Is there a possibility to automate the rotation of Azure storage SAS token using PoweShell

1
votes

I'm using Azure storage, for accessing it , I'm using SAS token.

  1. I would like to know if there is a way to automate the regeneration of a new SAS token after the old one has expired. I know there is a possibility to automatically regenerate Storage keys by using a key Vault to manage the storage account, but is this also possible for SAS tokens? the following link explain how to rotate key automatically but I could not find anything about SAS token: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-storage-keys

  2. in addition I found this link which explain about SAS definition, can someone clarify what is it?
    https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultmanagedstoragesasdefinition?view=azurermps-6.13.0 , can it help me ?

1
tokenazure-storage
Have you tried this cmdlet New-AzureStorageAccountSASToken? It's easy to generate a storage sas token.Ivan Yang

1 Answers

0
votes

There is an azure powershell cmdlet New-AzureStorageAccountSASToken used to create an account-level SAS token.

$context = New-AzureStorageContext -StorageAccountName account_name -StorageAccountKey account_key

#you can modify the code below as per your need, like expire time, resourceType etc.
New-AzureStorageAccountSASToken -Service blob,file,table,queue -ResourceType service,container,object -Permission "racwdlup" -Context $context

The result:

enter image description here