Rotate access keys for Azure SignalR Service

For security reasons and compliance requirements, it's important to routinely rotate your access keys. This article describes how to rotate access keys for Azure SignalR Service.

Each Azure SignalR Service instance has a primary and a secondary key. They're used to authenticate SignalR clients when requests are made to the service. The keys are associated with the instance endpoint URL. Keep your keys secure, and rotate them regularly. You're provided with two access keys so that you can maintain connections by using one key while regenerating the other.

Regenerate access keys

  1. Go to your SignalR instance in the Azure portal.
  2. Select Keys on the left side menu.
  3. Select Regenerate Primary Key or Regenerate Secondary Key.

A new key and corresponding connection string are created and displayed.

Screenshot of SignalR key rotation.

You also can regenerate keys by using the Azure CLI.

Update configurations with new connection strings

  1. Copy the newly generated connection string.
  2. Update all configurations to use the new connection string.
  3. Restart the application as needed.

Forced access key regeneration

The Azure SignalR Service can enforce a mandatory access key regeneration under certain situations. The service notifies customers of mandatory key regeneration via email and portal notification. If you receive this communication or encounter service failure due to an access key, rotate the keys by following the instructions in this guide.

Next steps