Home / server / Questions / 766326
In Process
MrBeanzy
Asked: 2016-03-28 02:24:38 +0800 CST

Azure Powershell - Staying Logged in

  • 772

I need to be able to store many azure subscriptions and load them when needed.

I have saved the profile with...

Save-AzureRmProfile -Path 'C:\Temp\profile.json'

Then i can load it with

Select-AzureRmProfile -Path 'C:\Temp\profile.json'

The after a few days the token expires and i can no longer load the subscription

Your Azure credentials have not been set up or have expired

Whats the best way to store subscriptions for Resource Manager?

powershell

3 Answers

  1. Please use certificate method:- This method requires you create a “publishSettingFile” from the Azure management portal (using PowerShell) then import that file into PowerShell.

    Sign in to account on the Azure Management Portal. Open the Azure PowerShell console in an elevated state. Type the following command:Get-AzurePublishSettingsFile If you are logged into you azure account a download will launch in your web browser.[note] To avoid issues when multiple browsers are installed. make sure you log into Azure portal using your “Default” web browser [/note] Save the publishing profile file. Type the following command substituting the path for the location of where you saved the publishing profile file:Import-AzurePublishSettingsFile C:\Users\\Downloads\-credentials.publishsettings

    • 0

  2. Essentially, you can't avoid it, the token is expiring for security purposes and this is by design.

    You will either need to refresh your token every few days, or look at doing something like this post.

    • 0

  3. The concept behind having a token expire is by far the most secure option. I think it is a good balance between security and convenience, and I would have been concerned if Azure had implemented it any other way. However, if you're on a machine that you have complete trust of there are easier, more convenient ways.

    The easiest method you can use is to use ConvertTo-SecureString to create a secure string that you can store locally to disk. That way instead of logging into Azure with a token obtained from your credentials you simply log in with your credentials every time. The downside of this is that it will only work on the same computer, you can't transfer the credential file to another computer. You would need to create a new credential file on each machine. 

    #Write password out to disk 
"password" | ConvertTo-SecureString -AsPlainText -Force |
             ConvertFrom-SecureString |
             Out-File E:\ps\tmp\test.txt 

#Read Password from disk, convert to securestring, store in variable. 
$secureStringPassword = Get-Content E:\ps\tmp\test.txt |
             ConvertTo-SecureString

#Create credential with secure string, 
$cred = new-object -typename System.Management.Automation.PSCredential `
             -argumentlist "[email protected]", $secureStringPassword

#login with those credentials
Add-AzureRmAccount -Credential $cred

    This is a much simplified version of the distributed version I created here

    It is possible to create a certificate login for Azure, but that is a considerably more involved process to implement, and is much harder to revoke. With this solution a password change will stop the whole thing from working.

    • 0