Create a storage account and rotate its account access keys

This script creates an Azure Storage account, displays the new storage account's access keys, then renews (rotates) the keys.

To run this sample, make sure you have installed the latest Azure CLI 2.0. To start, run az login to create a connection with Azure.

This sample works in a Bash shell. For options on running Azure CLI scripts on Windows client, see Install the Azure CLI on Windows.

If you don't have an Azure subscription, create a free account before you begin.

Sample script

#!/bin/bash

# Create a resource group
az group create --name myResourceGroup --location eastus

# Create a general-purpose standard storage account
az storage account create \
    --name mystorageaccount \
    --resource-group myResourceGroup \
    --location eastus \
    --sku Standard_RAGRS \
    --encryption blob

# List the storage account access keys
az storage account keys list \
    --resource-group myResourceGroup \
    --account-name mystorageaccount 

# Renew (rotate) the PRIMARY access key
az storage account keys renew \
    --resource-group myResourceGroup \
    --account-name mystorageaccount \
    --key primary

# Renew (rotate) the SECONDARY access key
az storage account keys renew \
    --resource-group myResourceGroup \
    --account-name mystorageaccount \
    --key secondary

Clean up deployment

Run the following command to remove the resource group, storage account, and all related resources.

az group delete --name myResourceGroup

Script explanation

This script uses the following commands to create the storage account and retrieve and rotate its access keys. Each item in the table links to command-specific documentation.

Command Notes
az group create Creates a resource group in which all resources are stored.
az storage account create Creates an Azure Storage account in the specified resource group.
az storage account keys list Displays the storage account access keys for the specified account.
az storage account keys renew Regenerates the primary or secondary storage account access key.

Next steps

For more information on the Azure CLI, see Azure CLI documentation.

Additional storage CLI script samples can be found in the Azure CLI samples for Azure Blob storage.