How to access Azure Storage Blob from Unity mobile app in a secure way

0
votes

I have a mobile app designed in Unity. This app needs to access few videos which are stored on Azure Blob Storage. The app would be launched on Microsoft Intune and will be available for employees only. Please help in knowing the most secure way to access the videos through app. I don't want to store any credentials/key on the app. I can think of few options.

  1. Using SAS Token: I feel it is not a good idea to store SAS tokens in a mobile app.
  2. Access Key: It is also not a good idea to my understanding.
  3. I also thought of storing the Access Key in the Azure Key Vault though I am not sure (i) if Unity SDK for Azure can retrieve key from key vault (ii) Also, storing the key of key vault in mobile app is as good as storing the master key in the app.
  4. I am not sure but can I create an app on Azure AD -> App Registrations, give access to this app over Azure storage and somehow access videos through mobile app thus not storing any credentials on the app.
1
azureunity3dazure-storage-blobsazure-mobile-services
Microsoft mentions: To generate the SAS, you'll probably want to write a separate service that generates the SAS to be distributed to your clients.Erik Overflow

1 Answers

1
votes

1 - don't do that

2 - also, don't do that

3 and 4 - I would recommend you creating an API (can be as simple as an Azure Function) which will have a managed identity associated and will be used to access the blobs (videos) and retrieve to your app.