P
Local bulletin
Install Azure CLI
1
brew install azure-cli
Login to Azure in Azure CLI
1
az login
A browser will start and perform the authentication process.
Auth modes
| Authentication Mode | Description | Pros | Cons | Use Cases | Command Example | Parameters |
|---|---|---|---|---|---|---|
| Shared Key Authorization | Uses the storage account name and account key. | Easy to use, straightforward for development. | Security risks if account keys are shared. | Development, some production scenarios. | az storage blob upload --account-name myaccount --account-key myaccountkey --container-name mycontainer --name myblob --file myfile |
--account-name, --account-key, --container-name, --name, --file |
| Shared Access Signature (SAS) | Provides delegated access with specific permissions and expiration. | Fine-grained control over permissions and expiration. | Needs careful management to avoid security risks. | Temporary access, limited permissions. | az storage blob upload --sas-token mySASToken --container-name mycontainer --name myblob --file myfile |
--sas-token, --container-name, --name, --file |
| Azure Active Directory (Azure AD) | Provides role-based access control (RBAC) using Azure AD identities. | Provides RBAC, integrates with Azure AD. | More complex setup compared to shared key or SAS. | Production, enterprise environments. | az login \n az storage blob upload --account-name myaccount --container-name mycontainer --name myblob --file myfile --auth-mode login |
--account-name, --container-name, --name, --file, --auth-mode |
| Managed Identities | Uses automatically managed identity for Azure resources to authenticate. | Simplifies identity management, no credentials needed. | Requires services to support managed identities. | Production, simplifying identity management. | az login --identity \n az storage blob upload --account-name myaccount --container-name mycontainer --name myblob --file myfile --auth-mode login |
--account-name, --container-name, --name, --file, --auth-mode |
| OAuth Bearer Token | Uses OAuth tokens obtained from Azure AD to authenticate. | Supports OAuth 2.0, flexible token-based authentication. | Requires handling OAuth token lifecycle. | Token-based scenarios, custom authentication flows. | TOKEN=$(az account get-access-token --resource https://storage.azure.com/ --query accessToken --output tsv) \n curl -X PUT -H "Authorization: Bearer $TOKEN" -T myfile "https://myaccount.blob.core.windows.net/mycontainer/myblob" |
--resource, --query, --output (for az account get-access-token), -X PUT, -H "Authorization: Bearer $TOKEN", -T myfile (for curl) |
- Account Key:
- Suitable for full administrative control and development purposes.
- Provides access to all resources within the storage account.
- Higher security risk due to the breadth of access granted.
- Shared Access Signature (SAS):
- Suitable for scenarios requiring delegated, limited access.
- Provides granular control over permissions, resources, and duration.
- Enhances security by restricting access based on permissions, IP, and protocol.
Azure blobs
Using account-key authentication methods
Account keys can be found here:
Create a container
1
2
3
4
az storage container create \
--name $container-name \
--account-name $storage-account \
--account-key $storage-access-key \
Upload a file to the container
1
2
3
4
5
az storage blob upload \
--file $file \
--container-name $container-name \
--account-name $storage-account \
--account-key $storage-access-key
Upload multiple files recursively
1
2
3
4
5
6
az storage blob upload-batch \
--destination $container-name \
--source $path \
--pattern *.png \
--account-name $storage-account \
--account-key $storage-access-key