In this tutorial step, learn to work with variables:
Execute an Azure CLI command and store output in a variable.
Read a local JSON file and store property values in a variable.
Some common use-cases for variables are:
Get information about an existing Azure resource, such as a resource ID.
Get output from an Azure CLI command, such as a password.
Get JSON objects for environment information, such as development, stage and production IDs.
The variable can then be used in Azure CLI to perform build and destroy jobs at scale.
Prerequisites
You have access to a resource group and storage account with reader or higher permissions at a storage account level.
Get command output using JMESPath query
Get information about an existing Azure resource using the --query parameter of the show command. A JMESPath query is executed and one or more property values of an Azure resource are returned.
Rename properties using curly brackets ({}) and a comma-delimited list. The new property names can't contain spaces. This example returns output in table format.
az storage account show --resource-group <msdocs-tutorial-rg-00000000> \
--name <msdocssa000000000> \
--query "{saName:name, saKind:kind, saMinTLSVersion:minimumTlsVersion}" \
--output table
Console table output. The first letter of each column is capitalized in --output table:
In Bash, you can't have a space before or after the equal (=) sign. You can opt to use quotes around the variable value, so msdocs-tutorial-rg-00000000 and "msdocs-tutorial-rg-00000000" are both correct.
rgName="<msdocs-tutorial-rg-00000000>"
# Get a list of all Azure storage accounts that allow blob public access.
# Notice the backticks and escape characters needed for boolean values.
az storage account list --resource-group $rgName \
--query "[?allowBlobPublicAccess == \`true\`].name"
# Get a list of Azure storage accounts that were created in the last 30 days. Return the results as a table.
saDate=$(date +%F -d "-30days")
az storage account list --resource-group $rgName \
--query "[?creationTime >='$saDate'].{saName:name, createdTimeStamp:creationTime}" \
--output table
# Get a list of Azure storage accounts created in this tutorial
az storage account list --resource-group $rgName \
--query "[?contains(name, 'msdocs')].{saName:name, saKind:kind, saPrimaryLocation:primaryLocation, createdTimeStamp:creationTime}" \
--output table
PowerShell allows you to create variables with or without spaces surrounding the equal (=) sign, so rgName="msdocs-tutorial-rg-00000000" and rgName = "msdocs-tutorial-rg-00000000" are both correct. However, in PowerShell, you must use quotes around the variable value.
rgName="<msdocs-tutorial-rg-00000000>"
# Get a list of all Azure storage accounts that allow blob public access.
az storage account list --resource-group $rgName `
--query "[?allowBlobPublicAccess == ``true``].name"
# Get a list of Azure storage accounts that were created in the last 30 days. Return the results as a table.
$saDate=Get-Date
$saDate=$saDate.AddDays(-30).tostring("yyyy-mm-dd")
az storage account list --resource-group $rgName `
--query "[?creationTime >='$saDate'].{saName:name, createdTimeStamp:creationTime}" `
--output table
# Get a list of Azure storage accounts created in this tutorial
az storage account list --resource-group $rgName `
--query "[?contains(name, 'msdocs')].{saName:name, saKind:kind, saPrimaryLocation:primaryLocation, createdTimeStamp:creationTime}" `
--output table
Create a new Azure resource storing output in a variable
Learning to store command output in a variable is beneficial when creating Azure resources that output secrets that should be protected. For example, when you create a service principal, reset a credential, or get an Azure key vault secret, the command output should be protected.
Create a new Azure Key Vault and secret returning command output to a variable. Your Azure Key Vault name must be globally unique, so the $RANDOM identifier is used in this example. For more Azure Key Vault naming rules, see Common error codes for Azure Key Vault.
These examples use echo to verify variable values because this is a teaching tutorial. Don't use echo for secret and password values in production-level environments.
