You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/hdinsight-rotate-storage-keys.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,22 +8,22 @@ ms.date: 04/26/2023
8
8
9
9
# Update Azure storage account access keys in HDInsight cluster
10
10
11
-
In this article, you will learn how to rotate Azure Storage account access keys for the primary or secondary storage accounts in Azure HDInsight.
11
+
In this article, you learn how to rotate Azure Storage account access keys for the primary or secondary storage accounts in Azure HDInsight.
12
12
13
13
>[!CAUTION]
14
14
> Directly rotating the access key on the storage side will make the HDInsight cluster inaccessible.
15
15
16
16
## Prerequisites
17
17
18
-
* We are going to use an approach to rotate the primary and secondary access keys of the storage account in a staggered, alternating fashion to ensure HDInsight cluster is accessible throughout the process.
18
+
* We're going to use an approach to rotate the primary and secondary access keys of the storage account in a staggered, alternating fashion to ensure HDInsight cluster is accessible throughout the process.
19
19
20
-
Here is an example on how to use primary and secondary storage access keys and set up rotation policies on them:
20
+
Here's an example of how to use primary and secondary storage access keys and set up rotation policies on them:
21
21
1. Use access key1 on the storage account when creating HDInsight cluster.
22
-
1. Set up rotation policy for access key2 every N days. As part of this rotation update HDInsight to use access key1 and then rotate access key2 on storage account.
23
-
1. Set up rotation policy for access key1 every N/2 days. As part of this rotation update HDInsight to use access key2 and then rotate access key1 on storage account.
24
-
1. With above approach access key1 will be rotated N/2, 3N/2 etc. days and access key2 will be rotated N, 2N, 3N etc. days.
22
+
1. Set up rotation policy for access key2 every N day. As part of this rotation update, HDInsight to use access key1 and then rotate access key2 on storage account.
23
+
1. Set up rotation policy for access key1 every N/2 day. As part of this rotation update, HDInsight to use access key2 and then rotate access key1 on storage account.
24
+
1. With approach access key1 will be rotated N/2, 3N/2 etc. days and access key2 will be rotated N, 2N, 3N etc. days.
25
25
26
-
* To set up periodic rotation of storage account keys see [Automate the rotation of a secret](../key-vault/secrets/tutorial-rotation-dual.md).
26
+
* To set up periodic rotation of storage account keys, see [Automate the rotation of a secret](../key-vault/secrets/tutorial-rotation-dual.md).
27
27
28
28
## Update storage account access keys
29
29
@@ -41,11 +41,11 @@ Use [Script Action](hdinsight-hadoop-customize-cluster-linux.md#script-action-to
41
41
42
42
## Known issues
43
43
44
-
The preceding script directly updates the access key on the cluster side only and does not renew a copy on the HDInsight Resource provider side. Therefore, the script action hosted in the storage account will fail after the access key is rotated.
44
+
The preceding script directly updates the access key on the cluster side only and doesn't renew a copy on the HDInsight Resource provider side. Therefore, the script action hosted in the storage account will fail after the access key is rotated.
45
45
46
46
Workaround:
47
47
Use [SAS URIs](hdinsight-storage-sharedaccesssignature-permissions.md) for script actions or make the scripts publicly accessible.
0 commit comments