About

How to re-generate Cosmos DB keys?

In light of the Chaos DB vulnerability that affects Cosmos DB on Microsoft Azure platform, Microsoft has suggested that we should re-generate the primary keys of the Cosmos DB. We can re-generate the Cosmos DB primary keys from Azure Power Shell or the Azure CLI (command line interface). Below, we look at both ways to re-generate the primary keys on the Azure platform for Cosmos DB.

How to re-generate primary key of Cosmos DB using Azure Power shell?

To generate primary key of a Cosmos DB on Microsoft Azure platform, please follow the instructions below:

Login to the Azure PowerShell and write the following commands:

$resourceGroupName = "myResourceGroup" # Resource Group must already exist
$accountName = "mycosmosaccount" # Must be all lower case
$keyKind = "primary" # Other key kinds: secondary, primaryReadOnly, secondaryReadOnly

New-AzCosmosDBAccountKey `
    -ResourceGroupName $resourceGroupName `
    -Name $accountName `
    -KeyKind $keyKind

You define variables for the resource group and account name. Specify the type of key, which in this case is primary. And then issue the New-AzCosmoc DBAccountKey command to run the re-generation process of the Azure Cosmos DB primary key.

For a ready reference, check out this link on Microsoft website –https://docs.microsoft.com/en-us/azure/cosmos-db/sql/manage-with-powershell

How to re-generate primary key of Cosmos DB using Azure CLI?

To re-generate the Cosmos DB primary key on Microsoft Azure, using the Azure Command line interface, please follow the command below:

az cosmosdb regenerate-key --key-kind primary --name MyCosmosDBDatabaseAccount --resource-group MyResourceGroup

You will need to provide:

  • Key-kind – primary
  • Cosmos DB name
  • Resource group name

For a ready reference, check out the instructions on the Microsoft site – https://docs.microsoft.com/en-us/cli/azure/cosmosdb

You will need to search for the command to re-generate primary key on the Cosmos DB on Microsoft Azure.