How can you access a Storage Account blob container without using an Account Key?

0
votes

How can you access a Storage Account blob container without using an Account Key?

I can access data in Storage Account blobs in Power BI ... but it needs the account Access Key !

Is there some way to access the data using some other authentication approach, i.e. an app registration, service principal, managed identity, whatever ?

1
azurepowerbiazure-storageazure-storage-blobs
If PowerBI can access Azure Key Vault, you could put the account key there which would shield the value from the user.Joel Cochran
@JoelCochran Nice idea ... but how to get Power BI to access Key Vault?SteveC
I'm not sure if it is supported, but you can investigate here: docs.microsoft.com/en-us/power-bi/admin/….Joel Cochran
@JoelCochran Hmm ... that looks to be only around using Key Vault for data-at-rest encryption. Can't find anything about using Key Vault to get either a client secret or certificate for getting the OAuth access token :-(SteveC

1 Answers

1
votes

You could use Shared Access Signature(SAS) to connect Blob Storage in Power BI. This guide will help you.

If you access blob with Azure AD, it doesn't seem to integrate with Power BI. And there is a .Net code sample about creating a block blob.

Azure AD authenticates the security principal (a user, group, or service principal) running the application. If authentication succeeds, Azure AD returns the access token to the application, and the application can then use the access token to authorize requests to Azure Blob storage or Queue storage.

For more information, the document describes the options that Azure Storage offers for authorizing access to resources.