1

I have an Azure storage account. It has a number of access keys associated. From the Azure web GUI it is possible to "rotate" these keys.

Key rotation in the GUI

It is also possible to rotate them from the command line, using (I believe) az storage account keys renew.

I would like to rotate these keys from C# code. I have trouble finding the right object that lets me do this.

I know of NuGet packages like Azure.Storage.Blobs and Microsoft.Azure.Cosmos.Table. Is there any class in any NuGet package of one of those families that has a feature that lets me rotate/renew/regenerate these storage account access keys?

Thanks in advance!

Claus Appel
  • 1,015
  • 10
  • 28

1 Answers1

2

The Nuget package you would want to use is Azure.ResourceManager.Storage. Once you create/get an instance of StorageAccount, you would need to call RegenerateKeyAsync method to regenrate a key.

Here's the sample code for the same. Please note that you will also need to install Azure.Identity Nuget package.

using System;
using System.Threading.Tasks;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Storage;
using Azure.ResourceManager.Storage.Models;

namespace SO69882633
{
    class Program
    {
        private const string subscriptionId = "23456789-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
        private const string resourceGroupName = "resource-group-name";
        private const string storageAccountName = "storageaccountname";
        private const string keyToRegenerate = "key2";//Key to regenerate. Could be either "key1" or "key2"
        static async Task Main(string[] args)
        {
            var credentials = new DefaultAzureCredential();
            ArmClient armClient = new ArmClient(new DefaultAzureCredential());
            string storageAccountResourceId =
                $"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}";
            StorageAccount storageAccount = armClient.GetStorageAccount(storageAccountResourceId);
            var keys = await storageAccount.GetKeysAsync();
            foreach (var key in keys.Value.Keys)
            {
                Console.WriteLine($"{key.KeyName}: {key.Value}");
            }
            Console.WriteLine("===========================");
            StorageAccountRegenerateKeyParameters parameters = new StorageAccountRegenerateKeyParameters(keyToRegenerate);
            var result = await storageAccount.RegenerateKeyAsync(parameters);
            Console.WriteLine($"\"{keyToRegenerate}\" key regenerated successfully.");
            Console.WriteLine("Listing keys again (just to make sure ;-))...");
            keys = await storageAccount.GetKeysAsync();
            foreach (var key in keys.Value.Keys)
            {
                Console.WriteLine($"{key.KeyName}: {key.Value}");
            }
            Console.WriteLine("===========================");
        }
    }
}
Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • Thanks. I'm hesitant to use that package because apparently there is no official release of it, only beta releases. Moreover, I could not figure out how to instantiate a `StorageAccount`. Could you show - or link to an example of - how to instantiate a `StorageAccount`? And, crucially, _what version of the NuGet are you using_? – Claus Appel Nov 09 '21 at 12:18
  • Understood your comment about the SDK being in preview. There's an older version of the SDK available as well: [Microsoft.Azure.Management.Storage](https://www.nuget.org/packages/Microsoft.Azure.Management.Storage/). I believe the current version of this new SDK is `1.0.0-beta.3`. HTH. – Gaurav Mantri Nov 09 '21 at 13:23
  • The newest pre-release is 1.0.0-beta.3, yes. But the sample you linked to is not from 1.0.0-beta.3. The sample appears to be from an unreleased master, and the code base seems to have changed _a lot_ since the last pre-release. When I check out tag 1.0.2 from their GitHub I cannot find any `StorageAccount` class. – Claus Appel Nov 10 '21 at 06:19
  • I took the sample code from their tests. Are you open to use this pre-release version? I will try to write some code to make use of this version of the SDK. – Gaurav Mantri Nov 10 '21 at 06:33
  • I am open to using it for these purposes, yes. – Claus Appel Nov 10 '21 at 12:59
  • Updated my answer with working code. HTH. – Gaurav Mantri Nov 11 '21 at 10:24