2

All commands in the Azure Python sdk that targets Storage seems to want the account key or a sas token.

If I'm running code in command line and have authenticated with az login or am in an AzureCli task in Azure Devops, can I then generate a sas token that I can use in the aforementioned methods?

I'm looking at https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az-storage-account-generate-sas but cannot really figure out how to use the cli to generate a sas token.

There is also this python class (https://learn.microsoft.com/en-us/python/api/azure-storage-blob/azure.storage.blob.sharedaccesssignature.blobsharedaccesssignature?view=azure-python-previous) but that also wants an account key.

My goal is to be able to use the Azure Cli task in Azure devops so I can generate a short-lived sas and by that I don't have to take care of storing any account keys in the pipeline.

Joe
  • 62,789
  • 6
  • 49
  • 67
Mathias Rönnlund
  • 4,078
  • 7
  • 43
  • 96

1 Answers1

3

After you login to Azure CLI using az login command, you can use the below command to generate the Azure Storage SAS token:

az storage container generate-sas --account-name <storage-account> --name <container> --permissions acdlrw --expiry <date-time> --auth-mode login --as-user

enter image description here

RamaraoAdapa
  • 2,837
  • 2
  • 5
  • 11