18

When creating a shared access policy or registering a device in Azure IoT hub, there will be a Primary key and Secondary key pair generated. And I noticed I can connect a device to IoT hub using either Primary key or Secondary key.

So, what's the purpose of having Primary/Secondary keys? How should I design the use of both keys?

David Klempfner
  • 8,700
  • 20
  • 73
  • 153
Shuping
  • 5,388
  • 6
  • 43
  • 66

1 Answers1

34

The goal of primary and secondary key is two-fold. First of all it would allow you to keep using your service when you want to replace your key. Say you connect all your services using the primary and you want to refresh it. You could use the secondary temporarily in your services and then change your primary without having downtime. After you do the change you can configure your services to use the new Primary key.

The second possibility would be that you give partners your secondary key and you use your primary if one of your partners would abuse the key you could replace it without having downtime in your own services.

RoteS
  • 1,405
  • 13
  • 10
  • 1
    Hi @RoteS, Thanks for your information. If there are very limited clients (or devices), it will be OK to manually re-generated and re-deploy the keys in devices. However, if there are numerous devices, and I want set the policy to periodically update the keys on devices, any suggested solution to automatically renew the keys and deploy them in devices? – Shuping Jan 19 '16 at 02:57
  • 2
    I think it would be a lot better to use SAS tokens in this case. This seems to be a good starting point on securing your IOT story: http://robtiffany.com/getting-started-with-azure-iot-services-securing-event-hub-telemetry-with-sas-tokens/ The primary/secondary key is a better solution for websites using azure storage for example where you only have 1 or 2 applications using it and where you have better control. – RoteS Jan 19 '16 at 06:18
  • I wish they they add this description into their dashboard as a tooltip. Very informative, thank you! – Teoman shipahi Feb 02 '21 at 19:27