is only one key available (time spent changing the key and updating the config application to reflect this). With two keys, you can first update your config file to use the extra key, then restore the primary key and update your apps' config to use that - no downtime!

Confused about DocumentDB access keys

More articles: