Skip navigation

SQL Data Warehouse: ALTER DATABASE SCOPED CREDENTIAL command for rotating storage keys

02 February 2018

The ALTER DATABASE SCOPED CREDENTIAL command is now supported for Azure SQL Data Warehouse. 

It’s a security best practice to use rotating keys with Azure Storage. SQL Data Warehouse uses storage account keys to define external data sources and enable users to load data from various storage accounts. When these credentials change, underlying objects that rely on this external data source definition have to be updated.

Users no longer have to drop and re-create objects that rely on external data sources when new keys are introduced. Rotating storage keys is now as simple as changing the credential secret by using ALTER DATABASE SCOPED CREDENTIAL.

Example:

The original key is created.

CREATE DATABASE SCOPED CREDENTIAL my_credential WITH IDENTITY = 'my_identity' [ , SECRET = 'key1' ]

Rotate key from key 1 to key 2.

ALTER DATABASE SCOPED CREDENTIAL my_credential WITH IDENTITY = 'my_identity' [ , SECRET = 'key2' ]

No other changes to underlying external data sources are needed.

Free account

Get $200 in Azure credit and 12 months of popular services – free

Start for free

Visual Studio

Subscribers get up to $1800 per year of Azure services

Activate now

Start-ups

Join Microsoft for Start-ups and get free Azure services

Learn more