Azure SAS for one container

4
votes

I am able to generate SAS token for the storage account from the Azure portal but the problem which I am facing is explained below-

Storage account consists of two Containers. One container file has to be given access for the users whom I will provide the SAS token and one container should be completely private means user cannot see this container.

Problem is if I am generating SAS token and login into Azure explorer using that SAS token,I am seeing both the containers but my requirement is to see only 1 container. Is there any way to give permission for only one container by generating SAS token using Azure portal without creating any custom application for generating these tokens.

2
azureazure-storage-blobs

2 Answers

5
votes

Easiest way to do that would be to use powershell:

Set-AzureRmStorageAccount -Name 'name'
$sasToken = New-AzureStorageContainerSASToken -Permission r -ExpiryTime (Get-Date).AddHours(2.0) -Name 'container name'

you could issue this command with -debug switch, capture the rest call and use that call to mimic it, using arm client, or custom app or whatever.

1
votes

The Azure CLI alternative:

az storage container generate-sas --account-name ACCOUNT_NAME --account-key ACCOUNT_KEY --https-only --expiry 'YYYY-MM-DD' --name CONTAINER_NAME --permissions r

Valid permissions: (a)dd (c)reate (d)elete (l)ist (r)ead (w)rite

For more information, check out: az storage container generate-sas -h