0

What should be an ideal expiry time for SAS. The SAS url is to be used to copy blobs from one container to another (different storage account also possible). The copy command is called immediately after generating SAS, so is the expiry time just needed for the start of blob copy or should it be valid until the copy blob is completed? 

sas_signature = source_blob_object.generate_container_shared_access_signature(source_container, ContainerPermissions.READ, expiry = datetime.utcnow() + timedelta(hours = 1))
blob_url = source_blob_object.make_blob_url(source_container, blob_name, sas_token = sas_signature)
response = dest_blob_object.copy_blob(dest_container, blob_name, blob_url,
standard_blob_tier = dest_access_tier, rehydrate_priority = rehyd_priority)
Srinath
  • 102
  • 8
  • Regarding the issue, the SAS token should expire after you complete the copy. Because when copying, we need to continue to read blob data. so please set the expiration time of the sas token to be greater than the copy time or you directly [use the account key to copy](https://stackoverflow.com/questions/57651890/how-to-copy-a-file-in-azure-from-a-one-storage-account-to-another-using-python). – Jim Xu Oct 16 '19 at 09:02
  • Do you have any other concerns? – Jim Xu Oct 17 '19 at 09:48
  • Account key can only be directly be used if the containers are in same storage account or if the Blobs are public. Right? – Srinath Oct 18 '19 at 05:52
  • Account key is just access key. You can use it to manage resources in the storage account. For more details, please refer to https://learn.microsoft.com/en-us/azure/storage/common/storage-account-manage#access-keys. – Jim Xu Oct 18 '19 at 06:01
  • @JimXu Please post the above inputs as an answer so it helps others in the community who have similar queries. Thanks! – Bhargavi Annadevara Oct 22 '19 at 09:38

1 Answers1

0

@BhargaviAnnadevara-MSFT According to your need, I'm summarizing the answer:

The SAS token should expire after the copy is completed. Because when copying, we need to continue to read blob data and write blob to data. So please set the expiration time of the sas token to be greater than the copy time or you directly use account key to copy blob. Besides the account key is just access key. You can use it to manage resources in the storage account. For more details, please refer to the document

Jim Xu
  • 21,610
  • 2
  • 19
  • 39