Alternatively, get the Account SAS Token from the Azure Portal. Go to your Storage Account; Select Shared access signature from the menu on the left; Click on Generate SAS and connection string (after setup) Shared Key Credential. Use Account name and Account key. Account name is your Storage Account name. Go to your Storage Account. Oct 19, 2019  Related articles. Generate a shared access signature token for an Azure Storage Account to be used with UploaderWiz; How do I delete an Azure Blob storage access key when the migration project is complete? Configure Azure Storage connection strings.; 9 minutes to read; In this article. A connection string includes the authorization information required for your application to access data in an Azure Storage account at runtime using Shared Key authorization.

  1. Storage Account Key In Azure
  2. Azure Generate Storage Account Key Login
-->

Commands

az storage account keys listList the access keys or Kerberos keys (if active directory enabled) for a storage account.
az storage account keys renewRegenerate one of the access keys or Kerberos keys (if active directory enabled) for a storage account.

az storage account keys list

List the access keys or Kerberos keys (if active directory enabled) for a storage account.

Examples

List the access keys for a storage account.

List the access keys and Kerberos keys (if active directory enabled) for a storage account.

Required Parameters

--account-name -n

Optional Parameters

--expand-key-type

Specify the expanded key types to be listed.

--only-show-errors
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global ParametersKey
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.

az storage account keys renew

Regenerate one of the access keys or Kerberos keys (if active directory enabled) for a storage account.

Examples

Regenerate one of the access keys for a storage account.

Regenerate one of the Kerberos keys for a storage account.

Required Parameters

Azure Generate Storage Account Key
--account-name -n
--key

The key options to regenerate.

Optional Parameters

--key-type

The key type to regenerate. If --key-type is not specified, one of access keys will be regenerated by default.

--only-show-errors
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.

This article describes how to work with Azure storage containers and securely write data files using SAS URIs with Python.

Storage containers are a way to organize a collection of blobs in public cloud, basically like folders. You can manage user access to containers using role-based access control (RBAC) just like other cloud resources. Another more anonymous way to manage access is with Shared Access Signature (SAS) keys.

Storage Account Key In Azure

Suppose you are working with a producer and want to give them a way to write files to your cloud storage container without being able to read any files. Similarly you want to let a consumer read data from the container without being able to make any changes or read from other containers. SAS keys provide a simple way to manage access to a storage container without the complexity of managing role-based access. Anyone who has a valid key can access the resource.

In this example you could give the producer a write-only key, and the consumer a key with read and list permissions, and set expiry dates for both keys for the duration of the contract. For convenience a SAS key can be provided in the form of a URI, also known as a SAS URI.

A limitation of using SAS keys is that it is only as secure as your key management. If your consumer were to share their read-key with a third party or store it insecurely, then anyone with access to the key could read the data. Therefore it is most useful for limited-duration data exchange where there is a trusted key-management process.

Creating a storage container and SAS URIs using CLI

You can create storage containers and SAS URIs using the Azure portal or by command line.

The script below shows a Bash script which can be run from the Azure Cloud Shell. It uses Azure CLI to create a storage account, a container, and two SAS URIs, one with read-list permissions, and one with write-only permissions. It’s also on github here.

Writing data to a write-only SAS URI using Python

Azure Generate Storage Account Key Login

Assuming you’ve created SAS URIs with the required permissions and date range, here’s a Python example of using a write-only SAS URI to write data to an Azure container. It takes some text as a command line argument, and writes it to a blob in the container. This example can be found on github here.

Coments are closed
Scroll to top