# Set your variables.
let "randomIdentifier=$RANDOM*$RANDOM"
rgName="<msdocs-tutorial-rg-00000000>"
kvName="msdocs-kv-$randomIdentifier"
location="eastus"
# Set your default output to none
az config set core.output=none
# Create a new Azure Key Vault returning the Key Vault ID
myNewKeyVaultID=$(az keyvault create --name $kvName --resource-group $rgName --location $location --query id --output tsv)
echo "My new Azure Kev Vault ID is $myNewKeyVaultID"
# Wait about 1 minute for your Key Vault creation to complete.
# Create a new secret returning the secret ID
kvSecretName="<myKVSecretName>"
kvSecretValue="<myKVSecretValue>"
myNewSecretID=$(az keyvault secret set --vault-name $kvName --name $kvSecretName --value $kvSecretValue --query id --output tsv)
echo "My new secret ID is $myNewSecretID"
# Reset your default output to json
az config set core.output=json
# Set your variables.
$randomIdentifier=(New-Guid).ToString().Substring(0,8)
$rgName="<msdocs-tutorial-rg-00000000>"
$kvName="msdocs-kv-$randomIdentifier"
$location="eastus"
# Set your default output to none
az config set core.output=none
# Create a new Azure Key Vault returning the Key Vault ID
$myNewKeyVaultID=$(az keyvault create --name $kvName --resource-group $rgName --location $location --query id --output tsv)
echo "My new Azure Kev Vault ID is $myNewKeyVaultID"
# Wait about 1 minute for your Key Vault creation to complete.
# Create a new secret returning the secret ID
$kvSecretName="<myKVSecretName>"
$kvSecretValue="<myKVSecretValue>"
$myNewSecretID=$(az keyvault secret set --vault-name $kvName --name $kvSecretName --value $kvSecretValue --query id --output tsv)
echo "My new secret ID is $myNewSecretID"
# Reset your default output to json
az config set core.output=json
Get the contents of a JSON file and store it in a variable
This next section is a "stretch task" for an onboarding tutorial. However, to manage Azure resources in development, stage and production environments, you often need to read a configuration file.
Are you ready to stretch your Azure CLI skills? Create a JSON file containing the following JSON, or your file contents of choice. Save the text file to your local drive. If you're working in Azure Cloud Shell, use the upload/download files icon in the menu bar to store the text file in your cloud storage drive.
Store the contents of your JSON file in a variable for further use in your Azure CLI commands. In this example, change msdocs-tutorial.json to the name of your file. Don't save the echo command in production-level scripts as the output is saved in your log file.
This Bash script was tested in Azure Cloud Shell and depends on the Bash jq which must be installed in your environment.
# Show the contents of a file in the console
fileName="msdocs-tutorial.json"
cat $fileName | jq
# Get a JSON dictionary object
stgKV=$(jq -r '.environments.stg."kv-secretName"' $fileName)
echo $stgKV
# Filter a JSON array
devKV=$(jq -r '.environments.dev[] | select(.status=="active") | ."kv-secretName"' $fileName)
echo $devKV
Did you just receive a "jq command not found" error? This is because this script depends on the Bash jq command. Install jq in your environment, or run this script in Azure Cloud Shell.
# Show the contents of a file in the console
$fileName="c:\myPath\msdocs-tutorial.json"
$fileContents = Get-Content -Path $fileName | ConvertFrom-Json
# Get a JSON dictionary object
$stgKV=$($fileContents.environments.stg."kv-secretName")
echo $stgKV
# Filter a JSON array
$devKV=$($fileContents.environments.dev |
Where-Object status -eq 'active' |
Select-Object -ExpandProperty 'kv-secretName')
echo $devKV
You now have an environment-specific Azure Key Vault secret name stored in a variable, and you can use it to connect to Azure resources. This same method is good for IP addresses of Azure VMs and SQL Server connection strings when you want to reuse Azure CLI scripts.
Get more details
Do you want more detail on one of the subjects covered in this tutorial step? Use the links in this table to learn more.
Now that you understand how to use variables to store Azure CLI command output and JSON property values, proceed to the next step to learn how to use scripts to delete Azure resources.
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure CLI feedback
Azure CLI is an open source project. Select a link to provide feedback:
Learn how to use Bash with Azure CLI. Query, format output, filter, use variables, and use Bash constructs of loops, if/exists/then and case statements.
The Azure CLI allows user configuration for various settings. Manage values with the az configure command, environment variables, or in the configuration file.