I'm using Azure Key Vault, to store my encryption keys. After finishing my free trial, I did not update my subscription. So I lost everything. How can I restore all my keys?
After finishing the free trial, any products you’ve deployed will be decommissioned and you won’t be able to access them, your option is to upgrade it to a pay-as-you-go account.
See - https://azure.microsoft.com/en-us/free/free-account-faq/
Related
I have a question that I can't find the answer to in MS Documentation in regards to the Log Analytics Workspace keys. Does anybody know if I go to the Agent Management for a Log Analytics Workspace and hit Regenerate for a key, does it affect the connection for existing agents that were onboarded using the old key (will machines that were onboarded previously be disconnected)? Or it will only affect future onboarding machines (meaning I cannot onboard using the old key)?
When I try to click on Regenerate, I get this message which is confusing a bit:
"This will nullify old keys, so after regenerating you'll need to update the keys in all agent instances and all other instances, like APIs, Logic Apps and Microsoft Flow"
If someone has any experience with this it would be so helpful!!
If we regenerate the azure log Analytics Workspace key, the old key will expire and all gent instances connecting the workspace with the key will be disconnected.
Does Azure Key Vault supports Geo-Replication between the regions? I don't see any options?
https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance
"The contents of your key vault are replicated within the region and
to a secondary region at least 150 miles away but within the same
geography to maintain high durability of your keys and secrets. See
the Azure paired regions document for details on specific region
pairs."
From #Karthikeyan Vijayakumar comment above:
However I have the application deployed on both West US (primary) and East US(secondary) and I want to sync between the regions.
You don't need to replicate your Key Vault instance to make it available to your applications in both regions.
Simply call the URL (https://<vault-instance-name>.vault.azure.net), Azure DNS will dynamically resolve to the active region. By default, the active region is the region where you created the instance. In the event this region is unavailable, the DNS will resolve to the geo-replica, hosted in the corresponding paired region.
The problem with this approach is that you still on the mercy of Microsoft, as the service will be reestablished only if they decide to failover the region.
Short story long: There is no user managed geo replication of Azure Key vault like Azure SQL for example. In your case, you need to build a workflow that replicates the values between your primary and secondary key vaults.
Backup and Restore : https://learn.microsoft.com/en-us/azure/key-vault/general/backup?tabs=azure-cli
You can use these capabilities to build your workflow.
You can use the changelog to track changes to your key vault, and trigger a backup/Restore or you can schedule it like once a day.
A change tracking is better as you can only replicate changes and not the entire key vault.
Regards
I have an old Azure Container Service in my subscription, I've since migrated everything to AKS and I'd like to delete the old ACS.
As part of migrating to AKS I've reused a storage account related to the ACS cluster, and I'd like to be certain it's not going to be deleted when I delete the ACS cluster.
The documentations states that "The operation does not delete other resources created as part of creating a container service": https://learn.microsoft.com/en-us/rest/api/container-service/containerservices/delete
But I've found some issues on Github that imply this may no longer be the case:
On [ACS] Deleting an ACS instance only deletes the "logical" ACS resource someone commented that "This behavior is no longer the case--az acs delete removes all the expected resources"
And on Deleting Container Service leaves provisioned resources around someone said in 2017 that "No ETA. but it is what we are actively working on [it]"
So is there way I can be certain what will be deleted when I delete the cluster? Or should I just back everything up and hope for this best?
I'd create a delete lock on the storage account and delete the ACS cluster. or I'd just delete ACS resources one by one. that way there is no risk of accidentally deleting your storage account.
I just created a new DocumentDB instance. When I go to the "Keys" area on the new Azure portal, I don't see a primary key or secondary key. My URI is listed. I tried use the regenerate feature hoping that would create the keys, but no luck. Anyone else have this problem? How would I report this to Msft without a technical support subscription?
The account can take several minutes to provision, during which time the keys will not be available (since the account has finished creating). If, in the portal, you choose to Browse | DocumentDB accounts, you will see the status (creating, updating, online). Once your account is in an online state, the keys will be available. Can you ensure that the account is indeed in an online state and, if so, refresh your browser and see if the keys are available?
Problem
We deploy a mixed SaaS, PaaS, IaaS solutions on Micorosft Azure. Recently our account was suspended due to a Microsoft credit limit.
1) The account billing and technical contact received no warning of the approaching credit limit. When the account was suspended alerts were raised instantly. In response I simply lifted the credit limit and the account was accessible again.
2) All VMs could then be started again within seconds and thrid party add-ons were operational automatically.
3) Cloud Services were displayed but all the web/worker role instances in each were stopped. On attempting to start it was clear the deployments had been deleted !
Questions
Does any one know or understand why the deployment packages are removed when an Azure account subscription has been disabled ?
VM, storages accounts, add-ons are persist so why delete the cloud service instances / deployment packages ?
Anyway to mitigate this issue ?
Result is 60 min downtime to upload and deploy packages from source control. Examining enterprise accounts and invoicing.
Thank you for any advice.
Scott
Currently, subscriptions which has monthly credits such as MSDN, MPN and Bizspark plus has a feature called spending limit. This feature is enabled by default to prevent any charges on your credit card. When this sending limit is triggered, the subscription is disabled for the remaining billing cycle and will be automatically re-enabled when the credit is reset which is on the start of the new billing cycle.
When the subscription is disabled, Cloud services (web and worker role) deployments are deleted as only the deployment file is uploaded on Azure and the source file would still be available by the developer. However, Virtual machines are created within Azure platform, hence VMs are stopped de-allocated when the subscription is disabled. The web services deployments are dealt with differently i.e they are deleted it’s a legacy of how the platform was built and is scaled.
The Azure portal shows the credit utilized and remaining balance for the subscription and notifying the credit status over email is still not available. However, when the subscription is disabled, a notification is sent to the account owner.
Possible mitigation involves:
moving to standard payment terms , away from pay-as-you-go account.
remove the credit limit
possibly a continuous deployment strategy via Team Foundation Server or the like could automate redeployment (no doubt there are other automation methods too).
Unfortunately if the Azure subscription is suspended service deployments are deleted and must be uploaded again. If you have multiple large deployment packages this could take many hours.
Hope that helps someone.
Additionally, if you have shared websites, they will get suspended. There is no way to resume them until the credit period is reset, so you need to delete and recreate them.