How to Generate a Shared Access Signatures (SAS) to an Azure Storage Account?

Introduction

In today's digital landscape, Azure Storage is a vital component for organizations to store and manage data in the cloud. To ensure secure and controlled access to this data, Azure offers Shared Access Signatures (SAS). SAS tokens act as temporary access keys, allowing you to grant specific permissions to users without revealing your primary credentials. In this article, I'll guide you through the process of generating SAS tokens for your Azure Storage Account, enhancing your data security and access control.

Step 1. Sign in to the Azure portal via https://portal.azure.com/.

Step 2. Navigate to your storage account in the Azure portal. In the storage account, navigate to Security + networking, then click on Shared access signature.

Security Network

Step 3. In the Shared access signature pane, choose the storage account services and options the shared access signature should have. I am going to provide Read and List permissions to Blobs in a container. Keep in mind to use the principle of least privilege when assigning permissions to a SAS.

Then select a start and end time for how long the SAS should be valid.

If needed, you can also limit what IP addresses can send requests to the storage account using the SAS.

As a best practice, only allow the HTTPS protocol when using the SAS URI.

Finally, choose which access key to sign the shared access signature. If you revoke the access key, any shared access signature created from the access key is invalidated.

Shared Access Signature

Step 4. Once you configured all the options, click on Generate SAS and connection string. It will display three options for using the SAS: a connection string for applications, a SAS token, and a Blob service SAS URL.

Generate SAS and Connection String

Summary

Azure Storage's Shared Access Signatures (SAS) provide a secure way to grant temporary access to your cloud data without exposing your primary credentials. This article walked you through the process of generating SAS tokens for your Azure Storage Account, empowering you with better data security and access control.