I need to remove any Authentication Key that the Storage Accounts of my subscriptions. Do you know if there is any way to remove it? I was looking for a cmdlet in powershell to do it but was unable to find it.
I was able to retrieve the list of Storage Accounts and check if there is an authentication key set, however I was unable to remove them. I tried to set them as null, but it didn't work
$colStorageAccounts = Get-AzureRMStorageAccount
for ($objStorageAccount in $colStorageAccounts)
{
$objAccountKey = Get-AzureRMStorageAccountKey -ResourceGroupName $objStorageAccount.ResourceGroupName -AccountName $objStorageAccount.Id
if ($objAccountKey -ne $null)
{
here i should set the code for remove it
}
}
As you can see from the list of commands supported on azure storage module, there is no command to delete account key, Instead you can remove the container if you need or generate a new one from the portal.
Related
As per my understanding keyvault names are globally unique and also secrets as well as
I won't be able to reuse the keyvault that exists in the soft deleted state
I am having the multiple keyvaults, after deleting multiple keyvaluts it is moving to softdelete state
I want to enable the soft delete option automatically,
If someone came and acciedently delete my keyvalut i can be able to grant the access permissions to recover the secrets
Every time I cannot go to the portal and enable the soft delete option for the keyvault manually i want this in automated way
How can we write the playbook using powershell to automate the soft delete option for all keyvaults
I have searched in the net and find this microsoft Document but didnot get any related information related to automation to get the results
Can any one help me to do this I will really appreciated
Thanks in advance $ have a good day with nice answer :)-
I tried to create the runbook using PowerShell for keyvault in my environment and got the below results
I have created the automation account to use the runbook
Created the runbook and wrote the PowerShell script for soft delete
#soft delete option for single vault
Connect-AzAccount
Get-AzKeyVault -VaultName "XXXXXX"
$vaultId = (Get-AzRecoveryServicesVault -Name "recovery-services" -ResourceGroupName 'XXXXX'.id)
(Get-AzRecoveryServicesVaultProperty -VaultID $vaultId).SoftDeleteFeatureState
#soft delete option for multiple keyvaults
$vaults = Get-AzRecoveryServicesVault
foreach($vault in $vaults) {
$properties = Get-AzRecoveryServicesVaultProperty -VaultId $vault.Id
if($properties.SoftDeleteFeatureState -eq 'Enabled') {
Write-Host "Soft delete option is enabled" $properties.SoftDeleteFeatureState "for" $vault.Name "`n" `
-ForeGroundColor Green
} else {
Write-Host "Soft delete option is enabled" $properties.SoftDeleteFeatureState "for" $vault.Name "`n" `
-ForeGroundColor Red
}
}
Saved my script and published, and I run my script
when I check the job its succeeded and the status is running
When I check the keyvault the auto soft delete got enabled
Added the schedule to run automatically for particular period of time
I am trying to get the Key of a Storage Account from inside a Powershell Function App under the same Resource Group "rg-mobileplans".
I am certain I have the correct Azure Context and when listing all the Storage Accounts I see the one I am trying to retrieve the key from - "stmobileplansstaging".
Write-Host ((Get-AzContext).Subscription)
Write-Host (Get-AzStorageAccount -ResourceGroupName rg-mobileplans).StorageAccountName
Output:
<Subscription ID Hidden for Privacy>
stmobileplansstaging storageaccountrgmob83d8
But when I try to get the key itself I get an error message that the Storage Account Could not be found.
Get-AzStorageAccountKey -ResourceGroupName rg-mobileplans -AccountName stmobileplansstaging
Output:
ERROR: Get-AzStorageAccountKey : The Resource 'Microsoft.Storage/storageAccounts/stmobileplansstaging ' under resource group 'rg-mobileplans' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Keep in mind that I am running these commands from a Function App. Running them from Powershell works.
I have created a System Managed Identity for the Function App and gave it "Owner" access to the entire "rg-mobileplans" Resource Group and the "stmobileplansstaging" Storage Account.
What am I missing?
I just realized what the problem is. In the script the storage account name is given through a tag. The name had a space at the end. When running the get / list storage account commands it's OK and the commands succeed because the name of the account is probably at the end, but for getting the key, underneath a POST call is being made and the URL looked something like "http://.../storage/stmobileplansstaging /rest-of-the-uri". Notice the space in the middle of the URI which broke everything.
I'm trying to set a new application setting for azure storage key, the problem is that the '==' at the end of the key is not been recognized, I try to generate a new key but it seems that very key ends in '=='
I test with portal and powershell, they all could work.
In the portal, go to your app service->Configuration->+New application setting and set your key there.
With powershell I use the below code to update it:
Set-AzureRMWebApp -ResourceGroupName $myResourceGroup -Name $mySite -AppSettings $hash
With these two ways, the key could be recognized, I check them in the kudu.
So if you are not using these way and you still fail to set it please feel free to let me know.
Is it possible to set up a custom domain for a Azure Resource Manager (ARM) storage account using Azure Powershell? If so, how?
I tried to set up a custom domain through the Azure Preview Web Portal but that functionality does not yet exist for the new resource manager storage accounts.
Using this documentation, I am able to login and see the properties of my new RM storage account, but I am unsure how to update the CustomDomain property. I expected to find an example/documentation of how this worked with the old storage accounts, but I have not found anything.
I have found a solution that worked for us. You can use the Set-AzureRmStorageAccount command to set properties on an existing storage group. Not sure how I missed this one.
Set-AzureRmStorageAccount -ResourceGroupName "<YOUR RESOURCE GROUPNAME>" -Name "<YOUR STORAGE ACCOUNT NAME>" -CustomDomainName <YOUR.CUSTOM.DOMAIN> -UseSubDomain $true
In case, like me, you get ResourceGroupNotFound do following command to select your subscription before (you get your subscription id in the Azure Portal):
Select-AzureRmSubscription -SubscriptionId <YourSubscriptionID>
We use Azure Backup and set our backup vaults to use GRS. We want to use LRS instead. It is understood that this cannot be changed once machines have been added to the vault, and we need to start from scratch. Two questions:
Do I need to remove the current vault first before I set up a new vault for that same server?
Can the current backups be transferred to the new vault?
Changing a Recovery Service Vault's storage replication type can be achieved via the Portal or PowerShell. Unfortunately, this option is greyed-out in the Portal, and whilst the cmdlet successfully executes, it doesn't change the underlying value: if there is one or more Protected Instances already contained in the vault.
Because of this, and because the default value is GeoRedundant, this must be set before any items have been protected.
To set the storage to Locally Redundant via the Portal:
Create/Open the Recovery Services Vault
Scroll-down and select Backup Infrastructure
Select Backup Configuration
Set Storage replication type to Locally-redundant
To achieve the same via PowerShell:
$RG = 'testResourceGroup'
$VaultName = 'testVault'
$Location = 'Central US'
$vault = Get-AzureRmRecoveryServicesVault -ResourceGroupName $RG -Name $VaultName
If (-not $vault) {
$vault = New-AzureRmRecoveryServicesVault -ResourceGroupName $RG -Location $Location -Name $VaultName
}
Set-AzureRmRecoveryServicesBackupProperties -Vault $vault -BackupStorageRedundancy LocallyRedundant
With regards removing existing vaults and transferring existing backup points:
The existing vault does not need to be deleted, however any protected items will need to be removed from the vault before they can be added to a new vault. It is not sufficient to simply stop backup on the protected item - all the restore points must also be deleted before the item can be added to the new vault
I cannot find any documentation, facility in the Portal or PowerShell which would allow the migration of existing protected items and/or restore points
The only way I've been able to change from Geo-Redundant Storage (GRS) to Locally Redundant Storage (LRS) is to create a new empty vault in the old portal (https://manage.windowsazure.com).
In the old portal you can change storage type in "Configuration".
I expect you will also be able to do it with PowerShell, but haven't tried it though.
You can register your server with 1 vault. In order to register your server with the new vault, you need to use the new vault credentials downloaded from manage.windowsazure.com
You can have multiple vaults. If you do not use your current vault in the future, it will stay there. You have to pay for each vault. So, if you don't need it in the future, it may be better to remove it completely.
There is a comprehensive documentation here:
https://azure.microsoft.com/en-us/documentation/services/backup/