Managing Key Management for Storage accounts

  1. Home
  2. Managing Key Management for Storage accounts

Go back to AZ-500 Tutorials

In this tutorial, we will learn and understand about managing key management by creating a storage account.

While creating the storage account,  Azure generates two 512-bit storage account access keys. Further, these keys can be used for authorizing access to data in your storage account via Shared Key authorization.

Also, Microsoft recommends that you use Azure Key Vault to manage your access keys, and that you regularly rotate and regenerate your keys.

Protecting your access keys

Your storage account access keys are the same as the root password for your storage account. 

  • Firstly, always be careful while protecting your access keys. 
  • Secondly, use Azure Key Vault for managing and rotating your keys securely. 
  • Thirdly, avoiding distributing access keys for other users or saving them anywhere in plain text that is accessible to others. 
  • Lastly, rotate your keys if you believe they may have been compromised.
AZ-500 Practice tests

Viewing account access keys

You have the option to view and copy your account access keys with the Azure portal, PowerShell, or Azure CLI. However, the Azure portal also provides a connection string for your storage account that you can copy.

Portal

For viewing and copying your storage account access keys or connection string from the Azure portal:

  • Firstly, navigate to your storage account in the Azure portal.
  • Secondly, under Settings, select Access keys. Then, your account access keys appear including the complete connection string for each key.
  • Thirdly, locate the Key value under key1, and click the Copy button to copy the account key.
  • Alternately, you can copy the entire connection string. Lastly, find the Connection string value under key1, and click the Copy button to copy the connection string.

However, you can use either of the two keys to access Azure Storage, but in general it’s a good practice to use the first ke. Further, reserve the use of the second key for when rotating the keys. For viewing or reading an account’s access keys, the user must be a Service Administrator. 

Using Azure Key Vault to manage your access keys

Microsoft recommends using Azure Key Vault for managing and rotating your access keys. Moreover, your application can securely access your keys in Key Vault, so that you can avoid storing them with your application code. 

Manually rotate access keys

Microsoft recommends that you rotate your access keys periodically for keeping your storage account secure. However, if possible, use Azure Key Vault for managing your access keys. 

Portal

For rotating your storage account access keys in the Azure portal:

  • Firstly, updating the connection strings in your application code for referencing the secondary access key for the storage account.
  • Secondly, navigate to your storage account in the Azure portal.
  • Thirdly, under Settings, select Access keys.
  • Then, for regenerating the primary access key for your storage account, select the Regenerate button next to the primary access key.
  • After that, update the connection strings in your code to reference the new primary access key.
  • Lastly, regenerate the secondary access key in the same manner.
Az-500 online course key management concept

Reference: Microsoft Documentation

Go back to AZ-500 Tutorials

Menu