Retrieve Azure Service Bus Shared Access Connection String via Powershell

Question

It's possible to retrieve the access key to an Azure storage account using Get-AzureRmStorageAccountKey from Powershell. How would I get hold of the access key to a shared access policy of an Azure Service Bus?

More clarification

This is what I get when I use the Get-AzureRmServiceBusNamespaceKey cmdlet:

PS C:\Windows\system32> Login-AzureRmAccount -Credential $cred

Environment           : AzureCloud
Account               : ***redacted***
TenantId              : ***redacted***
SubscriptionId        : ***redacted***
CurrentStorageAccount : 

PS C:\Windows\system32> Set-AzureRmContext -SubscriptionId ***redacted***

Environment           : AzureCloud
Account               : ***redacted***
TenantId              : ***redacted***
SubscriptionId        : ***redacted***
CurrentStorageAccount : 


PS C:\Windows\system32> Get-AzureRmServiceBusNamespaceKey -ResourceGroup testresourcegroup -Name test-bus -AuthorizationRuleName SendPolicy
Get-AzureRmServiceBusNamespaceKey : Run Login-AzureRmAccount to login.
At line:1 char:1
+ Get-AzureRmServiceBusNamespaceKey -ResourceGroup testresourcegroup -Name    test-bus ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Get-AzureRmServiceBusNamespaceKey], PSInvalidOperationException
+ FullyQualifiedErrorId :   InvalidOperation,Microsoft.Azure.Commands.ServiceBus.Commands.Namespace.GetAzure RmServiceBusNamespaceKey


PS C:\Windows\system32> Get-AzureRmStorageAccountKey -ResourceGroupName testresourcegroup -Name teststoragexxx

Key1                                                                                                        Key2                                                                                                   
----                                                                                                    ----                                                                                                   
***redacted***                ***redacted***

score 3 · Accepted Answer · answered Jan 23 '17 at 17:07

3

Not with Get-AzureRmStorageAccountKey, but you can use Get-AzureRmServiceBusNamespaceKey

$resourceGroup = "myResourceGroup"
$serviceBusName ="myservicebusname"
$policyName = "policyname"

Get-AzureRmServiceBusNamespaceKey -ResourceGroup $resourceGroup -Name $serviceBusName -AuthorizationRuleName $policyName

This will return the whole object, so you can pass it into a variable and get the keys or connection strings from that.

answered Jan 23 '17 at 17:07

Daniel Morritt

1,787
17
25

Thanks for the response. When I try to run the command I get the error 'Get-AzureRmServiceBusNamespaceKey : Run Login-AzureRmAccount to login'. However, I can successfully retrieve the keys for storage accounts in the same resource group using Get-AzureRmStorageAccountKey. Any idea why it might think I'm not logged in? – Code Monkey Jan 25 '17 at 13:18
You'll need to login to Azure using Login-AzureRMAccount (and possibly set the correct context with Set-AzureRmContext) in order to run that, without authenticating Azure doesn't know who you are or what subscription you're in. I can't run Get-AzureRmStorageAccountKey eithout authenticating either. – Daniel Morritt Jan 25 '17 at 13:40
Yes - I've done both of those things. As I said, I can retrieve the keys for storage accounts in the subscription, but can't get the keys for the service bus. – Code Monkey Jan 25 '17 at 15:41
I've modified the original post to demonstrate what happens when I try to use Get-AzureRmServiceBusNamespaceKey – Code Monkey Jan 25 '17 at 15:55
That's odd, running that exact sequence of commands returns both fine for me. Are you running the latest version of Azure PowerShell? – Daniel Morritt Jan 26 '17 at 13:15
I'm running Powershell 4.0 on Windows 8.1. – Code Monkey Jan 26 '17 at 15:13
I'm on same OS and PShell version, `Get-Module -ListAvailable -Name AzureRm.ServiceBus` should tell you what version of that module you're running. Also, try just running `Login-AzureRmAccount` without the credentials, there's a [bug](https://github.com/Azure/azure-powershell/issues/3335) on GitHub related to some commands not working correctly when you pass in the service principal. – Daniel Morritt Jan 27 '17 at 09:35
I've tried logging in with and without credentials, and I've tried two different subscriptions (one personal MSDN account and one corporate MSDN account). For some reason when I run `Get-Module -ListAvailable -Name AzureRm.ServiceBus`, the command returns 2 lines, both of which indicate AzureRM.ServiceBus version 0.0.2. – Code Monkey Jan 27 '17 at 09:48
`VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\AzureRM.ServiceBus\.\Microsoft.Azure.Commands.ServiceBus.dll'. VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\AzureRM.ServiceBus\AzureRM.ServiceBus.psm1'.` – Code Monkey Jan 27 '17 at 09:52
OK. After talking to our domain admins, it looks like this is some sort of AD problem - some sort of conflict of IDs with Office 365. Anyway, if I run the same command on a machine that's not joined to our domain, it all works fine. Thanks very much for your help. I appreciate it. – Code Monkey Feb 02 '17 at 10:03

score 1 · Answer 2 · edited May 23 '17 at 12:32

Please have a try to login with tenantId and ServicePrincipal. I do a demo test about that, it works correctly for me.

Login-AzureRmAccount -Credential $psCred  -TenantId $azureTenantId  -ServicePrincipal -SubscriptionId $subscriptionId

The following is may detail steps.

1 . We need to install service Bus module if it is not install. More detail info about AzureRM.ServiceBus please refer to document.

Install-Module -Name AzureRM.ServiceBus

2.More detail info about Automatically login script please refer to another SO thread.

3.Run the test script and check the result.

$azureAplicationId ="Azure AD Application Id"
$azureTenantId= "Your Tenant Id"
$azurePassword = ConvertTo-SecureString "strong password" -AsPlainText -Force
$subscriptionId="Your subcription"
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Login-AzureRmAccount -Credential $psCred  -TenantId $azureTenantId  -ServicePrincipal -SubscriptionId $subscriptionId 


$resourceGroup = "Resource Group name"
$serviceBusName ="Service Bus Name"
$policyName = "Policy Name"
Get-AzureRmServiceBusNamespaceKey  -ResourceGroup $resourceGroup -Name $serviceBusName -AuthorizationRuleName $policyName

Thanks for taking the time to reply. I don't have the permission to set up an application id in the AD. I could talk to the domain admins to try to test this, but it will take me a little while. — Code Monkey, Feb 01 '17 at 12:04
Thanks. I found that the original login problem was some sort of problem with our AD configuration. Thanks for your help. — Code Monkey, Feb 02 '17 at 10:04

Retrieve Azure Service Bus Shared Access Connection String via Powershell

2 Answers2