← Back to overview
April 10, 2016 · Microsoft Azure azure-functions

Azure Functions - Rotate the secret of your HttpTrigger functions

When you create an HttpTrigger function in Azure Functions the URL for this function will look like this:


The code serves as a "secret" and is a static value which is generated when you create the function. Now if for some reason you need to rotate the secret the code for whatever reason there are 2 options to do so.

Manually navigate to the SCM site

The key is stored in a JSON file under the Function secrets:


You can use the online editor to modify the JSON file. Replace functionsad5bb49d with the name of your own Functions app.



The filesystem is also exposed through the Kudu API, which you an call by authenticating using your deployment credentials:

const request = require('request-promise');

const deploymentCredentialsUsername = 'myUsername';  
const deploymentCredentialsPassword = 'myPassword';

const newCode = 'someOtherCode';  
const functionApp = 'nameOfMyFunctionApp';  
const functionName = 'nameOfMyFunction';  
const functionAppUrl = `https://${functionApp}.scm.azurewebsites.net/api/vfs/data/functions/secrets/${functionName}.json`

    resolveWithFullResponse: true,
    url: functionAppUrl,
    auth: {
      username: deploymentCredentialsUsername,
      password: deploymentCredentialsPassword
  .then((res, body) => res.headers.etag)
  .then((etag) => request.put(
      url: functionAppUrl,
      auth: {
        username: deploymentCredentialsUsername,
        password: deploymentCredentialsPassword
      headers: {
        'if-match': etag
      json: {
        key: newCode
  .then(body => {
    console.log(`Code updated. You can now call:\n https://${functionApp}.azurewebsites.net/api/${functionName}?code=${newCode}`);
  .catch(err => console.error(err));

And that's it. After running this your extension will be accessible with the new secret.

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket
Comments powered by Disqus