ARM - How can I get the access key from a storage account to use in AppSettings later in the template?

I'm creating an Azure Resource Manager template that instantiates multiple resources, including an Azure storage account and an Azure App Service with a Web App.

I'd like to be able to capture the primary access key (or the full connection string, either way is fine) from the newly-created storage account, and use that as a value for one of the AppSettings for the Web App.

Is that possible?


Solution 1:

Use the listkeys helper function.

"appSettings": [
    {
      "name": "STORAGE_KEY",
      "value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]"
    }
]

This quickstart does something similar:

https://azure.microsoft.com/en-us/documentation/articles/cache-web-app-arm-with-redis-cache-provision/

Solution 2:

The syntax has changed since the other answer was accepted. The error you will now hit is 'Template language expression property 'key1' doesn't exist, available properties are 'keys'

Keys are now represented as an array of keys, and the syntax is now:

"StorageAccount": "[Concat('DefaultEndpointsProtocol=https;AccountName=',variables('StorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('StorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value)]",

See: http://samcogan.com/retrieve-azure-storage-key-in-arm-script/

Solution 3:

I faced with this issue two times. First in the 2015 and last today in May of 2017. I need to add connection strings to the WebApp - I want to add strings automatically from generated resources during deployment from the ARM template. It can help later to not add manually this values.

First time I used old version of the function listKeys (it looks like old version returns result not as object but as value):

"AzureWebJobsStorage": {
    "type": "Custom",
    "value": "[concat(variables('storageConnectionString'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2015-05-01-preview').key1)]"
},

Today last version of the working template is:

"resources": [
    {
      "apiVersion": "2015-08-01",
      "type": "config",
      "name": "connectionstrings",
      "dependsOn": [
        "[resourceId('Microsoft.Web/Sites/', parameters('webSiteName'))]"
      ],
      "properties": {
        "DefaultConnection": {
          "value": "[concat('Data Source=tcp:', reference(resourceId('Microsoft.Sql/servers/', parameters('sqlserverName'))).fullyQualifiedDomainName, ',1433;Initial Catalog=', parameters('databaseName'), ';User Id=', parameters('administratorLogin'), '@', parameters('sqlserverName'), ';Password=', parameters('administratorLoginPassword'), ';')]",
          "type": "SQLServer"
        },
        "AzureWebJobsStorage": {
          "type": "Custom",
          "value": "[concat(variables('storageConnectionString'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageName')), '2016-01-01').keys[0].value)]"
        },
        "AzureWebJobsDashboard": {
          "type": "Custom",
          "value": "[concat(variables('storageConnectionString'), listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageName')), '2016-01-01').keys[0].value)]"
        }
      }
    },

Thanks.

Solution 4:

below is example for adding storage account to ADLA

"storageAccounts": [
                  {
                    "name": "[parameters('DataLakeAnalyticsStorageAccountname')]",
                    "properties": {
                      "accessKey": "[listKeys(variables('storageAccountid'),'2015-05-01-preview').key1]"
                    }
                }
            ],

in variable you can keep

"variables": {
        "apiVersion": "[providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]]",
         "storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', parameters('DataLakeAnalyticsStorageAccountname'))]"
    },