Why there are two keys for Azure DocumentDB (primary and secondary)?

Question

The subject says it all...

Why there are two keys for Azure DocumentDB (primary and secondary)?

Answer 1

This is so that you can expire a key without having any system downtime. Say you want to replace your primary key. The procedure is

1. Configure your service to use the secondary key - if you use the service config you can do this without downtime.
2. Regenerate the primary key
3. (Optional) reconfigure your service to use the new primary key

If there was only one key at a time, your service would be down while you did the key replacement.

Good practise is to replace your keys on a regular basis (e.g every 6 months or whatever is appropriate based on the sensitivity of your data). You should also replace keys when anyone who has access to the keys leaves your business or team. Finally, you should obviously replace them if you think they have been compromised in some way. E.g. accidentally written to a log or posted to a public GitHub repo - it happens...

https://securosis.com/blog/my-500-cloud-security-screwup

Both the primary and secondary keys can be regenerated in the Azure portal (note: at the time of writing this is the preview portal). Select your DocumentDB then the Keys pane. There are two buttons at the top of the pane: