Share via

Which procedure to follow to start adding the Azure Storage Account Access keys for one day rotation?

EnterpriseArchitect 5,666 Reputation points
2025-02-06T05:47:40.66+00:00

In order to perform Automated Azure Storage account Access keys, I am following this article: https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azure-cli#create-and-deploy-the-key-rotation-function

Since I have 500+ Azure Storage Accounts each with two Access keys , which procedure should I follow to ensure each of the Azure Storage Accounts Access keys are rotated daily for both keys?

Should I follow this: https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azure-cli#add-the-storage-account-access-keys-to-key-vault-secrets

Set-AzKeyVaultAccessPolicy -UserPrincipalName '******@company.com' -name vaultrotation-kv -PermissionsToSecrets set, delete, get, list
$tomorrowDate = (Get-Date).AddDays(+ 1).ToString('yyy-MM-ddTHH:mm:ssZ')
$secretValue = ConvertTo-SecureString -String '<key1Value>' -AsPlainText -Force
$tags = @{
	CredentialId	   = 'key1'
	ProviderAddress    = '<storageAccountResourceId>'
	ValidityPeriodDays = '1' #set to 1 day or 24 hours
}
Set-AzKeyVaultSecret -Name storageKey -VaultName vaultrotation-kv -SecretValue $secretValue -Tag $tags -Expires $tomorrowDate
$tomorrowDate = (Get-Date).AddDays(+ 1).ToString('yyy-MM-ddTHH:mm:ssZ')
$secretValue = ConvertTo-SecureString -String '<key2Value>' -AsPlainText -Force
$tags = @{
	CredentialId	   = 'key2'
	ProviderAddress    = '<storageAccountResourceId>'
	ValidityPeriodDays = '1' #set to 1 day or 24 hours
}
Set-AzKeyVaultSecret -Name storageKey -VaultName vaultrotation-kv -SecretValue $secretValue -Tag $tags -Expires $tomorrowDate

or this one: https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azurepowershell#use-existing-rotation-function-for-multiple-storage-accounts

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,368 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,398 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,361 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,017 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,181 questions
0 comments
Accepted answer
  1. Deepanshu katara 13,450 Reputation points MVP
    2025-02-06T06:20:55.22+00:00

    Hello , Welcome to MS Q&A

    Yes you can follow this https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azurepowershell#use-existing-rotation-function-for-multiple-storage-accounts as This approach ensures that your access keys are rotated regularly while maintaining access to your storage accounts.

    Please let us know if any further questions.

    Kindly accept answer if it helps

    Thanks
    Deepanshu

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.