# Microsoft.Azure.WebJobs.Extensions.Storage：密钥轮换后 'AzureWebJobsStorage' 的值缺失或为空

- **ID:** `cloud/azure-function-app-storage-connection-string-rotation`
- **领域:** cloud
- **类别:** config_error
- **错误码:** `Microsoft.Azure.WebJobs.Extensions.Storage`
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

轮换 Function App 默认存储连接的存储帐户访问密钥会导致 'AzureWebJobsStorage' 应用程序设置失效，但轮换过程不会自动更新该设置。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Azure Functions: runtime >= 4.x | active | — | — |
| Azure Storage: >= 2019-12-12 | active | — | — |
| Azure Portal: latest | active | — | — |

## 解决方案

1. ```
   Update the 'AzureWebJobsStorage' app setting in the Function App with the new storage account key. Use Azure CLI: 'az functionapp config appsettings set --name <function-app-name> --resource-group <rg> --settings AzureWebJobsStorage="DefaultEndpointsProtocol=https;AccountName=<storage-account>;AccountKey=<new-key>;EndpointSuffix=core.windows.net"'
   ```
2. ```
   Use managed identity instead of access keys for the storage connection; assign the 'Storage Blob Data Contributor' role to the Function App's system-assigned identity and set 'AzureWebJobsStorage__accountName' instead of the connection string.
   ```

## 无效尝试

- **** — Restarting doesn't update the app setting; the connection string is still the old key, so the app continues to fail. (80% 失败率)
- **** — Overkill; loses all existing data and requires reconfiguring all connections, not just the Function App. (95% 失败率)
- **** — Common user error; the setting appears updated but isn't persisted, leading to confusion. (30% 失败率)