Key Vault stored Token Rotation capability

Ashwini Jadhav 0 Reputation points Microsoft Employee
2025-01-02T16:53:34.71+00:00

Hi Team, There is a SFI requirement to disable the storage SAS key completely from storage account. However, we are now generating SAS token using delegation user key signing method via static website host alternative to store it into kv as a secret. Now, as this SAS token has limited 7 days of expiry time period, there is need to check kv capability towards rotation of stored SAS token. Can you guys confirm on whether KV has such functionality from azure side to rotate/refresh stored SAS token ? Thanks

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,350 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akhilesh Vallamkonda 10,955 Reputation points Microsoft Vendor
    2025-01-06T19:34:44.8033333+00:00

    Hi @Ashwini Jadhav

    Thank you for reaching us!

    I understand that you would like to know the functionality key vault, which has rotate/refresh stored SAS token.
    Key Vaults allow you to store and manage several types of objects like secrets, certificates and storage account keys.
    You can configure automated key rotation in Key Vault allows users to automatically generate a new key version at a specified frequency.
    For more please read About keys and Configure cryptographic key auto-rotation in Azure Key Vault.
    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh V.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.