Merge pull request #281970 from khdownie/kendownie071624

use credential file instead of pw

Author: prmerger-automator[bot]

articles/storage/files/storage-how-to-use-files-linux.md

@@ -5,7 +5,7 @@ author: khdownie
 ms.service: azure-file-storage
 ms.custom: linux-related-content, devx-track-azurecli
 ms.topic: how-to
-ms.date: 05/13/2024
+ms.date: 07/26/2024
 ms.author: kendownie
 ---
 
@@ -129,7 +129,36 @@ MNT_PATH="$MNT_ROOT/$STORAGE_ACCOUNT_NAME/$FILE_SHARE_NAME"
 sudo mkdir -p $MNT_PATH
 ```
 
-Next, mount the file share using the `mount` command. In the following example, the `$SMB_PATH` command is populated using the fully qualified domain name for the storage account's file endpoint and `$STORAGE_ACCOUNT_KEY` is populated with the storage account key.
+Next, initialize the credential file by running the following script.
+
+```bash
+# Create a folder to store the credentials for this storage account and
+# any other that you might set up.
+CREDENTIAL_ROOT="/etc/smbcredentials"
+sudo mkdir -p "/etc/smbcredentials"
+
+# Get the storage account key for the indicated storage account.
+# You must be logged in with az login and your user identity must have
+# permissions to list the storage account keys for this command to work.
+STORAGE_ACCOUNT_KEY=$(az storage account keys list \
+    --resource-group $RESOURCE_GROUP_NAME \
+    --account-name $STORAGE_ACCOUNT_NAME \
+    --query "[0].value" --output tsv | tr -d '"')
+
+# Create the credential file for this individual storage account
+SMB_CREDENTIAL_FILE="$CREDENTIAL_ROOT/$STORAGE_ACCOUNT_NAME.cred"
+if [ ! -f $SMB_CREDENTIAL_FILE ]; then
+    echo "username=$STORAGE_ACCOUNT_NAME" | sudo tee $SMB_CREDENTIAL_FILE > /dev/null
+    echo "password=$STORAGE_ACCOUNT_KEY" | sudo tee -a $SMB_CREDENTIAL_FILE > /dev/null
+else
+    echo "The credential file $SMB_CREDENTIAL_FILE already exists, and was not modified."
+fi
+
+# Change permissions on the credential file so only root can read or modify the password file.
+sudo chmod 600 $SMB_CREDENTIAL_FILE
+```
+
+Now you can mount the file share using the `mount` command using the credential file. In the following example, the `$SMB_PATH` command is populated using the fully qualified domain name for the storage account's file endpoint.
 
 # [SMB 3.1.1](#tab/smb311)
 > [!NOTE]
@@ -148,7 +177,7 @@ STORAGE_ACCOUNT_KEY=$(az storage account keys list \
     --account-name $STORAGE_ACCOUNT_NAME \
     --query "[0].value" --output tsv | tr -d '"')
 
-sudo mount -t cifs $SMB_PATH $MNT_PATH -o username=$STORAGE_ACCOUNT_NAME,password=$STORAGE_ACCOUNT_KEY,serverino,nosharesock,actimeo=30,mfsymlinks
+sudo mount -t cifs $SMB_PATH $MNT_PATH -o credentials=$SMB_CREDENTIAL_FILE,serverino,nosharesock,actimeo=30,mfsymlinks
 ```
 
 # [SMB 3.0](#tab/smb30)
@@ -165,7 +194,7 @@ STORAGE_ACCOUNT_KEY=$(az storage account keys list \
     --account-name $STORAGE_ACCOUNT_NAME \
     --query "[0].value" --output tsv | tr -d '"')
 
-sudo mount -t cifs $SMB_PATH $MNT_PATH -o vers=3.0,username=$STORAGE_ACCOUNT_NAME,password=$STORAGE_ACCOUNT_KEY,serverino,nosharesock,actimeo=30,mfsymlinks
+sudo mount -t cifs $SMB_PATH $MNT_PATH -o vers=3.0,credentials=$SMB_CREDENTIAL_FILE,serverino,nosharesock,actimeo=30,mfsymlinks
 ```
 
 # [SMB 2.1](#tab/smb21)
@@ -182,7 +211,7 @@ STORAGE_ACCOUNT_KEY=$(az storage account keys list \
     --account-name $STORAGE_ACCOUNT_NAME \
     --query "[0].value" --output tsv | tr -d '"')
 
-sudo mount -t cifs $SMB_PATH $MNT_PATH -o vers=2.1,username=$STORAGE_ACCOUNT_NAME,password=$STORAGE_ACCOUNT_KEY,serverino,nosharesock,actimeo=30,mfsymlinks
+sudo mount -t cifs $SMB_PATH $MNT_PATH -o vers=2.1,credentials=$SMB_CREDENTIAL_FILE,serverino,nosharesock,actimeo=30,mfsymlinks
 ```
 
 ---