My PHP application, hosted in an Azure VM, needs to access images stored in a private Azure Storage Container.
Has anyone implemented a successful approach? I have 3 ideas (below).
Option 1 - using Azure Managed Identity
- give the app a managed identity
- give RBAC read permissions on the container
- make a curl request in PHP to the VM instance metadata endpoint to get an access token
- use this token in all requests for images (how would I persist the token in my app?)
Option 2 - using Azure BLOB Storage SDK for PHP
- use Azure Blob Storage SDK to retrieve an image
- this requires returning the storage key from my vault to the app
Option 3 - using Azure Shared Access Signature
- generate a new SAS in PHP for each image
- requires storage account key
Thanks!