Azure Shared Access Signature for whole storage account

3
votes

I am using an API (node.js) to generate a read only shared access signature for an iOS app using Azure Mobile Services. The API generates the SAS using the following code...

var azure = require('azure-storage');
var blobService = azure.createBlobService(accountName, accountKey);
var sas = blobService.generateSharedAccessSignature("containerName", null, sharedAccessPolicy);

This works great when I want a SAS for access to one container. But I really need access to all containers in the storage account. I could obviously do this with a separate API call for each container but this would require hundreds of extra calls.

I have looked everywhere for a solution but I can't get anything to work, I would very much appreciate knowing if there is a way to generate a SAS for all containers in a storage account?

1
node.jsazureazure-storage-blobs

1 Answers

2
votes

You can construct an account-level SAS, where you get to specify:

  • services to include (blob, table, queue, file)
  • resource access (e.g. container create & delete)
  • permissions (e.g. read, write, list)
  • protocol (e.g. https only, vs http+https)

Just like a service-specific SAS, you get to specify expiry date (and optionally start date).

Given your use case, you can tailor your account SAS to be just for blobs; there's no need to include unneeded services (in your case, tables/queues/files).

More specifics are documented here.