locked
Get Storage Keys using Rest API in powershell RRS feed

  • Question

  •  Hi,

     I am looking for a help to get azure classic storage keys using powershell ARM commands.

     Here is what I tried

     Details:  Able to get account details using Get-AzureRmResource but unable to get keys

     I created AAD App and provided Reader access to subscription

    $clientId = "appid"
    $clientSecret = "app secret"
    $directory = "domain"
    $subscriptionId = "subid"
    $StorageAccountName = "name"
    $TenantId = "tenantid"

    $SecurePassword = $clientSecret | ConvertTo-SecureString -AsPlainText -Force
    $cred = new-object -typename System.Management.Automation.PSCredential `
         -argumentlist $clientId, $SecurePassword

    $loginresult = Add-AzureRmAccount -Credential $cred -Tenant $TenantId -ServicePrincipal

    $selectsub = Select-AzureRmSubscription –SubscriptionId $subscriptionId

    Get-AzureRmResource -ResourceGroupName "Default-Storage-EastUS" -ResourceType Microsoft.ClassicStorage/storageAccounts -ResourceName "name" -ApiVersion 2016-04-01

    Also tried using Rest API as shown below but getting forbidden error

    $uri = "https://login.windows.net/" + $directory + "/oauth2/token"
    $body = "grant_type=client_credentials"
    $body += "&client_id=" + $clientId
    $body += "&client_secret=" + [Uri]::EscapeDataString($clientSecret)
    $body += "&resource=" + [Uri]::EscapeDataString("https://management.core.windows.net/")
    $headers = @{"Accept"="application/json"}
    $enc = New-Object "System.Text.ASCIIEncoding"
    $byteArray = $enc.GetBytes($body)
    $contentLength = $byteArray.Length
    $headers.Add("Content-Type","application/x-www-form-urlencoded")
    $headers.Add("Content-Length",$contentLength)
    $result = try { 
        Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -Body $body 
    } catch { 
        $_.Exception.Response 

    $accessToken = $result.access_token

    $Uri = "https://management.core.windows.net/$SubscriptionID/services/storageservices/{0}/keys" -f $StorageAccountName
    Write-Output $Uri
    $header = "Bearer " + $accessToken
    Write-Output $header
    $date = [System.DateTime]::UtcNow.ToString("R")
    $headers = @{"Authorization"=$header;"Content-Type"="application/json"; "x-ms-version" = "2014-10-01"; "x-ms-date"=$date;}
    $result = try { 
            Invoke-RestMethod -Method GET -Uri $Uri -Headers $headers #| select -ExpandProperty StorageService | select -ExpandProperty StorageServiceKeys |
                                         #select -ExpandProperty primary
        } catch { 
            $_.Exception.Response 
        }

    Seeing forbidden error 

    IsMutuallyAuthenticated : False
    Cookies                 : {}
    Headers                 : {Content-Length, Content-Type, Date, Server}
    SupportsHeaders         : True
    ContentLength           : 288
    ContentEncoding         : 
    ContentType             : application/xml; charset=utf-8
    CharacterSet            : utf-8
    Server                  : Microsoft-HTTPAPI/2.0
    LastModified            : 7/9/2017 3:08:59 AM
    StatusCode              : Forbidden
    StatusDescription       : Forbidden
    ProtocolVersion         : 1.1
    ResponseUri             : https://management.core.windows.net/<subid>/services/storageservices/<storage account name>/keys
    Method                  : GET
    IsFromCache             : False

    Any help would be appreciated.

    Thanks,

    Paul



    • Edited by PAUL19_82 Tuesday, July 11, 2017 6:40 AM
    Sunday, July 9, 2017 8:01 AM

All replies

  • You can't get Azure Classic Storage account keys using the ARM PowerShell commands:

    1.Login-AzureRmAccount

    2.Get-AzureRmStorageAccountKey -ResourceGroupName "Resource group name" -Name "Storage account name"

    Output: 

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.


    • Proposed as answer by Md Shihab Monday, July 10, 2017 3:49 AM
    • Edited by vikranth s Monday, July 10, 2017 1:59 PM Made Correction
    Sunday, July 9, 2017 3:46 PM
  • Hi Vikranth,

     Thank you for your reply. This does not work for classic storage accounts. I have already tried this, it says Storage account does not exist.

