az keyvault storage

Manage storage accounts.

Commands

az keyvault storage add Creates or updates a new storage account.
az keyvault storage backup Backs up the specified storage account.
az keyvault storage list List storage accounts managed by the specified key vault.
az keyvault storage list-deleted Lists deleted storage accounts for the specified vault.
az keyvault storage purge Permanently deletes the specified storage account.
az keyvault storage recover Recovers the deleted storage account.
az keyvault storage regenerate-key Regenerates the specified key value for the given storage account.
az keyvault storage remove Deletes a storage account.
az keyvault storage restore Restores a backed up storage account to a vault.
az keyvault storage sas-definition Manage storage account SAS definitions.
az keyvault storage sas-definition create Creates or updates a new SAS definition for the specified storage account.
az keyvault storage sas-definition delete Deletes a SAS definition from a specified storage account.
az keyvault storage sas-definition list List storage SAS definitions for the given storage account.
az keyvault storage sas-definition list-deleted Lists deleted SAS definitions for the specified vault and storage account.
az keyvault storage sas-definition recover Recovers the deleted SAS definition.
az keyvault storage sas-definition show Gets information about a SAS definition for the specified storage account.
az keyvault storage sas-definition show-deleted Gets the specified deleted sas definition.
az keyvault storage sas-definition update Updates the specified attributes associated with the given SAS definition.
az keyvault storage show Gets information about a specified storage account.
az keyvault storage show-deleted Gets the specified deleted storage account.
az keyvault storage update Updates the specified attributes associated with the given storage account.

az keyvault storage add

Creates or updates a new storage account.

az keyvault storage add --active-key-name
--name
--resource-id
--vault-name
[--auto-regenerate-key {false, true}]
[--disabled {false, true}]
[--regeneration-period]
[--subscription]
[--tags]

Examples

Create a storage account and setup a vault to manage its keys

$id = az storage account create -g resourcegroup -n storageacct --query id

# assign the Azure Key Vault service the "Storage Account Key Operator Service Role" role.
az role assignment create --role "Storage Account Key Operator Service Role" --scope $id \
--assignee cfa8b339-82a2-471a-a3c9-0fc0be7a4093

az keyvault storage add --vault-name vault -n storageacct --active-key-name key1    \
--auto-regenerate-key --regeneration-period P90D  --resource-id $id

Required Parameters

--active-key-name

Current active storage account key name.

--name -n

Name to identify the storage account in the vault.

--resource-id

Storage account resource id.

--vault-name

Name of the key vault.

Optional Parameters

--auto-regenerate-key

Whether keyvault should manage the storage account for the user.

accepted values: false, true
--disabled

Add the storage account in a disabled state.

accepted values: false, true
--regeneration-period

The key regeneration time duration specified in ISO-8601 format, such as "P30D" for rotation every 30 days.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

az keyvault storage backup

Backs up the specified storage account.

az keyvault storage backup --file
[--id]
[--name]
[--subscription]
[--vault-name]

Required Parameters

--file -f

Local file path in which to store storage account backup.

Optional Parameters

--id

Id of the storage account. If specified all other 'Id' arguments should be omitted.

--name -n

Name to identify the storage account in the vault. Required if --id is not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vault-name

Name of the key vault. Required if --id is not specified.

az keyvault storage list

List storage accounts managed by the specified key vault.

az keyvault storage list --vault-name
[--maxresults]
[--subscription]

Required Parameters

--vault-name

Name of the key vault.

Optional Parameters

--maxresults

Maximum number of results to return in a page. If not specified the service will return up to 25 results.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az keyvault storage list-deleted

Lists deleted storage accounts for the specified vault.

az keyvault storage list-deleted --vault-name
[--maxresults]
[--subscription]

Required Parameters

--vault-name

Name of the key vault.

Optional Parameters

--maxresults

Maximum number of results to return in a page. If not specified the service will return up to 25 results.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az keyvault storage purge

Permanently deletes the specified storage account.

az keyvault storage purge --name
--vault-name
[--subscription]

Required Parameters

--name -n

Name to identify the storage account in the vault.

--vault-name

Name of the key vault.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az keyvault storage recover

Recovers the deleted storage account.

az keyvault storage recover --name
--vault-name
[--subscription]

Required Parameters

--name -n

Name to identify the storage account in the vault.

--vault-name

Name of the key vault.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az keyvault storage regenerate-key

Regenerates the specified key value for the given storage account.

az keyvault storage regenerate-key --key-name
[--id]
[--name]
[--subscription]
[--vault-name]

Required Parameters

--key-name

The storage account key name.

Optional Parameters

--id

Id of the storage account. If specified all other 'Id' arguments should be omitted.

--name -n

Name to identify the storage account in the vault. Required if --id is not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vault-name

Name of the key vault. Required if --id is not specified.

az keyvault storage remove

Deletes a storage account.

az keyvault storage remove [--id]
[--name]
[--subscription]
[--vault-name]

Optional Parameters

--id

Id of the storage account. If specified all other 'Id' arguments should be omitted.

--name -n

Name to identify the storage account in the vault. Required if --id is not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vault-name

Name of the key vault. Required if --id is not specified.

az keyvault storage restore

Restores a backed up storage account to a vault.

az keyvault storage restore --file
--vault-name
[--subscription]

Required Parameters

--file -f

Local key backup from which to restore storage account.

--vault-name

Name of the key vault.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az keyvault storage show

Gets information about a specified storage account.

az keyvault storage show [--id]
[--name]
[--subscription]
[--vault-name]

Optional Parameters

--id

Id of the storage account. If specified all other 'Id' arguments should be omitted.

--name -n

Name to identify the storage account in the vault. Required if --id is not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vault-name

Name of the key vault. Required if --id is not specified.

az keyvault storage show-deleted

Gets the specified deleted storage account.

az keyvault storage show-deleted --name
--vault-name
[--subscription]

Required Parameters

--name -n

Name to identify the storage account in the vault.

--vault-name

Name of the key vault.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az keyvault storage update

Updates the specified attributes associated with the given storage account.

az keyvault storage update [--active-key-name]
[--auto-regenerate-key {false, true}]
[--disabled {false, true}]
[--id]
[--name]
[--regeneration-period]
[--subscription]
[--tags]
[--vault-name]

Optional Parameters

--active-key-name

The current active storage account key name.

--auto-regenerate-key

Whether keyvault should manage the storage account for the user.

accepted values: false, true
--disabled

Add the storage account in a disabled state.

accepted values: false, true
--id

Id of the storage account. If specified all other 'Id' arguments should be omitted.

--name -n

Name to identify the storage account in the vault. Required if --id is not specified.

--regeneration-period

The key regeneration time duration specified in ISO-8601 format, such as "P30D" for rotation every 30 days.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

--vault-name

Name of the key vault. Required if --id is not specified.