如何从 C# 代码轮换 Azure 存储帐户访问密钥?
How to rotate an Azure storage account access key from C# code?
我有一个 Azure 存储帐户。它有许多关联的访问密钥。从 Azure Web GUI 可以“轮换”这些密钥。
也可以从命令行旋转它们,使用(我相信)az storage account keys renew。
我想从 C# 代码中轮换这些键。我很难找到合适的对象来执行此操作。
我知道像 Azure.Storage.Blobs 和 Microsoft.Azure.Cosmos.Table 这样的 NuGet 包。这些系列之一的任何 NuGet 包中是否有任何 class 具有允许我 rotate/renew/regenerate 这些存储帐户访问密钥的功能?
提前致谢!
您想要使用的 Nuget 包是 Azure.ResourceManager.Storage. Once you create/get an instance of StorageAccount, you would need to call RegenerateKeyAsync 重新生成密钥的方法。
这是相同的示例代码。请注意,您还需要安装 Azure.Identity Nuget 包。
using System;
using System.Threading.Tasks;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Storage;
using Azure.ResourceManager.Storage.Models;
namespace SO69882633
{
class Program
{
private const string subscriptionId = "23456789-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
private const string resourceGroupName = "resource-group-name";
private const string storageAccountName = "storageaccountname";
private const string keyToRegenerate = "key2";//Key to regenerate. Could be either "key1" or "key2"
static async Task Main(string[] args)
{
var credentials = new DefaultAzureCredential();
ArmClient armClient = new ArmClient(new DefaultAzureCredential());
string storageAccountResourceId =
$"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}";
StorageAccount storageAccount = armClient.GetStorageAccount(storageAccountResourceId);
var keys = await storageAccount.GetKeysAsync();
foreach (var key in keys.Value.Keys)
{
Console.WriteLine($"{key.KeyName}: {key.Value}");
}
Console.WriteLine("===========================");
StorageAccountRegenerateKeyParameters parameters = new StorageAccountRegenerateKeyParameters(keyToRegenerate);
var result = await storageAccount.RegenerateKeyAsync(parameters);
Console.WriteLine($"\"{keyToRegenerate}\" key regenerated successfully.");
Console.WriteLine("Listing keys again (just to make sure ;-))...");
keys = await storageAccount.GetKeysAsync();
foreach (var key in keys.Value.Keys)
{
Console.WriteLine($"{key.KeyName}: {key.Value}");
}
Console.WriteLine("===========================");
}
}
}
我有一个 Azure 存储帐户。它有许多关联的访问密钥。从 Azure Web GUI 可以“轮换”这些密钥。
也可以从命令行旋转它们,使用(我相信)az storage account keys renew。
我想从 C# 代码中轮换这些键。我很难找到合适的对象来执行此操作。
我知道像 Azure.Storage.Blobs 和 Microsoft.Azure.Cosmos.Table 这样的 NuGet 包。这些系列之一的任何 NuGet 包中是否有任何 class 具有允许我 rotate/renew/regenerate 这些存储帐户访问密钥的功能?
提前致谢!
您想要使用的 Nuget 包是 Azure.ResourceManager.Storage. Once you create/get an instance of StorageAccount, you would need to call RegenerateKeyAsync 重新生成密钥的方法。
这是相同的示例代码。请注意,您还需要安装 Azure.Identity Nuget 包。
using System;
using System.Threading.Tasks;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Storage;
using Azure.ResourceManager.Storage.Models;
namespace SO69882633
{
class Program
{
private const string subscriptionId = "23456789-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
private const string resourceGroupName = "resource-group-name";
private const string storageAccountName = "storageaccountname";
private const string keyToRegenerate = "key2";//Key to regenerate. Could be either "key1" or "key2"
static async Task Main(string[] args)
{
var credentials = new DefaultAzureCredential();
ArmClient armClient = new ArmClient(new DefaultAzureCredential());
string storageAccountResourceId =
$"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}";
StorageAccount storageAccount = armClient.GetStorageAccount(storageAccountResourceId);
var keys = await storageAccount.GetKeysAsync();
foreach (var key in keys.Value.Keys)
{
Console.WriteLine($"{key.KeyName}: {key.Value}");
}
Console.WriteLine("===========================");
StorageAccountRegenerateKeyParameters parameters = new StorageAccountRegenerateKeyParameters(keyToRegenerate);
var result = await storageAccount.RegenerateKeyAsync(parameters);
Console.WriteLine($"\"{keyToRegenerate}\" key regenerated successfully.");
Console.WriteLine("Listing keys again (just to make sure ;-))...");
keys = await storageAccount.GetKeysAsync();
foreach (var key in keys.Value.Keys)
{
Console.WriteLine($"{key.KeyName}: {key.Value}");
}
Console.WriteLine("===========================");
}
}
}