Search code examples
azure-resource-managerazure-bicep

Error getting keys from Azure Storage Account with listkeys(...) method with Bicep syntax

I have a Bicep template to create an Azure Storage Account

@description('the name of the storage account')
param name string

@description('the alias of the storage account')
param shortName string

@description('tags')
param tags object

@description('the name of the key vault resource where place output secrets')
param keyVaultName string

resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  name: name
  location: resourceGroup().location
  sku: {
    name: 'Standard_LRS'
    tier: 'Standard'
  }
  kind: 'StorageV2'
  tags: union(tags, { 
    type: 'storage-account'
  })
}

Then, I need to get the keys

var keys = listkeys(storageAccount.id, storageAccount.apiVersion)

output keyObject object = keys[0]
output KeyValue string = keys[0].value

But everytime that I runs the template, I receive these errors:

{
  "code": "DeploymentOutputEvaluationFailed",
  "message": "Unable to evaluate template outputs: 'keyObject,keyValue'. Please see error details and deployment operations. Please see https://aka.ms/arm-common-errors for usage details.",
  "details": [
    {
      "code": "DeploymentOutputEvaluationFailed",
      "target": "keyObject",
      "message": "The template output 'keyObject' is not valid: The language expression property '0' can't be evaluated, property name must be a string.."
    },
    {
      "code": "DeploymentOutputEvaluationFailed",
      "target": "keyValue",
      "message": "The template output 'keyValue' is not valid: The language expression property '0' can't be evaluated, property name must be a string.."
    }
  ]
}

The purpose of get keys is to save it into Azure Key Vault by using KeyValue var from previous step

resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
  name: keyVaultName
}

resource secret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
  parent: keyVault
  name: secretName
  properties: {
    value: KeyValue
    contentType: 'plain/text'
  }
}

So..

What's wrong with listKeys(...) method?

Solution

  • By following this tweet https://twitter.com/adotfrank/status/1341084692100108288?s=46&t=sWx0hvS0sS47llWLlbWZTw I found an alternative method to get keys.

    Just referencing to a storage account object and use the method listKeys()

    resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  name: name
  location: resourceGroup().location
  sku: {
    name: 'Standard_LRS'
    tier: 'Standard'
  }
  kind: 'StorageV2'
  tags: union(tags, { 
    type: 'storage-account'
  })
}

var storageAccountKeys = storageAccount.listKeys()

    Then, I can access to primary or secondary key with storageAccountKeys.keys[0].value

    This fix solve my issue.