Cannot able to rotate the FP-ACCESS-TOKEN-SECRET from proxy keyvault. Test 9.3 g(10) certification

[Kedar782]

I'm following the documentation https://github.com/microsoft/fhir-proxy/blob/v2.0/docs/ConfigureProxyONCg10.md For step 9.3,

I need to rotate the FP-ACCESS-TOKEN-SECRET from the key-vault of the proxy.

I don't see the rotate option for FP-ACCESS-TOKEN-SECRET in my FHIR Proxy's key vault.

Here are some screenshots:-

Any idea how can I rotate this secret? Inferno is asking to do the revocation prior to the execution of the test.

Thanks in advance!

[sordahl-ga]

You can use string to generate a random not easily guessed encryption string with sufficient length then use portal to access key vault and add a new version to the existing FP-ACCESS-TOKEN-SECRET secret. Then change the proxy app setting to point to the new version of the key

Then any previous access tokens issued with the old encryption secret will fail.... FYI This is the command used in the install script for the initial secret generation (linux/bash): openssl rand -hex 24 Feel free to use whatever generator or your own made up key, what ever you feel comfortable with from security perspective

[Kedar782]

@sordahl-ga This is my proxy function app. I don't see any key vault FP-ACCESS-TOKEN-SECRET version value here. So in my case, it only allows one version for the key vault FP-ACCESS-TOKEN-SECRET? So should I delete the previous version and then make the new one? Is this the right approach?

[Kedar782]

It worked. Thank you very much for this.

[vohuythao]

Thank you @sordahl-ga for your instruction