TechQA.

How to create a Key Vault managed storage account?

166 views Asked by At

I'm brand new to Azure and am trying to create a KV managed storage account. I've created a resource group, an ADLS account and a Key Vault. I've tried running these commands:

az role assignment create --role "Storage Account Key Operator Service Role" --assignee "https://vault.azure.net" --scope "/subscriptions/<subscriptionID>/resourceGroups/<StorageAccountResourceGroupName>/providers/Microsoft.Storage/storageAccounts/**myADLSaccName**"

az keyvault storage add --vault-name **myKVname** -n **myADLSaccName** --active-key-name key1 --auto-regenerate-key --regeneration-period P30D --resource-id "/subscriptions/**mySubscriptionID**/resourceGroups/Sab_RG/providers/Microsoft.Storage/storageAccounts/**myADLSaccName**"

The first one runs fine, the second one keeps giving me this error:

'storage' is misspelled or not recognized by the system. Did you mean 'restore' ?

azure key command-line-interface storage vault
Original Q&A
1

There are 1 answers

1
Venkatesan On BEST ANSWER

storage' is misspelled or not recognized by the system. Did you mean 'restore' ?

Initially, I followed the same document and I got the same error in my environment like same as above.

As of now, the az keyvault storage command is not available in the Azure CLI commands.

I checked with the below command:

az keyvault --help

In the above command, there is no storage subgroup as of now:

enter image description here

Alternatively, If you need to create a KV-managed storage account. you can use the PowerShell command:

Command:

$regenerationPeriod = [System.Timespan]::FromDays(90)
Add-AzKeyVaultManagedStorageAccount -VaultName '<your-vault-name>' -AccountName '<your-storage-account-name>' -AccountResourceId '/subscriptions/xxxxx/resourceGroups/xxxx/providers/Microsoft.Storage/storageAccounts/xxx' -ActiveKeyName 'key1' -RegenerationPeriod $regenerationPeriod

The above command equals the same command as az keyavult storage add sets up an existing Azure Storage Account with Key Vault for Storage Account keys to be managed by Key Vault.

Output:

Id                  : https://xxxxx.vault.azure.net:443/storage/venkat098
Vault Name          : xxxx
AccountName         : xxxx
Account Resource Id : /subscriptions/xxxx/resourceGroups/vxxxxx/providers/Microsoft.Storage/storageAccounts/xxx
Active Key Name     : key1
Auto Regenerate Key : True
Regeneration Period : 90.00:00:00
Enabled             : True
Created             : 11/15/2023 5:51:26 AM
Updated             : 11/15/2023 5:51:26 AM
Tags                :

enter image description here

Reference: Add-AzKeyVaultManagedStorageAccount (Az.KeyVault) | Microsoft Learn

Related Questions in AZURE

Related Questions in KEY

Related Questions in COMMAND-LINE-INTERFACE

Related Questions in STORAGE

Related Questions in VAULT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions