ResourceModules icon indicating copy to clipboard operation
ResourceModules copied to clipboard

Published 20 hours ago verified publisher icon Azure

[Question/Feedback from Discussions] Retrieve storage primary key

Open eriqua opened this issue 2 years ago • 2 comments

Discussed in https://github.com/Azure/ResourceModules/discussions/2655

Originally posted by sitoder February 5, 2023

In my main.bicep I create a storage account:

module r_storage 'br/modules:microsoft.storage.storageaccounts:latest'={ name:p_storageName params:{ name:p_storageName location:p_location storageAccountSku:'Standard_LRS' storageAccountKind:'StorageV2' storageAccountAccessTier:'Hot' allowBlobPublicAccess:false minimumTlsVersion:'TLS1_2' fileServices:{ shares:[ { name:p_storageMountName shareQuota:10 } ] } } }

Afterwards in the same main, i need to retrieve the storage account's primary key in order to create a container app environment mount point. resource r_storageMount 'Microsoft.App/managedEnvironments/storages@2022-06-01-preview' = { name: p_storageMountName parent: r_cae dependsOn:[ r_storage ] properties: { azureFile: { accessMode: 'ReadWrite' accountKey: ?????????????????? accountName: r_storage.outputs.name shareName: p_storageMountName } } } Since the storage module does not output the key for obvious reasons, I am not really sure how i should use the listKeys function to get that. I'd rather not to use a keyvault as an option (although it's tackling the same situation, how to get the storage key and put it there in the first place), but if anything else fails, I can give it a go. Was looking at https://github.com/Azure/bicep/discussions/6173 , but not sure if that'd work either. Could you please advise on the best (and secure) approach here?

eriqua avatar Apr 23 '23 10:04 eriqua

@eriqua As a workaround, you can use variables and listKeys to get the storage key using the storage account name

for example: var storageAccountKey = listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', storageAccountName), '2022-09-01').keys[0].value

samuelya avatar Apr 24 '23 16:04 samuelya

Linked to https://github.com/Azure/bicep-registry-modules/issues/1934

AlexanderSehr avatar May 19 '24 19:05 AlexanderSehr

Closing as this is currently being worked on in the previously linked issue https://github.com/Azure/bicep-registry-modules/issues/1934

AlexanderSehr avatar Jun 15 '24 12:06 AlexanderSehr