![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 53%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,394 questions
@sid-7401 Azure Storage access key
When we create a storage account, Azure generates and assigns two 512-bit storage access keys to the account. These keys are required for authentication when accessing the storage account. Two access keys are generated, one is the primary access key and another is the secondary access key. Remember, these keys can be regenerated whenever required. When you generate a new key, the earlier ones are retired.
Use access keys to authenticate your applications when making requests to this Azure storage account. Store your access keys securely - for example, using Azure Key Vault - and don't share them. We recommend regenerating your access keys regularly. You are provided two access keys so that you can maintain connections using one key while regenerating the other.
When you regenerate your access keys, you must update any Azure resources and applications that access this storage account to use the new keys. This action will not interrupt access to disks from your virtual machines.
Note: If you provide the access key to the client, customer or any one it's like giving complete access to the Storage account( root password) It's not recommend to give to others.
Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Avoid distributing access keys to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they may have been compromised.
Instead of giving Access key to other, please provided SAS key --> Shared Key authorization : https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview , This article provides complete detailed information how to access SAS for clients with ceratin duration, time and access level.
Microsoft recommends using Azure Active Directory (Azure AD) to authorize requests against blob and queue data if possible, instead of Shared Key. Azure AD provides superior security and ease of use over Shared Key. For more information about authorizing access to data with Azure AD, see Authorize access to Azure blobs and queues using Azure Active Directory.
Azure storage connection string : A connection string includes the authorization information required for your application to access data in an Azure Storage account at runtime using Shared Key authorization. You can configure connection strings to:
Connect to the Azure storage emulator.
Access a storage account in Azure.
Access specified resources in Azure via a shared access signature (SAS).
For more information, refer to this article
If you look in the Azure portal under the storage account in question, and look in the "Access Keys" item in the left-side nav, there it shows you the two provided keys and the entire connection string needed to access the storage account.
Reason for two keys? it's to avoid downtime. let's say, if you had only one key and used it multiple places. Suddenly you had to share it to someone for some reason. So, you might need to regenerated this key(As you have already shared it) and update it in all places where you used it previously. So, to avoid this, we have secondary key, which you can share and regenerate it so that, primary key will be still valid.
- Authorize requests to Azure Storage: Every request made against a secured resource in the Blob, File, Queue, or Table service must be authorized. Authorization ensures that resources in your storage account are accessible only when you want them to be, and only to those users or applications to whom you grant access: https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-requests-to-azure-storage
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.