How can I generate an Azure blob SAS URL in Python?

Question

I am trying to generate blob SAS URLs on the fly using the azure-storage-blob package. This solution only works if you have the now-deprecated azure-storage package, which cannot be installed anymore.

I need a way to mimic the behaviour of BlockBlobService.generate_blob_shared_access_signature to generate a blob SAS URL, like this:

from datetime import datetime, timedelta
from azure.storage.blob import (
    BlockBlobService,
    ContainerPermissions,
    BlobPermissions,
    PublicAccess,
)

AZURE_ACC_NAME = '<account_name>'
AZURE_PRIMARY_KEY = '<account_key>'
AZURE_CONTAINER = '<container_name>'
AZURE_BLOB='<blob_name>'

block_blob_service = BlockBlobService(account_name=AZURE_ACC_NAME, account_key=AZURE_PRIMARY_KEY)
sas_url = block_blob_service.generate_blob_shared_access_signature(AZURE_CONTAINER,AZURE_BLOB,permission=BlobPermissions.READ,expiry= datetime.utcnow() + timedelta(hours=1))
print('https://'+AZURE_ACC_NAME+'.blob.core.windows.net/'+AZURE_CONTAINER+'/'+AZURE_BLOB+'?'+sas_url)

The above solution works if you have the deprecated package, but I need a solution which doesn't need it.

score 19 · Accepted Answer · edited Feb 15 '23 at 17:07

Take a look to the following code:

from datetime import datetime, timedelta
from azure.storage.blob import BlobClient, generate_blob_sas, BlobSasPermissions

account_name = 'STORAGE_ACCOUNT_NAME'
account_key = 'STORAGE_ACCOUNT_ACCESS_KEY'
container_name = 'CONTAINER_NAME'
blob_name = 'IMAGE_PATH/IMAGE_NAME'

def get_blob_sas(account_name,account_key, container_name, blob_name):
    sas_blob = generate_blob_sas(account_name=account_name, 
                                container_name=container_name,
                                blob_name=blob_name,
                                account_key=account_key,
                                permission=BlobSasPermissions(read=True),
                                expiry=datetime.utcnow() + timedelta(hours=1))
    return sas_blob

blob = get_blob_sas(account_name,account_key, container_name, blob_name)
url = 'https://'+account_name+'.blob.core.windows.net/'+container_name+'/'+blob_name+'?'+blob

Check this documentation for more detail: link

score 1 · Answer 2 · answered Jun 22 '20 at 23:55

Please try the following code:

from azure.storage.blob.sharedaccesssignature import BlobSharedAccessSignature
from datetime import datetime, timedelta

AZURE_ACC_NAME = '<account_name>'
AZURE_PRIMARY_KEY = '<account_key>'
AZURE_CONTAINER = '<container_name>'
AZURE_BLOB='<blob_name>'
expiry= datetime.utcnow() + timedelta(hours=1)

blobSharedAccessSignature = BlobSharedAccessSignature(AZURE_ACC_NAME, AZURE_PRIMARY_KEY)

sasToken = blobSharedAccessSignature.generate_blob(AZURE_CONTAINER, AZURE_BLOB, expiry=expiry, permission="r")

print sasToken

You can learn more about generating SAS Token using new Storage SDK here: https://azure-storage.readthedocs.io/ref/azure.storage.blob.sharedaccesssignature.html.

This is still a part of the legacy SDK...I'm using v12. – Ilan Segal Jun 25 '20 at 15:13 — Ilan Segal, Jun 25 '20 at 15:13

score 1 · Answer 3 · edited May 07 '23 at 15:16

The accepted answer did not work for me in azure-storage-blob==1.5.0 with Python 3.8.13

I had to use the generate_blob_shared_access_signature function instead. Documentation.

from azure.storage.blob import BlockBlobService, BlobSasPermissions
from datetime import datetime, timedelta

azure_account_name = 'STORAGE_ACCOUNT_NAME'
azure_account_key = 'STORAGE_ACCOUNT_ACCESS_KEY'

def get_sas_url(container_name, blob_name):
    block_blob_service = BlockBlobService(account_name=azure_account_name, account_key=azure_account_key)

    sas_token = block_blob_service.generate_blob_shared_access_signature(container_name=container_name,
                                                                         blob_name=blob_name,
                                                                         permission=BlobSasPermissions(read=True),
                                                                         expiry=datetime.utcnow() + timedelta(minutes=10))

    return "https://"+azure_account_name+".blob.core.windows.net/"+container_name+"/"+blob_name+"?"+sas_token

Also If you already have the blob client you can just append your sas token like blob_client.url + "?" + sas_token

The documentation link points to a broken URL. I couldn't edit the answer, so here's the correct resource: https://learn.microsoft.com/en-us/python/api/azure-storage-blob/azure.storage.blob.baseblobservice.baseblobservice?view=azure-python-previous#azure-storage-blob-baseblobservice-baseblobservice-generate-blob-shared-access-signature — chronoclast, Apr 04 '23 at 15:31

How can I generate an Azure blob SAS URL in Python?

3 Answers3

Linked