Azure.Core: AzureNamedKeyCredential

[jsquire]

Summary

When using a shared key for authorization, some services require that the name of the key be used as a component of the algorithm to form the authorization token. For these cases, AzureKeyCredential and AzureSasCredential aren't adequate as they track only a single value. A new credential type, AzureNamedKeyCredential has been approved to address this gap.

Goals

• Offer a token credential suitable for working with any service needing a named key that follows patterns established by the other credential types offered in Azure.Core and Azure.Identity.

• Developers should be able to construct the credential by providing a string-based name and key.

• Developers should be able to update the name and key after construction to support rolling credentials or using a new access policy. Updating credential information should be done in-place and not require creating a new credential instance.

• Developers should be able to read the name of they key, in order to support caching within an application so that it can be easily identified when updates are needed.

• The Azure SDKs should be able to read the name and key, ensuring they reflect the most current values.

• Support updates and reads concurrently with consistent behavior. Developers should be able to update the credential at any time without concern for whether the SDK is reading from it.

Non-Goals

• Providing a friendly and discoverable means for developers to read the key from the credential; it is preferable to hide the key or discourage use.

• Allowing the name or key to be updated independently; both elements will be required when updating a credential.

Success Criteria

• An AzureNamedKeyCredential type has been implemented, following language guidelines and idioms.

• The tests necessary for its validation have been created and pass reliably.

• The existing test suite continues to produce deterministic results and pass reliably.

Related

• .NET AzureNamedKeyCredential Design Options