Regenerate All CosmosDB Keys Tuesday, Aug 31, 2021
1 minute read
Tags:
azure Hey, thanks for the interest in this post, but just letting you know
that it is over 3 years old, so the content in here may not be accurate.
A few days ago a vulnerability in CosmosDB was announced that allows attackers to access the access keys and thus get into a database.
While Microsoft has disabled the feature that was allowing for the vulnerability, it is strongly recommended that everyone regenerate their access keys . But if you’ve got multiple databases, this can be a slow process.
So, here’s handy script that will do it for you, using the Azure CLI:
1
2
3
4
5
info = $( az cosmosdb list --query "[].{ name: name, resourceGroup: resourceGroup }" -o tsv)
echo $info | xargs -L1 bash -c 'az cosmosdb keys regenerate --key-kind primary --name $0 -g $1'
echo $info | xargs -L1 bash -c 'az cosmosdb keys regenerate --key-kind primaryReadonly --name $0 -g $1'
echo $info | xargs -L1 bash -c 'az cosmosdb keys regenerate --key-kind secondary --name $0 -g $1'
echo $info | xargs -L1 bash -c 'az cosmosdb keys regenerate --key-kind secondaryReadonly --name $0 -g $1'
You’ll still need to get the keys and update your apps to use the new keys, but this will at least get them all cycled for you!
Published: 2024-02-23 01:46:46 +0000 UTC, Version:
91b088c