    Thanks,

    Paul

    Monday, July 10, 2017 6:38 AM
  • Try the below commands to get classic storage account keys through PowerShell:

    1.Login-AzureAsAccount

    2.Get-AzureStorageKey -StorageAccountName "storage account name"

    Output:

    You can’t get classic storage account keys through ARM PowerShell commands. My bad, I think I got you confused.

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, July 10, 2017 1:57 PM
  • Hi Vikranth,

     I know it works but here my requirement is to get classic storage key when I logged in using ARM Command with Login-AzureRmAccount

    I mentioned all these details in my initial post.

    Thanks,

    Praveen V

     

    Monday, July 10, 2017 7:17 PM
  • I assume it should work with Rest API's as shown below but getting forbidden error Though AAD app is having contributor role access to subscription.

    $uri = "https://login.windows.net/" + $directory + "/oauth2/token"

    $body = "grant_type=client_credentials"
    $body += "&client_id=" + $clientId
    $body += "&client_secret=" + [Uri]::EscapeDataString($clientSecret)
    $body += "&resource=" + [Uri]::EscapeDataString("https://management.core.windows.net/")
    $headers = @{"Accept"="application/json"}
    $enc = New-Object "System.Text.ASCIIEncoding"
    $byteArray = $enc.GetBytes($body)
    $contentLength = $byteArray.Length
    $headers.Add("Content-Type","application/x-www-form-urlencoded")
    $headers.Add("Content-Length",$contentLength)
    $result = try { 
        Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -Body $body 
    } catch { 
        $_.Exception.Response 

    $accessToken = $result.access_token

    $Uri = "https://management.core.windows.net/$SubscriptionID/services/storageservices/{0}/keys" -f $StorageAccountName
    Write-Output $Uri
    $header = "Bearer " + $accessToken
    Write-Output $header
    $date = [System.DateTime]::UtcNow.ToString("R")
    $headers = @{"Authorization"=$header;"Content-Type"="application/json"; "x-ms-version" = "2014-10-01"; "x-ms-date"=$date;}
    $result = try { 
            Invoke-RestMethod -Method GET -Uri $Uri -Headers $headers #| select -ExpandProperty StorageService | select -ExpandProperty StorageServiceKeys |
                                         #select -ExpandProperty primary
        } catch { 
            $_.Exception.Response 
        }

    Seeing forbidden error 

    IsMutuallyAuthenticated : False
    Cookies                 : {}
    Headers                 : {Content-Length, Content-Type, Date, Server}
    SupportsHeaders         : True
    ContentLength           : 288
    ContentEncoding         : 
    ContentType             : application/xml; charset=utf-8
    CharacterSet            : utf-8
    Server                  : Microsoft-HTTPAPI/2.0
    LastModified            : 7/9/2017 3:08:59 AM
    StatusCode              : Forbidden
    StatusDescription       : Forbidden
    ProtocolVersion         : 1.1
    ResponseUri             : https://management.core.windows.net/<subid>/services/storageservices/<storage account name>/keys
    Method                  : GET
    IsFromCache             : False
    Tuesday, July 11, 2017 1:17 AM
  • You will not be able to use Azure Resource Management REST APIs to get Classic Storage account keys.

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, July 17, 2017 2:51 PM
  • Try this: 

    (Invoke-AzureRmResourceAction -Action listKeys -ResourceType "Microsoft.ClassicStorage/storageAccounts" -ApiVersion "2016-11-01" -ResourceGroupName Xiaowen01 -ResourceName xiaowen01 -Force).primaryKey

    • Proposed as answer by vikranth s Wednesday, October 11, 2017 1:43 PM
    Wednesday, October 11, 2017 3:27 AM
  • Try this: 

    (Invoke-AzureRmResourceAction -Action listKeys -ResourceType "Microsoft.ClassicStorage/storageAccounts" -ApiVersion "2016-11-01" -ResourceGroupName Xiaowen01 -ResourceName xiaowen01 -Force).primaryKey

    <g class="gr_ gr_5 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del" data-gr-id="5" id="5">Life saver</g>!
    Thursday, May 24, 2018 12:49 PM