Get storage account configuration information

Article
01/05/2024

This article shows how to get configuration information and properties for an Azure Storage account by using the Azure portal, PowerShell, or Azure CLI.

Get the resource ID for a storage account

Every Azure Resource Manager resource has an associated resource ID that uniquely identifies it. Certain operations require that you provide the resource ID. You can get the resource ID for a storage account by using the Azure portal, PowerShell, or Azure CLI.

To display the Azure Resource Manager resource ID for a storage account in the Azure portal, follow these steps:

Navigate to your storage account in the Azure portal.
On the Overview page, in the Essentials section, select the JSON View link.
The resource ID for the storage account is displayed at the top of the page.

To return the Azure Resource Manager resource ID for a storage account with PowerShell, make sure you have installed the Az.Storage module. Next, call the Get-AzStorageAccount command to return the storage account and get its resource ID:

(Get-AzStorageAccount -ResourceGroupName <resource-group> -Name <storage-account>).Id

To return the Azure Resource Manager resource ID for a storage account with Azure CLI, call the az storage account show command and query the resource ID:

az storage account show \
    --name <storage-account> \
    --resource-group <resource-group> \
    --query id \
    --output tsv

You can also get the resource ID for a storage account by calling the Storage Accounts - Get Properties operation in the REST API.

For more information about types of resources managed by Azure Resource Manager, see Resource providers and resource types.

Get the account type, location, or replication SKU for a storage account

The account type, location, and replication SKU are some of the properties available on a storage account. You can use the Azure portal, PowerShell, or Azure CLI to view these values.

To view the account type, location, or replication SKU for a storage account in the Azure portal, follow these steps:

Navigate to your storage account in the Azure portal.
Locate these properties on the Overview page, in the Essentials section

To view the account type, location, or replication SKU for a storage account with PowerShell, call the Get-AzStorageAccount command to return the storage account, then check the properties:

$account = Get-AzStorageAccount -ResourceGroupName <resource-group> -Name <storage-account>
$account.Location
$account.Sku
$account.Kind

To view the account type, location, or replication SKU for a storage account with PowerShell, call the az storage account show command and query the properties:

az storage account show \
    --name <storage-account> \
    --resource-group <resource-group> \
    --query '[location,sku,kind]' \
    --output tsv

Get service endpoints for the storage account

The service endpoints for a storage account provide the base URL for any blob, queue, table, or file object in Azure Storage. Use this base URL to construct the address for any given resource.

To get the service endpoints for a storage account in the Azure portal, follow these steps:

Navigate to your storage account in the Azure portal.
In the Settings section, locate the Endpoints setting.
On the Endpoints page, you'll see the service endpoint for each Azure Storage service, as well as the resource ID.

If the storage account is geo-replicated, the secondary endpoints will also appear on this page.

To get the service endpoints for a storage account with PowerShell, call Get-AzStorageAccount and return the PrimaryEndpoints property. If the storage account is geo-replicated, then the SecondaryEndpoints property returns the secondary endpoints.

(Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).PrimaryEndpoints
(Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).SecondaryEndpoints

To get the service endpoints for a storage account with Azure CLI, call az storage account show and return the primaryEndpoints property. If the storage account is geo-replicated, then the secondaryEndpoints property returns the secondary endpoints.

az storage account show \
    --resource-group <resource-group> \
    --name <account-name> \
    --query '[primaryEndpoints, secondaryEndpoints]'

Get a connection string for the storage account

You can use a connection string to authorize access to Azure Storage with the account access keys (Shared Key authorization). To learn more about connection strings, see Configure Azure Storage connection strings.

Important

Your storage account access keys are similar to a root password for your storage account. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Avoid distributing access keys to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they may have been compromised.

Azure recommends using Microsoft Entra ID to authorize requests against blob, file, and queue data if possible, rather than using the account keys (Shared Key authorization). Authorization with Microsoft Entra ID provides superior security and ease of use over Shared Key authorization. For more information, see Authorize access to data in Azure Storage or Authorize access to file data in the Azure portal.

To get a connection string in the Azure portal, follow these steps:

Navigate to your storage account in the Azure portal.
In the Security + networking section, locate the Access keys setting.
To display the account keys and associated connection strings, select the Show keys button at the top of the page.
To copy a connection string to the clipboard, select the Copy button to the right of the connection string.

To get a connection string with PowerShell, first get a StorageAccountContext object, then retrieve the ConnectionString property.

$rgName = "<resource-group>"
$accountName = "storagesamplesdnszone2"

(Get-AzStorageAccount -ResourceGroupName <resource-group> -Name <storage-account>).Context.ConnectionString

To get a connection string with Azure CLI, call the az storage account show-connection-string command.

az storage account show-connection-string --resource-group <resource-group> --name <storage-account>

Get the creation time of the account access keys for a storage account

If the keyCreationTime property of one or both of the account access keys for a storage account is null, then you will need to rotate the keys before you can configure a key expiration policy or a SAS expiration policy. You can check the keyCreationTime for a storage account by using the Azure portal, PowerShell, or Azure CLI.

To display the creation time of the account access keys for a storage account in the Azure portal, follow these steps:

Navigate to your storage account in the Azure portal.
On the Overview page, in the Essentials section, select the JSON View link.
On the Resource JSON page, select the most recent API version.
In the JSON under properties you will see the keyCreationTime for key1 and key2.

To return the creation time of the account access keys for a storage account with PowerShell, make sure you have installed the Az.Storage module. Next, call the Get-AzStorageAccount command to get the keyCreationTime property, which includes the creation time for both keys. In the sample code below we get the keyCreationTime for both keys and test whether each value is null:

$rgName      = <resource-group>
$accountName = <storage-account>

# Get the keyCreationTime property of the storage account
$keyCreationTime = (Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).keyCreationTime
# Display the value for both keys
$keyCreationTime
# Check both properties for null values
Write-Host 'keyCreationTime.key1 is null = ' ($keyCreationTime.key1 -eq $null)
Write-Host 'keyCreationTime.key2 is null = ' ($keyCreationTime.key2 -eq $null)

To return the creation time of the account access keys for a storage account with Azure CLI, call the az storage account show command and query the keyCreationTime:

az storage account show \
    --name <storage-account> \
    --resource-group <resource-group> \
    --query keyCreationTime

You can also get the keyCreationTime for a storage account by calling the Storage Accounts - Get Properties operation in the REST API.

AI Skills Fest