[go: up one dir, main page]
Scribd
Upload
222 views12 pages

SOP Storage Account Keys

This document provides the standard operating procedure for managing storage account access keys in Azure. It discusses how storage accounts have two access keys that can be used to authorize access. It recommends protecting access keys by limiting sharing, using SAS tokens for limited access, and storing keys securely in Key Vault. The document then provides step-by-step instructions for retrieving and regenerating storage account keys through the Azure portal, Azure CLI, and Azure Storage Explorer.

Uploaded by

Nishan Shetty
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
222 views12 pages

SOP Storage Account Keys

This document provides the standard operating procedure for managing storage account access keys in Azure. It discusses how storage accounts have two access keys that can be used to authorize access. It recommends protecting access keys by limiting sharing, using SAS tokens for limited access, and storing keys securely in Key Vault. The document then provides step-by-step instructions for retrieving and regenerating storage account keys through the Azure portal, Azure CLI, and Azure Storage Explorer.

Uploaded by

Nishan Shetty
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 12

SOP of Azure Storage Account Keys.

SOP # 3

Azure Storage Account Keys Revision # 3


Page # 1 to 9
Title How to get access keys for storage account in Azure Reviewed Date
SOP Owner Nishan Approval Date

Standard Operating Procedure

Storage Account Keys: -


Be cautious with the account key:
Account key is like the root password, the user processing the account keys can perform
any action against the storage account. Microsoft recommends to save the key to Azure
Key Vault and regularly rotate them.

Two Keys:
Azure provides two 512-bit keys for every storage account. You can either one of these in
your authorization header. Users with permission to
Microsoft.Storage/storageAccounts/listkeys/action can view, read or copy the key via
Azure portal, Azure CLI and Azure PowerShell.

Protect Access Keys:


Access to shared keys should be carefully limited and monitored. Use SAS tokens with
limited scope of access in scenarios where Azure AD based authorization can’t be used.
Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to
others. Rotate your keys if you believe they might have been compromised.

1. Purpose
The keys can be used to authorize access to data in your storage account via
Shared Key authorization, or via SAS tokens that are signed with the shared key.
2. Scope
Storage account access keys provide full access to the configuration of a storage
account, as well as the data. Always be careful to protect your access keys. Use Azure
Key Vault to manage and rotate your keys securely. Access to the shared key grants a
user full access to a storage accounts configuration and its data.

1|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

Step by Step: Manage Storage Account Access Keys.

We can retrieve and regenerate Storage Account Keys by three methods first one we can
do it on Azure portal, second one by using commands in Azure CLI and third one by
using Azure CLI.

1) Azure Portal.

 Open the Azure Portal


 Navigate the Storage Account.

2|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 In storage account search for Access Keys and click on Access Keys.

 Account keys controls access to the data plane for that storage account.
 Each storage account has to keys Key1 and Key2 in the Azure Portal.

3|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 These keys can regenerated manually using one of several methods including but not
limited using the Azure Portal, PowerShell the Azure CLI or programmatically using
the .NET storage client library of the azure storage services REST API,
 Reasons to regenerate keys.
 Scheduled regeneration.
 Preventing access during an app hack.
 Application that retain storage keys granting limited access.

4|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 Regeneration for key1


o Regenerate key2
o Use key2 in applications.
o Regenerate key1.

5|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

2) Microsoft Azure Storage Explorer.

 Open Microsoft Azure Storage Explorer.

 Click above Storage Account or Services.


 In connection method screen select Account Name and key then click next.

6|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 Once you select the connection method it will ask you to provide a display name,
account name, access key and storage domain then click on next and connect.

7|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 You can see that successfully added new connection through Account name Key.

 Click on storage then go to blob-storage, here we can see containers that are
working in storage account.
 Click on container and it will open a one window with all the files. So we can easily
upload and download files.

8|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 Right click on any one file and select Open then the file will open successfully.

 In first step I completed connection using Account name & Key.


 Now I’m going to connect the Azure Storage Account through Connection String.

9|Page Texiio pvt ltd


SOP of Azure Storage Account Keys.

 Once you select the connection method it will ask you to provide a display name and
connection string then click on next and connect.

10 | P a g e Texiio pvt ltd


SOP of Azure Storage Account Keys.

 You can see that successfully added new connection through Connection String.

 Click on storage then go to file-share, here we can see files that are uploaded in
storage account.

11 | P a g e Texiio pvt ltd


SOP of Azure Storage Account Keys.

 Right click on any one file and select Open then the file will open successfully.

12 | P a g e Texiio pvt ltd

You might also like