azureiotsymmetric-keyazure-iot-hub

Why Primary key and Secondary key in Azure IoT hub?


When creating a shared access policy or registering a device in Azure IoT hub, there will be a Primary key and Secondary key pair generated. And I noticed I can connect a device to IoT hub using either Primary key or Secondary key.

So, what's the purpose of having Primary/Secondary keys? How should I design the use of both keys?


Solution

  • The goal of primary and secondary key is two-fold. First of all it would allow you to keep using your service when you want to replace your key. Say you connect all your services using the primary and you want to refresh it. You could use the secondary temporarily in your services and then change your primary without having downtime. After you do the change you can configure your services to use the new Primary key.

    The second possibility would be that you give partners your secondary key and you use your primary if one of your partners would abuse the key you could replace it without having downtime in your own services.