使用 PowerShell 轮换存储帐户访问密钥Rotate storage account access keys with PowerShell

此脚本会创建一个 Azure 存储帐户,显示新存储帐户的主访问密钥,然后续订(轮换)密钥。This script creates an Azure Storage account, displays the new storage account's primary access key, then renews (rotates) the key.

本示例需要 Azure PowerShell。This sample requires Azure PowerShell. 运行 Get-Module -ListAvailable Az 即可查找版本。Run Get-Module -ListAvailable Az to find the version. 如果需要进行安装或升级,请参阅安装 Azure PowerShell 模块If you need to install or upgrade, see Install Azure PowerShell module.

运行 Connect-AzAccount -Environment AzureChinaCloud,创建与 Azure 的连接。Run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

示例脚本Sample script

# this script will show how to rotate one of the access keys for a storage account

# get list of locations and pick one
Get-AzLocation | select Location

# save the location you want to use  
$location = "China East"

# create a resource group
$resourceGroup = "rotatekeystestrg"
New-AzResourceGroup -Name $resourceGroup -Location $location 

# create a standard general-purpose storage account 
$storageAccountName = "contosotestkeys"
New-AzStorageAccount -ResourceGroupName $resourceGroup `
  -Name $storageAccountName `
  -Location $location `
  -SkuName Standard_LRS `

# retrieve the first storage account key and display it 
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroup -Name $storageAccountName).Value[0]

Write-Host "storage account key 1 = " $storageAccountKey

# re-generate the key
New-AzStorageAccountKey -ResourceGroupName $resourceGroup `
    -Name $storageAccountName `
    -KeyName key1

# retrieve it again and display it 
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroup -Name $storageAccountName).Value[0]
Write-Host "storage account key 1 = " $storageAccountKey

清理部署Clean up deployment

运行以下命令来删除资源组、存储帐户和所有相关资源。Run the following command to remove the resource group, storage account, and all related resources.

Remove-AzResourceGroup -Name rotatekeystestrg

脚本说明Script explanation

此脚本使用以下命令创建存储帐户并检索和轮换其中的一个访问密钥。This script uses the following commands to create the storage account and retrieve and rotate one of its access keys. 表中的每一项均链接到命令特定的文档。Each item in the table links to command-specific documentation.

CommandCommand 说明Notes
Get-AzLocationGet-AzLocation 获取所有位置以及每个位置支持的资源提供程序。Gets all locations and the supported resource providers for each location.
New-AzResourceGroupNew-AzResourceGroup 创建 Azure 资源组。Creates an Azure resource group.
New-AzStorageAccountNew-AzStorageAccount 创建存储帐户。Creates a Storage account.
Get-AzStorageAccountKeyGet-AzStorageAccountKey 获取 Azure 存储帐户的访问密钥。Gets the access keys for an Azure Storage account.
New-AzStorageAccountKeyNew-AzStorageAccountKey 重新生成 Azure 存储帐户的访问密钥。Regenerates an access key for an Azure Storage account.

后续步骤Next steps

有关 Azure PowerShell 模块的详细信息,请参阅 Azure PowerShell 文档For more information on the Azure PowerShell module, see Azure PowerShell documentation.

有关其他存储 PowerShell 脚本示例,可参阅 Azure Blob 存储的 PowerShell 示例Additional storage PowerShell script samples can be found in PowerShell samples for Azure Blob storage.