Exit

Azure Storage

posted on May 30, 2024, last updated on Saturday, November 23, 2024 at 10:51 AM

Install Azure CLI

1

brew install azure-cli

Login to Azure in Azure CLI

1

az login

A browser will start and perform the authentication process.

Auth modes

Authentication Mode Description Pros Cons Use Cases Command Example Parameters
Shared Key Authorization Uses the storage account name and account key. Easy to use, straightforward for development. Security risks if account keys are shared. Development, some production scenarios. az storage blob upload --account-name myaccount --account-key myaccountkey --container-name mycontainer --name myblob --file myfile --account-name, --account-key, --container-name, --name, --file
Shared Access Signature (SAS) Provides delegated access with specific permissions and expiration. Fine-grained control over permissions and expiration. Needs careful management to avoid security risks. Temporary access, limited permissions. az storage blob upload --sas-token mySASToken --container-name mycontainer --name myblob --file myfile --sas-token, --container-name, --name, --file
Azure Active Directory (Azure AD) Provides role-based access control (RBAC) using Azure AD identities. Provides RBAC, integrates with Azure AD. More complex setup compared to shared key or SAS. Production, enterprise environments. az login \n az storage blob upload --account-name myaccount --container-name mycontainer --name myblob --file myfile --auth-mode login --account-name, --container-name, --name, --file, --auth-mode
Managed Identities Uses automatically managed identity for Azure resources to authenticate. Simplifies identity management, no credentials needed. Requires services to support managed identities. Production, simplifying identity management. az login --identity \n az storage blob upload --account-name myaccount --container-name mycontainer --name myblob --file myfile --auth-mode login --account-name, --container-name, --name, --file, --auth-mode
OAuth Bearer Token Uses OAuth tokens obtained from Azure AD to authenticate. Supports OAuth 2.0, flexible token-based authentication. Requires handling OAuth token lifecycle. Token-based scenarios, custom authentication flows. TOKEN=$(az account get-access-token --resource https://storage.azure.com/ --query accessToken --output tsv) \n curl -X PUT -H "Authorization: Bearer $TOKEN" -T myfile "https://myaccount.blob.core.windows.net/mycontainer/myblob" --resource, --query, --output (for az account get-access-token), -X PUT, -H "Authorization: Bearer $TOKEN", -T myfile (for curl)
  • Account Key:
    • Suitable for full administrative control and development purposes.
    • Provides access to all resources within the storage account.
    • Higher security risk due to the breadth of access granted.
  • Shared Access Signature (SAS):
    • Suitable for scenarios requiring delegated, limited access.
    • Provides granular control over permissions, resources, and duration.
    • Enhances security by restricting access based on permissions, IP, and protocol.

Azure blobs

Using account-key authentication methods

Account keys can be found here:

Screenshot 2024-05-30 at 5.09.24 PM

Create a container

1
2
3
4

az storage container create \
--name $container-name \
--account-name $storage-account \
--account-key $storage-access-key \

Screenshot 2024-05-30 at 5.12.13 PM

Upload a file to the container

1
2
3
4
5

az storage blob upload \
--file $file \
--container-name $container-name \
--account-name $storage-account \
--account-key $storage-access-key

Screenshot 2024-05-30 at 5.34.14 PM

Upload multiple files recursively

1
2
3
4
5
6

az storage blob upload-batch \
--destination $container-name \
--source $path \
--pattern *.png \
--account-name $storage-account \
--account-key $storage-access-key

Recent posts