stackoom
  简体   繁体   中英

Encrypt Azure Storage account key in powershell script

 原文  2022-06-28 20:49:37       azure/ powershell/ scripting/ azure-blob-storage/ blob

Question

I'm developing a new powershell script in order to download any blobs from a specific container and the problem is due to security reasons because I do not want to paste in text plain the azure account key. So I have implemented a solution using 'ConvertTo-SecureString' command but the problem still exists because when I create a connection string to the blob, there appears a message who said: "Server Failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. HTTP Status Code 403 - HTTP Error".

With the key in plain text I'm able to create the connection string properly and then list and download all blobs from the container. I tried other solutions for example ' $Credential= New-Object System.Management.Automation.PSCredential ('$ShareUser, $SharePassword)' but there is other problem related with the input is not valid base64 string.

Do you know how to avoid this issues and create a secure connection string with an Azure Storage Account?

Best regards and thanks in advance

Here a part of my powershell script

$SecurePassword= Read-Host -AsSecureString | ConvertFrom-SecureString
$SecurePassword | Out-File -FilePath C:\test_blob\pass_file.xml

$ConfigFile= 'C:\Users\\config_file.xml'

IF (Test-Path) { 

[xml]$Config= Get-Content $ConfigFile 

[string] $Server = $Config.Config.Server;
[string] $SharePassword = $Config.Config.SharePassword;

 } ELSE
{
write-host "File do not exists: $ConfigFile"

}


 #BlobStorageInformation   

$StorageAccountName='test_acc'
$Container='test'
$DestinationFolder= 'C:\Users\user1\Blobs'


$Context = New-AzStorageConext -StorageAccountName $StorageAccountName -StorageAccountKey $SharePassword

#List of Blobs 

$ListBlob=@()
$ListBlob+= Get-AzStorageBlob -context $Context -container $Container | Where-Object {$_.LastModified -lt (Get-Date).AddDAys(-1)}

1 answers

solution1
 1  2022-06-28 23:03:28

Why would you maintain the password files or enter storage key manually when you have az powershell. Just login using az powershell, set the subscription and enjoy !

$ResourceGroupName = "YOURRESOURCEGROUPNAME"
$StorageAccountName = "YOURSTORAGEACCOUNTNAME"
$ContainerName = "YOURCONTAINERNAME"
$LocalPath = "D:\Temp"
        
Write-Output 'Downloading Content from Azure blob to local...'
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $ResourceGroupName -AccountName $StorageAccountName).value[0]
$storageContext = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $storageKey
$blobs = Get-AzStorageBlob -Container $ContainerName -Context $storageContext
foreach($blob in $blobs)
{
        Get-AzStorageBlobContent -Container $ContainerName -Context $storageContext -Force -Destination $LocalPath -Blob $blob.Name
}
Write-Output 'Content Downloaded Successfully !!!'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encrypt Azure Storage account name and key in PowerShell script Get Azure Storage Account Key inside Powershell Function App How to store output of script using powershell to azure storage account Query Azure Storage Account Used Capacity - PowerShell Script? Is it possible to encrypt the file using key vault and store it in storage account using “Azure Storage Data Movement Library” Need powershell script to enable diagnostic logging for Storage account and Key vault remove azure storage account with powershell Unable to encrypt Azure storage account using ansible Azure Powershell to copy azure storage account to another azure storage account Remove Azure Storage Account Key
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM