Retrieve Azure storage account key using Azure CLI

Question

In my release pipeline I'm using a Azure CLI to transfer my build files to a Azure storage blob:

call az storage blob upload-batch --source "$(System.DefaultWorkingDirectory)/_ClientWeb-Build-CI/ShellArtifact/out/build" --destination "$web" --account-key "****QxjclDGftOY/agnqUDzwNe/gOIAzsQ==" --account-name "*****estx"

This works, but I want to retrieve the account-key dynamically.

When I use:

az storage account keys list -g CustomersV2 -n ****estx

I get a array with 2 objects, both holding a key value:

[
    {
    "keyName": "key1",
    "permissions": "Full",
    "value": "f/eybpcl*****************Vm9uT1PwFC1D82QxjclDGftOY/agnqUDzwNe/gOIAzsQ=="
    },
    {
    "keyName": "key2",
    "permissions": "Full",
    "value": "bNM**********L6OxAemK1U2oudW5WGRQW++/bzD6jVw=="
    }
]

How do I use one of the two keys in my upload-batch command?

Answer 1

For your issue, if you just want one of the two keys for example, the first one. You can set a variable with the key as the value like this:

key=$(az storage account keys list -g CustomersV2 -n ****estx --query [0].value -o tsv)

And then use the variable key in the other command like this:

call az storage blob upload-batch --source "$(System.DefaultWorkingDirectory)/_ClientWeb-Build-CI/ShellArtifact/out/build" --destination "$web" --account-key $key --account-name "*****estx"

Or you can just put the command which gets the key in the other command directly like this:

call az storage blob upload-batch --source "$(System.DefaultWorkingDirectory)/_ClientWeb-Build-CI/ShellArtifact/out/build" --destination "$web" --account-key $(az storage account keys list -g CustomersV2 -n ****estx --query [0].value -o tsv) --account-name "*****estx"

Update

According to what you said, it seems you run the command in the windows command prompt, it's different from the Linux shell and PowerShell. You cannot set the environment variable with the value that the output of a command. You can do that like this:

az storage account keys list -g CustomersV2 -n ****estx --query [0].value -o tsv > key.txt
set /P key=<key.txt
az storage blob upload-batch --source "$(System.DefaultWorkingDirectory)/_ClientWeb-Build-CI/ShellArtifact/out/build" --destination "$web" --account-key %key% --account-name "*****estx"

And it seems you just can quote the environment variable as %variable_name%, so it seems it's a wrong way to use "$web" in your command.

Answer 2

I created a Azure Powershell task (version 4) that does:

az login -u **** -p ****
Write-Host "##vso[task.setvariable variable=storageKey;]az storage account keys list -g ***** -n ***** --query [0].value -o tsv"
$key = az storage account keys list -g ***** -n **** --query [0].value -o tsv
Write-Host "##vso[task.setvariable variable=something;]$key"

Then I can use the something variable in my Azure CLI task:

call az storage blob upload-batch --source "$(System.DefaultWorkingDirectory)/_ClientWeb-Build-CI/ShellArtifact/out/build" --destination "$web" --account-key $(something) --account-name "*****"

And this works. You'll probably need to put the -u and -p in a variable though.

@Charles thanks a lot for this line (az storage account keys list -g **** -n ****estx --query [0].value -o tsv) !