Managed Azure Storage Account Keys for Azure Key Vault using the Azure Node SDK
This sample repo includes sample code demonstrating common mechanisms for managing storage account keys using Key Vault.
Prerequisites
- node.js 8+
- An Azure Service Principal for running the sample on your Azure account. You can create an Azure service principal using one of the following guides:
Quickstart
If you don't have it, install node.js
Set the following environment variables using the information from your service principal.
export AZURE_SUBSCRIPTION_ID={your subscription id} export AZURE_CLIENT_ID={your client id} export AZURE_CLIENT_SECRET={your client secret} export AZURE_TENANT_ID={your tenant id as a GUID} export AZURE_CLIENT_OID={Object id of the service principal}
On Windows, use
set
instead ofexport
.Clone the repo, install node packages, and run.
git clone https://github.com/Azure-Samples/key-vault-node-storage-accounts.git key-vault cd key-vault npm install node storage_account_sample.js
Note
Certain portions of this sample require authenticated user to execute. For this reason the sample will prompt the user to authenticate with a device code. For more details see in-line comments in storage_acount_sample.js
What does this sample do?
The storage account sample is broken down into 8 different methods called in sequence by the main()
method in storage_account_sample.js
:
async function main() {
console.log('Azure Key Vault - Managed Storage Account Key Sample');
// Get or create our sample vault
const vault = await SampleUtil.getSampleVault();
// Create and add a storage account to our sample vault
const storageAccount = await addStorageAccount(vault);
// Demonstrate updating properties of the managed storage account
await updateStorageAccount(storageAccount, vault);
// Demonstrate regeneration of a storage account key
await regenerateStorageAccountKey(storageAccount, vault);
// Demonstrate the creation of an account-level SAS definition
await createAccountSASDefinition(storageAccount, vault);
// Finally, remove the storage account from the vault
await deleteStorageAccount(vault, storageAccount);
}