Account Key Usage Metadata is a new security and observability feature that helps Azure Cosmos DB customers avoid service disruptions during key rotations. It provides visibility when each account key was last used, allowing teams to make informed decisions before rotating or migrating to Entra ID. 

This feature addresses a common challenge of rotating a key that appears unused but is still actively relied upon by critical applications—leading to unexpected outages.

How Does It Work? 

In the private preview, on your Azure Cosmos DB account, you can view the last usage timestamp for each key. This timestamp reflects the most recent operation that used the key. 

To identify which applications are using the key, you can enable diagnostic logging, which provides detailed telemetry including user agents and operation types. 

Why Is It Important? 

• Prevents outages or disruption to your applications: Avoids accidental rotation of actively used keys. 
• Improve security hygiene: Encourages safe and intentional key rotation. 

This is especially valuable for: 

• Disable local authentication: Provides confidence that keys are no longer in use before migrating to Entra ID. 
• Infrequently used keys: Monthly or yearly jobs that still depend on keys. 
• Shared keys across teams: Where visibility is often limited. 

How to Onboard and Use It 

• Private preview access: Customers interested in early access using sign up form or reach out to us on cosmosdb-sec-feature@microsoft.com 
• Usage visibility: Once enabled, usage data begins collecting from the activation date forward. 
• Diagnostic logging: Optional logging can be enabled to help identify which user agents are using the key. 

What’s Next? 

We’re working on enhancements that make key management smarter. Soon, you’ll be able to check whether a key is actively in use before you regenerate it or disable local authentication. This added insight helps you avoid disruptions and ensures a smooth, secure transition.

For more details on how to get started on Azure Cosmos account key usage metadata.

⭐Leave a review  

Tell us about your Azure Cosmos DB experience! Leave a review on PeerSpot and we’ll gift you $50. Get started here.  

☁️About Azure Cosmos DB  

Azure Cosmos DB is a fully managed and serverless NoSQL and vector database for modern app development, including AI applications. With its SLA-backed speed and availability as well as instant dynamic scalability, it is ideal for real-time NoSQL and MongoDB applications that require high performance and distributed computing over massive volumes of NoSQL and vector data.  

 To stay in the loop on Azure Cosmos DB updates, follow us on X, YouTube, and LinkedIn.