azure keyvault swap keyvault secrets

Frank Towns 26 Reputation points
2022-03-28T18:59:24.393+00:00

Is it possible to use a previous secret without having to create a new version every time?
Is there a way to change what the "CURRENT VERSION" of a secret is? (e.g. I have a CURRENT VERSION and 1 OLDER VERSION can we make those swap?)

Scenario:
App gets current version secret, but I need to revert to an older secret. Would like to disable current version and enable old secret to be current active and app pick up this secret.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,253 questions
0 comments No comments
{count} vote

Accepted answer
  1. Andriy Bilous 11,341 Reputation points MVP
    2022-03-28T20:37:12.6+00:00

    Hello @Frank Towns

    Unfortunately it is not possible to swap KeyVault CURRENT VERSION and OLDER VERSION.

    Here is a workaround. You can disable CURRENT VERSION secret and create new version of the existing OLDER VERSION secret. Secret with OLDER VERSION secret value will become CURRENT VERSION

    Also you can also implement KeyVault Secret rotation or use 2 separate KeyVaults without need to create a new version every time.
    https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azure-cli

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.