stackoom
  简体   繁体   中英

Refresh Azure Storage Account Key Periodically using C# SDK

 原文  2021-05-28 17:16:08       c#/ azure/ azure-storage/ azure-storage-blobs

Question

For security purpose I want refresh my storage account key every month. I gone through Azure Storage SDK but couldn't find any specific way to do so.

Is there any nuget/sdk available for that? I am good with powershell script as well but should be able to execute it through some scheduler.

1 answers

solution1
 2 ACCPTED  2021-05-28 19:03:16

You can use the Azure Management SDK with an App Registration to do this.

Here's exactly the steps you need to take to do it:

1. Go to the Azure portal App Registration here: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps

2. Register a new APP by clicking New Registration:

在此处输入图像描述

3. Type any name for your App and Register it

4. Create a new secret for your app here: 在此处输入图像描述

5. Copy the secret, we'll use it later (do not share or store in source control!)

6. On the App Registration page make a copy of the CLIENT ID and the Tenant ID as shown here: 在此处输入图像描述

7. Go to the subscriptions on the portal and copy your subscription id

8. Now go to the blob account you want to reset the keys for and on Overview click JSON View and copy the Resource ID :

在此处输入图像描述 在此处输入图像描述

8b. Give access to your new app to the blob storage acccount, you can do this by going to Access control (IAM) on the blob storage account and adding a new role assignment.

9. On your project install the following nuget packages: 

<PackageReference Include="Microsoft.Azure.Management.Storage" Version="22.0.0" />
<PackageReference Include="Microsoft.Azure.Management.Fluent" Version="1.37.1" />

Note you can use higher versions if available.

10. Now you can use this code to reset the keys: 

using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;

namespace AzureMng
{
    class Program
    {
        static async Task Main(string[] args)
        {
            var creds = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
                "[ENTER CLIENT-ID]", 
                "[ENTER SECRET]",  
                "[ENTER TENANT ID", 
                AzureEnvironment.AzureGlobalCloud);
            var client = Microsoft.Azure.Management.Fluent.Azure.Configure()
                .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                .Authenticate(creds)
                .WithSubscription("[ENTER YOUR SubscriptionID]");
            
            var account = client.StorageAccounts.GetById(
                "");
            var keys = await account.RegenerateKeyAsync("key1");
            Console.WriteLine(keys.FirstOrDefault().Value);
        }
    }
}

Here you can change both keys or a single key. You can also copy the generated keys.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to mock Azure Storage Account in C# using Moq? Azure Storage Account authenticate using Managed Identity and C# How to get Azure Storage Account Key (connectionString) using azure .net sdk or fluent API? C# - Using Azure Key Vault with Azure Storage on Native App C# Azure Custom domain with storage account C# - Refresh method periodically How to rotate an Azure storage account access key from C# code? How to create an Azure Search Indexer using .net SDK (c#) to pull data from Azure blob storage Copy large file between azure storage account gen 2 using c# code Creating an Azure Storage Account in C# using Fluent API with no Allow Blob Public Access
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM