< Back
Add-AzureKeyVaultManagedStorageAccount
Post
NAME Add-AzureKeyVaultManagedStorageAccount
SYNOPSIS
Adds an existing Azure Storage Account to the specified key vault for its keys to be managed by the Key Vault service.
SYNTAX
Add-AzureKeyVaultManagedStorageAccount [-VaultName] <String> [-AccountName] <String> [-AccountResourceId] <String> [-ActiveKeyName] <String>
[-DefaultProfile <IAzureContextContainer>] [-Disable] [-DisableAutoRegenerateKey] [-RegenerationPeriod <TimeSpan>] [-Tag <Hashtable>] [-Confirm]
[-WhatIf] [<CommonParameters>]
DESCRIPTION
Sets up an existing Azure Storage Account with Key Vault for Storage Account keys to be managed by Key Vault. The Storage Account must already
exist. The Storage Keys are never exposed to caller. Key Vault auto regenerates and switches the active key based on the regeneration period.
PARAMETERS
-AccountName <String>
Key Vault managed storage account name. Cmdlet constructs the FQDN of a managed storage account name from vault name, currently selected
environment and manged storage account name.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-AccountResourceId <String>
Azure resource id of the storage account.
Required? true
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ActiveKeyName <String>
Name of the storage account key that must be used for generating sas tokens.
Required? true
Position? 3
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Disable [<SwitchParameter>]
Disables the use of managed storage account's key for generation of sas tokens.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-DisableAutoRegenerateKey [<SwitchParameter>]
Auto regenerate key. If true, then the managed storage account's inactive key gets auto regenerated and becomes the new active key after the
regeneration period. If false, then the keys of managed storage account are not auto regenerated.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-RegenerationPeriod <TimeSpan>
Regeneration period. If auto regenerate key is enabled, this value specifies the timespan after which managed storage account's inactive
keygets auto regenerated and becomes the new active key.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Tag <Hashtable>
Key-value pairs in the form of a hash table. For example:
@{key0="value0";key1=$null;key2="value2"}
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageAccount
NOTES
Example 1: Set an Azure Storage Account with Key Vault to manage its keys
PS C:\\> $regenerationPeriod = [System.Timespan]::FromDays(90)
PS C:\\> Add-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -ResourceId '/subscriptions/<subscription
id>/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount' -ActiveKeyName 'key1' -RegenerationPeriod
$regenerationPeriod
Sets a Storage Account with Key Vault for its keys to be managed by Key Vault. The active key set is 'key1'. This key will be used to generate sas
tokens. Key Vault will regenerate 'key2' key after the regeneration period from the time of this command and set it as the active key. This auto
regeneration process will continue between 'key1' and 'key2' with a gap of 90 days.
Example 2: Set a Classic Azure Storage Account with Key Vault to manage its keys
PS C:\\> $regenerationPeriod = [System.Timespan]::FromDays(90)
PS C:\\> Add-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -ResourceId '/subscriptions/<subscription
id>/resourceGroups/myresourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/mystorageaccount' -ActiveKeyName 'Primary'
-RegenerationPeriod $regenerationPeriod
Sets a Classic Storage Account with Key Vault for its keys to be managed by Key Vault. The active key set is 'Primary'. This key will be used to
generate sas tokens. Key Vault will regenerate 'Secondary' key after the regeneration period from the time of this command and set it as the
active key. This auto regeneration process will continue between 'Primary' and 'Secondary' with a gap of 90 days.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ageaccount
AzureRM.KeyVault
SYNOPSIS
Adds an existing Azure Storage Account to the specified key vault for its keys to be managed by the Key Vault service.
SYNTAX
Add-AzureKeyVaultManagedStorageAccount [-VaultName] <String> [-AccountName] <String> [-AccountResourceId] <String> [-ActiveKeyName] <String>
[-DefaultProfile <IAzureContextContainer>] [-Disable] [-DisableAutoRegenerateKey] [-RegenerationPeriod <TimeSpan>] [-Tag <Hashtable>] [-Confirm]
[-WhatIf] [<CommonParameters>]
DESCRIPTION
Sets up an existing Azure Storage Account with Key Vault for Storage Account keys to be managed by Key Vault. The Storage Account must already
exist. The Storage Keys are never exposed to caller. Key Vault auto regenerates and switches the active key based on the regeneration period.
PARAMETERS
-AccountName <String>
Key Vault managed storage account name. Cmdlet constructs the FQDN of a managed storage account name from vault name, currently selected
environment and manged storage account name.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-AccountResourceId <String>
Azure resource id of the storage account.
Required? true
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ActiveKeyName <String>
Name of the storage account key that must be used for generating sas tokens.
Required? true
Position? 3
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Disable [<SwitchParameter>]
Disables the use of managed storage account's key for generation of sas tokens.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-DisableAutoRegenerateKey [<SwitchParameter>]
Auto regenerate key. If true, then the managed storage account's inactive key gets auto regenerated and becomes the new active key after the
regeneration period. If false, then the keys of managed storage account are not auto regenerated.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-RegenerationPeriod <TimeSpan>
Regeneration period. If auto regenerate key is enabled, this value specifies the timespan after which managed storage account's inactive
keygets auto regenerated and becomes the new active key.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Tag <Hashtable>
Key-value pairs in the form of a hash table. For example:
@{key0="value0";key1=$null;key2="value2"}
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageAccount
NOTES
Example 1: Set an Azure Storage Account with Key Vault to manage its keys
PS C:\\> $regenerationPeriod = [System.Timespan]::FromDays(90)
PS C:\\> Add-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -ResourceId '/subscriptions/<subscription
id>/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount' -ActiveKeyName 'key1' -RegenerationPeriod
$regenerationPeriod
Sets a Storage Account with Key Vault for its keys to be managed by Key Vault. The active key set is 'key1'. This key will be used to generate sas
tokens. Key Vault will regenerate 'key2' key after the regeneration period from the time of this command and set it as the active key. This auto
regeneration process will continue between 'key1' and 'key2' with a gap of 90 days.
Example 2: Set a Classic Azure Storage Account with Key Vault to manage its keys
PS C:\\> $regenerationPeriod = [System.Timespan]::FromDays(90)
PS C:\\> Add-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -ResourceId '/subscriptions/<subscription
id>/resourceGroups/myresourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/mystorageaccount' -ActiveKeyName 'Primary'
-RegenerationPeriod $regenerationPeriod
Sets a Classic Storage Account with Key Vault for its keys to be managed by Key Vault. The active key set is 'Primary'. This key will be used to
generate sas tokens. Key Vault will regenerate 'Secondary' key after the regeneration period from the time of this command and set it as the
active key. This auto regeneration process will continue between 'Primary' and 'Secondary' with a gap of 90 days.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ageaccount
AzureRM.KeyVault