Reputation: 4855
Generate Azure storage sas token with python or cli without account key
All commands in the Azure Python sdk that targets Storage seems to want the account key or a sas token.
If I'm running code in command line and have authenticated with az login or am in an AzureCli task in Azure Devops, can I then generate a sas token that I can use in the aforementioned methods?
I'm looking at https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az-storage-account-generate-sas but cannot really figure out how to use the cli to generate a sas token.
There is also this python class (https://learn.microsoft.com/en-us/python/api/azure-storage-blob/azure.storage.blob.sharedaccesssignature.blobsharedaccesssignature?view=azure-python-previous) but that also wants an account key.
My goal is to be able to use the Azure Cli task in Azure devops so I can generate a short-lived sas and by that I don't have to take care of storing any account keys in the pipeline.
Upvotes: 4
Views: 1892
Answers (1)
Reputation: 3137
After you login to Azure CLI using az login command, you can use the below command to generate the Azure Storage SAS token:
az storage container generate-sas --account-name <storage-account> --name <container> --permissions acdlrw --expiry <date-time> --auth-mode login --as-user
Upvotes: 4
Related Questions
- How do you generate the signature for an Azure Blob storage SAS token in Python?
- Azure Blob Storage: Download blob with SAS token
- Python generate_blob_sas doesn't create right SAS token (failed on copy operation in azcopy)
- Generate SAS token for a directory in Azure blob storage in Python
- How to generate SAS URLs for blob storage using User Delegation Key in Python
- generate_blob_sas creating invalid SAS token
- Error generating Azure container SAS token using Python SDK
- Azure-blob-storage. Get access to container with SAS token
- Generate Azure Storage Account SAS Key using PowerShell
- Azure python sdk: copy blob from SAS token