page_type | languages | products | description | urlFragment | ||
---|---|---|---|---|---|---|
sample |
|
|
This sample repo includes sample code demonstrating common mechanisms for managing storage account keys using Key Vault. |
key-vault-node-storage-accounts |
This sample repo includes sample code demonstrating common mechanisms for managing storage account keys using Key Vault.
- node.js 8+
- An Azure Service Principal for running the sample on your Azure account. You can create an Azure service principal using one of the following guides:
-
If you don't have it, install node.js
-
Set the following environment variables using the information from your service principal.
export AZURE_SUBSCRIPTION_ID={your subscription id} export AZURE_CLIENT_ID={your client id} export AZURE_CLIENT_SECRET={your client secret} export AZURE_TENANT_ID={your tenant id as a GUID} export AZURE_CLIENT_OID={Object id of the service principal}
On Windows, use
set
instead ofexport
. -
Clone the repo, install node packages, and run.
git clone https://github.com/Azure-Samples/key-vault-node-storage-accounts.git key-vault cd key-vault npm install node storage_account_sample.js
Certain portions of this sample require authenticated user to execute. For this reason the sample will prompt the user to authenticate with a device code. For more details see in-line comments in storage_acount_sample.js
The storage account sample is broken down into 8 different methods called in sequence by the main()
method in storage_account_sample.js
:
async function main() {
console.log('Azure Key Vault - Managed Storage Account Key Sample');
// Get or create our sample vault
const vault = await SampleUtil.getSampleVault();
// Create and add a storage account to our sample vault
const storageAccount = await addStorageAccount(vault);
// Demonstrate updating properties of the managed storage account
await updateStorageAccount(storageAccount, vault);
// Demonstrate regeneration of a storage account key
await regenerateStorageAccountKey(storageAccount, vault);
// Demonstrate listing off the storage accounts in the vault
await getStorageAccounts(vault);
// Demonstrate the creation of an account-level SAS definition
await createAccountSASDefinition(storageAccount, vault);
// Demonstrate the creation of a container-level SAS definition
await createBlobSASDefinition(storageAccount, vault);
// List all SAS definitions in the account
await getSASDefinitions(storageAccount, vault);
// Finally, remove the storage account from the vault
await deleteStorageAccount(vault, storageAccount);
}