Access keys

In Azure, storage Access keys are used to authenticate applications that use external or internal interfaces to interact with Azure Storage. Example interactions are a RESTful API call or a simple net use of an SMB share.

When a storage account is created, Azure generates two 512-bit access keys. These keys are very important to the security of the storage account, and for this reason they must be kept safe all the time. An SAS is also created based on the storage accounts access keys. That means that when the access key that a specific SAS is based on is regenerated, the SAS is invalid and has to be regenerated. The reason that there are two access keys in each storage account is mainly high availability. As it's recommended to regenerate access keys on a regular basis, keys should be rotated to avoid any downtime. Key regeneration does not influence access of your VMs to their VHDs.

The current access keys of a storage account can be found in the Access keys menu in a storage account:

Storage account access key overview

They can also be received with PowerShell with the following command:

Get-AzureRmStorageAccount `
 -name $storageAccountName `
 -ResourceGroupName $resourceGroupName `
 | Get-AzureRmStorageAccountKey

To regenerate a storage key, the Regenerate button in the portal is used, as highlighted in the following screenshot:

Regenerating keys with the marked buttons

To regenerate a key using PowerShell, the following cmdlet is used:

    New-AzureRmStorageKey -ResourceGroupName "MyResourceGroup" -AccountName "MyStorageAccount" -KeyName "key1"
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset