I'm trying to set a new application setting for azure storage key, the problem is that the '==' at the end of the key is not been recognized, I try to generate a new key but it seems that very key ends in '=='
I test with portal and powershell, they all could work.
In the portal, go to your app service->Configuration->+New application setting and set your key there.
With powershell I use the below code to update it:
Set-AzureRMWebApp -ResourceGroupName $myResourceGroup -Name $mySite -AppSettings $hash
With these two ways, the key could be recognized, I check them in the kudu.
So if you are not using these way and you still fail to set it please feel free to let me know.
Related
The scenario we're facing is that we have several secrets that have different values in each environment. Also, in the future, we are going to have new secrets.
So, the question is what is the best way for adding secrets to the key vault?
Manually: For each secret, we need to add it manually through either the portal or Azure CLI. We need to do it manually across all environments such as dev,qa, prod. The downside is that everything is manual and we need to hand over secrets to someone to add them to the key vault.
Automated: Is there any way for automating the whole process without putting secrets in files?
We need to do it manually across all environments such as dev,qa, prod.
We could save the key to different Azure DevOps Variable groups and set the value to secret, then use them in different environments.
We can add task Azure PowerShell and add the key vault via below script, then use it in the other task. Please refer to this ticket for more details.
$secretvalue = ConvertTo-SecureString $(Secret) -AsPlainText -Force
Set-AzureKeyVaultSecret -VaultName $(VaultName) -Name $(SecretName) -SecretValue (ConvertTo-SecureString $(Secret) -AsPlainText -Force)
I need to remove any Authentication Key that the Storage Accounts of my subscriptions. Do you know if there is any way to remove it? I was looking for a cmdlet in powershell to do it but was unable to find it.
I was able to retrieve the list of Storage Accounts and check if there is an authentication key set, however I was unable to remove them. I tried to set them as null, but it didn't work
$colStorageAccounts = Get-AzureRMStorageAccount
for ($objStorageAccount in $colStorageAccounts)
{
$objAccountKey = Get-AzureRMStorageAccountKey -ResourceGroupName $objStorageAccount.ResourceGroupName -AccountName $objStorageAccount.Id
if ($objAccountKey -ne $null)
{
here i should set the code for remove it
}
}
As you can see from the list of commands supported on azure storage module, there is no command to delete account key, Instead you can remove the container if you need or generate a new one from the portal.
In Azure RM Powershell the statement
Remove-AzureRmKeyVault -InputObject $sdvobjKeyVault -Force
always pops up with the prompt whether I really want to execute that action - '-Force' seems to get ignored! Now then, how to have a KV deleted from a RG without user interaction via Azure Powershell?
I'm not seeing the same behavior here. Adding -Force suppresses the confirmation as expected.
Any reason you are using the old AzureRm commands? You should start making the move to the Az commands. Here is a good reference for KeyVaults including the ability to manage the Soft Delete for vaults.
MS Docs Reference: https://learn.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-powershell
I have uploaded an SSl certificate on the azure portal for my web app.
Is there a way to add key-value tag for the cert? From the documentation, I see tags only for resource-group etc but not for a particular cert.
If you are able to see the certificate in your resource group, just add tag as usual.
On my side, the certificate is hidden because it's managed by Azure. I can show it by clicking the checkbox on top of your resource group.
If after you click the certificate and there is no Tags bar on its panel, you can choose to use cloud shell to add tag. You can find the cloud shell on top right of your portal.
The first time you run it, you may need to create storage for the shell, just follow the steps azure provides. Then we can add tags. Use powershell script as an example, just two commands to achieve your goal.
$r = Get-AzureRmResource -ResourceName certificatename -ResourceGroupName resourcegroupname
Set-AzureRmResource -Tag #{ TagName="TagValue"} -ResourceId $r.ResourceId -Force
Things work on my side. Any further question, just ask.
Looking at the REST API documentation for Create or Update Certificate, looks like it is possible to assign tags to SSL Certificates. I believe this functionality is not exposed on the Portal. I looked up Azure Powershell Cmdlets as well and couldn't find anything there (it is entirely possible that I may have missed out something).
If you need to assign tags to SSL Certificate, you can always use REST API and invoke that API using either writing code or using a tool like Postman. Other thing you should look at is Azure SDK. In all likelihood, you will find some functionality there which will let you assign tags to a SSL certificate.
We use Azure Backup and set our backup vaults to use GRS. We want to use LRS instead. It is understood that this cannot be changed once machines have been added to the vault, and we need to start from scratch. Two questions:
Do I need to remove the current vault first before I set up a new vault for that same server?
Can the current backups be transferred to the new vault?
Changing a Recovery Service Vault's storage replication type can be achieved via the Portal or PowerShell. Unfortunately, this option is greyed-out in the Portal, and whilst the cmdlet successfully executes, it doesn't change the underlying value: if there is one or more Protected Instances already contained in the vault.
Because of this, and because the default value is GeoRedundant, this must be set before any items have been protected.
To set the storage to Locally Redundant via the Portal:
Create/Open the Recovery Services Vault
Scroll-down and select Backup Infrastructure
Select Backup Configuration
Set Storage replication type to Locally-redundant
To achieve the same via PowerShell:
$RG = 'testResourceGroup'
$VaultName = 'testVault'
$Location = 'Central US'
$vault = Get-AzureRmRecoveryServicesVault -ResourceGroupName $RG -Name $VaultName
If (-not $vault) {
$vault = New-AzureRmRecoveryServicesVault -ResourceGroupName $RG -Location $Location -Name $VaultName
}
Set-AzureRmRecoveryServicesBackupProperties -Vault $vault -BackupStorageRedundancy LocallyRedundant
With regards removing existing vaults and transferring existing backup points:
The existing vault does not need to be deleted, however any protected items will need to be removed from the vault before they can be added to a new vault. It is not sufficient to simply stop backup on the protected item - all the restore points must also be deleted before the item can be added to the new vault
I cannot find any documentation, facility in the Portal or PowerShell which would allow the migration of existing protected items and/or restore points
The only way I've been able to change from Geo-Redundant Storage (GRS) to Locally Redundant Storage (LRS) is to create a new empty vault in the old portal (https://manage.windowsazure.com).
In the old portal you can change storage type in "Configuration".
I expect you will also be able to do it with PowerShell, but haven't tried it though.
You can register your server with 1 vault. In order to register your server with the new vault, you need to use the new vault credentials downloaded from manage.windowsazure.com
You can have multiple vaults. If you do not use your current vault in the future, it will stay there. You have to pay for each vault. So, if you don't need it in the future, it may be better to remove it completely.
There is a comprehensive documentation here:
https://azure.microsoft.com/en-us/documentation/services/backup/