Forrest logo
back to the az tool

az-storage-blob:tldr:60f77

az-storage-blob: Generate a shared access signature for a blob.
$ az storage blob generate-sas --account-name ${storage_account_name} --account-key ${storage_account_key} -c ${container_name} -n ${path-to-blob} --permissions ${permission_set} --expiry ${Y-m-d'T'H:M'Z'} --https-only
try on your machine

This command is used in the Azure Command-Line Interface (CLI) to generate a Shared Access Signature (SAS) token for a storage blob in Azure Storage. Let's break down the command and its arguments step by step:

  • az storage blob generate-sas: This is the main command to generate a SAS token for a storage blob.

Arguments:

  • --account-name ${storage_account_name}: It specifies the name of the Azure Storage account. ${storage_account_name} needs to be replaced with the actual name of the storage account you are working with.

  • --account-key ${storage_account_key}: It specifies the access key for the Azure Storage account. ${storage_account_key} needs to be replaced with the actual access key for the storage account.

  • -c ${container_name}: It specifies the name of the container where the blob resides. ${container_name} needs to be replaced with the actual name of the container where your blob is located.

  • -n ${path-to-blob}: It specifies the path to the blob within the container. ${path-to-blob} needs to be replaced with the actual path to your blob.

  • --permissions ${permission_set}: It specifies the permissions granted by the SAS token. ${permission_set} needs to be replaced with the desired permission set. Possible values are a combination of "r" (Read), "w" (Write), "d" (Delete), "l" (List), or "c" (Create).

  • --expiry ${Y-m-d'T'H:M'Z'}: It specifies the expiry time for the SAS token in UTC format. ${Y-m-d'T'H:M'Z'} needs to be replaced with the desired expiry date and time.

  • --https-only: It forces the use of HTTPS protocol for accessing the blob.

After executing this command with the appropriate arguments, it will generate a SAS token, which grants temporary access to the specified storage blob with the provided permissions. The generated token can then be used to access the blob securely using the Azure Storage REST API or various client libraries.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the az tool