AZFD0007: Repository has more than 10 nondecryptable secrets backups
This error occurs when you reach the maximum number of backups of the secrets repository file that maintains your function app access keys. At this point, your function app can't start until after you delete one or more of these repository file backups.
| Value | |
|---|---|
| Event ID | AZFD0007 |
| Severity | Error |
Event description
Azure Functions uses an encrypted repository file (host.json) to securely store access keys used by your function app. Whenever the Functions host is unable to decrypt this repository file, it and regenerates the repository file and creates a backup of the unreadable file with a name like host.snapshot.<DATE>.json.
Some reasons for the repository to be regenerated can include:
- Changes to the main decryption key used by the function app
- Recreating a function app with the same name using the same storage account
- Host ID collisions
- Using lifecycle management policies
When 10 unreadable secrets repository backup files exist, the secrets repository can't be regenerated and your function app might not start or run correctly.
How to resolve the event
The repository backup files are stored in the storage account set in the AzureWebJobsStorage application setting. They can be found in a container named azure-webjobs-secrets in a subfolder with the same name as your function app.
To resolve this error, delete one or more of the repository backups (host.snapshot.<DATE>.json) from the azure-webjobs-secrets\<FUNCTION_APP_NAME> container in the storage account used by your function app.
When to suppress the event
This event shouldn't be suppressed.