Friday, April 19, 2024
Latest:

DevOps | Scripts | Automation

AzureAzure AutomationPowershell

How to retrieve Azure Storage Container SAS URL using PowerShell?

Chirag Nagrekar

Azure storage container SAS (Shared Access Token) URL provides access to the storage account container which contains the storage account name, container name, and the SAS token.

From Azure Portal:

With the Azure Portal, we need to access the settings of the storage container and need to click on the Shared Access Tokens as shown below,

You need to provide the time frame for the URL and the permissions (Read, Add, Create, Write, Delete, List) and need to click on Generate SAS token and URL. Once you click on it, it will generate a SAS token and URL.

Using Azure PowerShell:

To get this token and URL with PowerShell, we can follow the below process.

First, generate the context of the storage account so we can work with it. Context uses the storage account key to authenticate on the Azure Storage so we first need to retrieve the Azure storage account key. To get the storage account key, we can use the below command.

Get-AzStorageAccountKey -ResourceGroupName StorageAccountTest -Name blbstrg1

There will be two keys generated. We just need one key for the authentication. So we will use the below command to store the key.

$strgkey = (Get-AzStorageAccountKey -ResourceGroupName StorageAccountTest -Name blbstrg1)[0].Value

We have now the storage account key, use the below command to generate the new storage context.

$context = New-AzStorageContext -StorageAccountName blbstrg1 -StorageAccountKey $strgkey

After generating the storage account context, we need to use the New-AzStorageContainerSASToken command to generate the SAS token. 

$sastoken = New-AzStorageContainerSASToken -Name container -Context $context

In the above code, the -Name parameter indicates the container name. So we have the SAS Token and we need to generate the URL, SAS URL is in the below format.

https://storageaccountname.blob.core.windows.net/containernameSASTOKEN

SAS URL will be as below.

$sasurl = "https://blbstrg1.blob.core.windows.net/container1?$sastoken"

Full script to Generate SAS URL.

$rg = "StorageAccountTest"
$strgaccount = "blbstrg1"
$containername = "container1"


$strgkey = (Get-AzStorageAccountKey -ResourceGroupName $rg -Name $strgaccount)[0].Value
$context = New-AzStorageContext -StorageAccountName $strgaccount -StorageAccountKey $strgkey
$sastoken = New-AzStorageContainerSASToken -Name $containername -Context $context
$sasURL = "https://$($strgaccount).blob.core.windows.net/$($containername)$($sastoken)"

Output:

Generate SAS URL with Permission and expiry date

If you need to generate the storage account key with the permissions and the expiry date, you need to provide parameters accordingly. The below command will generate the SAS token for the container with read, write, delete, list permission, and 5 days of the expiry.

$sastoken = New-AzStorageContainerSASToken -Name $containername -Context $context -Permission rwdl -ExpiryTime (Get-Date).AddDays(5)

Permissions are as below.

r – read, a – add, c – create, w – write, d – delete, l – list