I am planning to use keyVault to manage Storage Account Keys.
My question is, when the keys get rotated, would the SAS token previously served by the keyVault get invalidated ?
For example, if I request a SAS for a blob with 30days validity but the key rotation period I set is 3 days, then effectively the validity of the SAS would be 3 days or 30 days ?
PS: I asked this query in the MS doc but did not get a reply for this. That is why I am asking you good people of SO.
My question is, when the keys get rotated, would the SAS token previously served by the keyVault get invalidated ?
By default, the answer is yes, the keyvault will get invalidated.
If the SAS token is about to expire, we should get sasToken again from keyvault and update it.
More information about keyvault and storage account, please refer to this link.
For example, if I request a SAS for a blob with 30days validity but the key rotation period I set is 3 days, then effectively the validity of the SAS would be 3 days or 30 days ?
As far as I know, if we follow official article, the answer is 3 days.
We can use keyvault to manage Azure storage account, update storage account key or get storage account key.
For example, we can use this command Update-AzureKeyVaultManagedStorageAccountKey to update storage account key.
