Azure Functions: We are not able to retrieve the runtime master key

Question

Azure Functions bug. I get the error in the portal

Error:

We are not able to retrieve the runtime master key. Please try again later.
Session Id: d13fceebd4ea4cb1b7fb3d3829dd1406

Timestamp: 2017-08-24T20:04:23.555Z

I've tried all of the suggestions here: https://blogs.msdn.microsoft.com/jpsanders/2017/05/09/function-app-error-we-are-not-able-to-retrieve-the-runtime-master-key/

I'm using the runtime version 1.0.10917 but I've tried ~1 and get the same result.

This seems to occur when I delete the function from the portal and then recreate it. It consistently happens after that for every function we have. The first time the function is created, it seems to work.

Answer 1

This is the exception you're hitting

System.Security.Cryptography.CryptographicException : The payload was invalid.
   at Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(Byte* pbCiphertext,UInt32 cbCiphertext,Byte* pbAdditionalAuthenticatedData,UInt32 cbAdditionalAuthenticatedData)
   at Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(ArraySegment`1 ciphertext,ArraySegment`1 additionalAuthenticatedData)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData,Boolean allowOperationsOnRevokedKeys,UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData,Boolean ignoreRevocationErrors,Boolean& requiresMigration,Boolean& wasRevoked)
   at Microsoft.Azure.WebJobs.Script.WebHost.DataProtectionKeyValueConverter.Unprotect(Key key) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\Security\DataProtectionKeyValueConverter.cs : 43
   at Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.ReadHostSecrets(HostSecrets hostSecrets) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\Security\SecretManager.cs : 383
   at async Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.GetHostSecretsAsync() at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\Security\SecretManager.cs : 83
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at async Microsoft.Azure.WebJobs.Script.WebHost.WebJobsSdkExtensionHookProvider.GetOrCreateExtensionKey(String extensionName) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\WebHooks\WebJobsSdkExtensionHookProvider.cs : 71
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.WebJobs.Script.WebHost.WebJobsSdkExtensionHookProvider.GetExtensionWebHookRoute(String extensionName) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\WebHooks\WebJobsSdkExtensionHookProvider.cs : 64
   at Microsoft.Azure.WebJobs.Extensions.EventGrid.EventGridExtensionConfig.Initialize(ExtensionConfigContext context)
   at Microsoft.Azure.WebJobs.Host.Executors.JobHostConfigurationExtensions.InvokeExtensionConfigProviders(ExtensionConfigContext context)
   at Microsoft.Azure.WebJobs.Host.Executors.JobHostConfigurationExtensions.CreateStaticServices(JobHostConfiguration config)
   at Microsoft.Azure.WebJobs.JobHost.PopulateStaticServices()
   at Microsoft.Azure.WebJobs.Script.Utility.CreateMetadataProvider(JobHost host) at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Utility.cs : 362
   at Microsoft.Azure.WebJobs.Script.ScriptHost.LoadCustomExtensions() at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Host\ScriptHost.cs : 670
   at Microsoft.Azure.WebJobs.Script.ScriptHost.Initialize() at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Host\ScriptHost.cs : 510
   at Microsoft.Azure.WebJobs.Script.ScriptHost.Create(IScriptHostEnvironment environment,IScriptEventManager eventManager,ScriptHostConfiguration scriptConfig,ScriptSettingsManager settingsManager) at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Host\ScriptHost.cs : 937

It's very hard for users to discover these errors for their app because the runtime doesn't log them anywhere the UX can query.

This issue is tracking the exception: https://github.com/Azure/azure-webjobs-sdk-script/issues/1832

We are still not entirely sure why this is happening. Did you republish your keys from another application by any chance? (edit: or delete and recreate the app with the same name) these keys are encrypted by a function app specific key, and won't work outside that context.

fix: copied from Fabio Cavalcante

can you delete (or rename) the host.json file in d:\home\data\Functions\secrets\ and retry? This will force the runtime to re-create those secrets for that environment. Keep in mind that this would also change your master and default keys.