Search code examples
powershellazureazure-blob-storageazure-data-factoryazure-automation

Azure Rotate Storage Keys and Update ADF Linked Service

I am looking for a way to implement doing key rotation in an Azure Automation I have found a way to create a powershell runbook and have implemented the following code:

$azureAccountName = <acct_name>
$azurePassword = ConvertTo-SecureString <pass> -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePassword)
Login-AzureRmAccount -ServicePrincipal -Credential $psCred -TenantId <tenant id> -SubscriptionId <sub id>

#Optionally you may set the following as parameters
$StorageAccountName = <storage acct name>
$RGName = <rg name>

#Key name. For example key1 or key2 for the storage account
New-AzureRmStorageAccountKey -ResourceGroupName $RGName -Name $StorageAccountName -KeyName "key1" -Verbose
New-AzureRmStorageAccountKey -ResourceGroupName $RGName -Name $StorageAccountName -KeyName "key2" -Verbose

When I ran this, it worked, however, it broke my Azure Data Factory Linked Service. I realized that the connection string for the linked service is broken, so I set out to try to reset the connection string in the automation script. I was able to get the connection string by doing:

(Get-AzureRmDataFactoryLinkedService -DataFactoryName <adf name> -ResourceGroupName <rg name> -Name <ls name>).Properties.TypeProperties.ConnectionString

I cannot find a way to set this connection string using powershell and azure automation.

Solution

  • You could use Power Shell to rest this connection. But you need use Remove-AzureRmDataFactoryLinkedService (Removes a linked service from Azure Data Factory.) and use New-AzureRmDataFactoryLinkedService to re-link your storage account to data factory.

    Please refer to this tutorial.

    You need create a json file like below:

    {
    "name": "AzureStorageLinkedService",
    "properties": {
        "type": "AzureStorage",
        "typeProperties": {
            "connectionString": "DefaultEndpointsProtocol=https;AccountName=<accountname>;AccountKey=<accountkey>"
        }
    }
 }

    Use New-AzureRmDataFactoryLinkedService to link.

    New-AzureRmDataFactoryLinkedService -ResourceGroupName ADFTutorialResourceGroup -DataFactoryName <Name of your data factory> -File .\AzureStorageLinkedService.json

    But if you use Azure automation to execute this, there is a issue you will meet. On runbook, you could not store a json file, maybe you could save on a public github(no safe). Another solution is use Hybrid Runbook Worker.