As a part of the Azure series, today we are going to generate SAS token for the Azure storage containers using the azure CLI. It’s pretty much the same steps as generating SAS token for a blob, but instead of using the azure storage blob generate-sas, we are going to use azure storage container generate-sas.
Please see Generate SAS token for blobs in Azure storage using Azure CLI in case you want to see how to generate sas token for blobs in more details.
- Azure account
- Azure CLI
- Azure Storage account
Create a user delegation SAS for a blob
Step 1. Open Terminal and login to the Azure Portal:
It will open a new window using the default browser where you will be prompted for email and password.
Step 2. Run the following command:
az storage container generate-sas --account-name devcoopsstorage1 --name myfirstblobcontainer --permissions acdlrw --expiry 2019-10-03
--account-name: name of the storage account.
--name: name of the storage container.
- a = Add
- c = Create
- d = Delete
- l = List
- r = Read
- w = Write
--expiry: datetime (Y-m-d’T’H:M’Z’) at which SAS becomes invalid.
It will return SAS token:
Note: SAS token is a string that you generate on the client side. You can create unlimited number of tokens, which also are not tracked by Azure Storage in any way.
Revoke a user delegation SAS
Step 4. Run the following command:
az storage account revoke-delegation-keys --name devcoopsstorage1 --resource-group storage-rg
Note: Azure Storage cache the user delegation key, so there could be a delay window between the initiation of the revocation process and the invalidation of the user delegation SAS.
Official documentation: Create a user delegation SAS for a container or blob with the Azure CLI.