Securing SAS Token for accessing Azure File Share ?

EnterpriseArchitect 4,596 Reputation points
2021-07-07T13:53:30.54+00:00

People,

I've got multiple Azure Storage accounts that are set up with SAS key as they are not joined to the OnPremise AD DS.

How can I ensure those SAS keys can be securely saved without leaving them as plain text in the source codes or in the Batch files?

I assume I will need to build one KeyVault in my Production Subscriptions, and then what do I do next to ensure the Application and Server can still access the Azure File Share containers?

https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent?tabs=portal

Thank you in advance.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,069 questions
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,134 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,579 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Manu Philip 16,946 Reputation points MVP
    2021-07-07T17:20:56.143+00:00

    You may follow the below documentation.
    overview-storage-keys

    "Give your user account permission to managed storage accounts" - Application and servers user account can give the permission to access the vault

    1 person found this answer helpful.
    0 comments No comments