[Question/Feedback from Discussions] Retrieve storage primary key

[eriqua]

Discussed in #2655

^{Originally posted by sitoder February 5, 2023}

In my main.bicep I create a storage account:

module r_storage 'br/modules:microsoft.storage.storageaccounts:latest'={ name:p_storageName params:{ name:p_storageName location:p_location storageAccountSku:'Standard_LRS' storageAccountKind:'StorageV2' storageAccountAccessTier:'Hot' allowBlobPublicAccess:false minimumTlsVersion:'TLS1_2' fileServices:{ shares:[ { name:p_storageMountName shareQuota:10 } ] } } }

Afterwards in the same main, i need to retrieve the storage account's primary key in order to create a container app environment mount point.
resource r_storageMount 'Microsoft.App/managedEnvironments/storages@2022-06-01-preview' = { name: p_storageMountName parent: r_cae dependsOn:[ r_storage ] properties: { azureFile: { accessMode: 'ReadWrite' accountKey: ?????????????????? accountName: r_storage.outputs.name shareName: p_storageMountName } } }
Since the storage module does not output the key for obvious reasons, I am not really sure how i should use the listKeys function to get that.
I'd rather not to use a keyvault as an option (although it's tackling the same situation, how to get the storage key and put it there in the first place), but if anything else fails, I can give it a go.
Was looking at Azure/bicep#6173 , but not sure if that'd work either.
Could you please advise on the best (and secure) approach here?

[samuelya]

@eriqua As a workaround, you can use variables and listKeys to get the storage key using the storage account name

for example:
var storageAccountKey = listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', storageAccountName), '2022-09-01').keys[0].value

[AlexanderSehr]

Linked to Azure/bicep-registry-modules#1934

[AlexanderSehr]

Closing as this is currently being worked on in the previously linked issue Azure/bicep-registry-modules#1934