![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 48%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 77%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Hello Michael,
When you delete an access key (whether function-scoped or host-level) within the Azure Portal and receive a success notification, yet the key continues to be visible in the list, the issue may be typically driven by local browser caching or transient synchronization latency between the Azure Portal UI client and the Azure Resource Manager (ARM) backend provider.
As stated in the official Microsoft documentation regarding Work with access keys in Azure Functions:
"Keys are stored as part of your function app in Azure and are encrypted at rest. By default, keys are stored in a Blob storage container in the account provided by the AzureWebJobsStorage setting."
Because the portal client sometimes caches secret listings aggressively to reduce API call overhead, you can enforce deletion and verify backend states using the alternative methods below:
Method 1: Client-Side Cache Eviction
Before running alternative tools, rule out a pure browser UI glitch:
- Perform a hard refresh in your browser using Ctrl + F5 (or Cmd + Shift + R on macOS).
- Alternatively, open a new Incognito / Private Browsing window, log into the Azure Portal, and check the blade again.
Method 2: Delete Directly via the Azure CLI
Bypass the portal interface completely by executing a direct management plane instruction.
- For a Function-Scoped Key (Specific to one function):
az functionapp function keys delete \ --resource-group <YourResourceGroupName> \ --name <YourFunctionAppName> \ --function-name <YourFunctionName> \ --key-name <YourKeyName> - For a Host-Level Key (App Key applied app-wide):
az functionapp keys delete \ --resource-group <YourResourceGroupName> \ --name <YourFunctionAppName> \ --key-type functionKeys \ --key-name <YourKeyName>
Method 3: Verify the Secret in Underlying Blob Storage
If the key continues to persist or authorize incoming traffic, verify the actual state in your storage account:
- Navigate to the Azure Storage Account defined under your Function App's
AzureWebJobsStorageapplication setting. - Under Data storage, select Containers and open the
azure-webjobs-secretscontainer. - Locate the JSON configuration file representing your function app or target function to check if the entry has been fully purged from the underlying storage array.
If above steps does not help, please do let me know in Private messages.
References:
Note: This response is drafted with the help of AI systems.