Remove the Key/KeyType parameters from all Data Plane functions and only use Context #481
Labels
discussion
The issue is a discussion.
enhancement
The issue is an enhancement request.
on hold
The issue or pull request has been put on hold by a maintainer.
Comments
PlagueHO
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Allowing the
KeyandKeyTypeparameters to be passed to every data plane function directly (e.g., Get-CosmosDbCollection -Key ...) encourages users to use master keys for authentication rather than the more secure Entra ID authentication or resource authentication.Both resource and Entra ID authentication must be performed by creating a context with
New-CosmosDBContextand passing that to the functions.Once Entra ID authentication is available via #479 then the
KeyandKeyTypeparameters should be phased out.Phase 1 will just be putting in warnings when Key based authentication is being used, but still allow it.
Phase 2 will be to remove the parameters Key/KeyType from all functions (except
New-CosmosDbContextand some internal util functions).Important: It will still be possible to authenticate with master keys but will need to be performed via creation of a context and passing that through and we can include warnings about the lower security of using this method.
I'll leave this open for comment for a few weeks/months before making this change.
It will be a breaking change and result in a new major version.
The text was updated successfully, but these errors were encountered: