You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the associated guidance on the azure docs page cautions about key rotation out of phase with orchestration wall clock run time.
so the solution still seeks the key rotation tweak
as the example stands today, seems to me writing a custom encryption service that had (probably sticky) knowledge of the old key and the new key would facilitate rotation scenarios. that's the rotate on-demand scenario, as orchestrations come alive.
the batch scenario is more domain specific, as it would have to be idempotent and batch update all the encrypted properties of all the entities in an application, with all the associated batch update trimmings like locking and update pausing etc.
in effect the batch scenario best starts to resemble a redeployment with the new key. all orchestrations with the old key gracefully expire and begin again with the new key in a new taskhub. this is not a solution that requires code changes, but documentation changes and i will make the appropriate applications on the feedback page
please advise
The text was updated successfully, but these errors were encountered:
thanks for this awesome bit of code
the associated guidance on the azure docs page cautions about key rotation out of phase with orchestration wall clock run time.
so the solution still seeks the key rotation tweak
as the example stands today, seems to me writing a custom encryption service that had (probably sticky) knowledge of the old key and the new key would facilitate rotation scenarios. that's the rotate on-demand scenario, as orchestrations come alive.
the batch scenario is more domain specific, as it would have to be idempotent and batch update all the encrypted properties of all the entities in an application, with all the associated batch update trimmings like locking and update pausing etc.
in effect the batch scenario best starts to resemble a redeployment with the new key. all orchestrations with the old key gracefully expire and begin again with the new key in a new taskhub. this is not a solution that requires code changes, but documentation changes and i will make the appropriate applications on the feedback page
please advise
The text was updated successfully, but these errors were encountered: