$myResourceGroup="rg-fhpl-use-qa"
$location="eastus"
$storagename = "stousefhplqa"
$container = "mybackupcontainer"
$ADE_KV_NAME = "keyvault-common-fhpl-qa"
$nameofsecret = "secnamefhplqa"
$upnname = "XXXXX.onmicrosoft.com" # put your valid upn name here
$subsid = "9239f519-XXXX-4e92-XXXX-c84d53XX3714"
# Create a resource group.
az group create --location $location --name $myResourceGroup
# Create a Storage Account
az storage account create --name $storagename --resource-group $myResourceGroup --location $location --sku Standard_LRS --kind=StorageV2
# Create a storage container
az storage container create --account-name $storagename --name $container
az keyvault create --name $ADE_KV_NAME --resource-group $myResourceGroup --location $location --sku premium
echo "- Key vault: $ADE_KV_NAME"
#
az role assignment create --role "Storage Account Key Operator Service Role" --assignee 'https://vault.azure.net' --scope "/subscriptions/$subsid/resourceGroups/$myResourceGroup/providers/Microsoft.Storage/storageAccounts/$storagename"
az keyvault set-policy --name $ADE_KV_NAME --upn $upnname --storage-permissions get list delete set update regeneratekey getsas listsas deletesas setsas recover backup restore purge
# Give your user principal access to all storage account permissions, on your Key Vault instance
az keyvault storage add --vault-name $ADE_KV_NAME -n $storagename --active-key-name key1 --auto-regenerate-key --regeneration-period P1D --resource-id "/subscriptions/$subsid/resourceGroups/$myResourceGroup/providers/Microsoft.Storage/storageAccounts/$storagename"
$pkey = az storage account keys list -g $myResourceGroup -n $storagename --query [0].value -o tsv
$sastoken = az storage account generate-sas --expiry '2022-12-31' --permissions cdlruwap --resource-types sco --services bfqt --https-only --account-name $storagename --account-key (az storage account keys list -g $myResourceGroup -n $storagename --query [0].value -o tsv)
$sastoken
az keyvault storage sas-definition create --vault-name $ADE_KV_NAME --account-name $storagename -n $nameofsecret --validity-period P1D --sas-type account --template-uri $sastoken
az keyvault storage sas-definition show --id "https://$ADE_KV_NAME.vault.azure.net/storage/$storagename/sas/$nameofsecret"
az keyvault secret show --id "https://$ADE_KV_NAME.vault.azure.net/secrets/$storagename-$nameofsecret"
Its very informative blog and useful article thank you for sharing with us , keep posting learn more
ReplyDeleteMulesoft Training in Hyderabad
Mulesoft Online Training Hyderabad
mulesoft online training in India