Share via

Automatic generation of SAS Key

NIKHIL KUMAR 126 Reputation points
2023-06-14T03:42:06.7333333+00:00

How to automatically generate SAS Key for a given blob in Gen 2 storage account and store the key in key vault secret automatically post generation.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,524 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,628 questions
0 comments
Accepted answer
  1. Limitless Technology 44,741 Reputation points
    2023-06-14T08:29:46.6833333+00:00 
    hello there,
you can check the SAS account 
check the code
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
from azure.storage.blob import BlobServiceClient, generate_blob_sas, ResourceTypes, AccountSasPermissions

Connect to the storage account using a connection string or other authentication method
connection_string = "<your_storage_connection_string>"
blob_service_client = BlobServiceClient.from_connection_string(connection_string)

Generate the SAS token for the blob or container
account_url = "<your_storage_account_url>"
container_name = "<your_container_name>"
blob_name = "<your_blob_name>"
sas_token = generate_blob_sas(
    account_url=account_url,
    container_name=container_name,
    blob_name=blob_name,
    account_key=None,  # Set this if you have an account key instead of using SAS
    resource_types=ResourceTypes(object=True),
    permission=AccountSasPermissions(read=True, list=True),
    expiry=<your_sas_expiry_time>  # Specify the SAS token expiry time
)

Connect to the Key Vault using a managed identity or other authentication method
credential = DefaultAzureCredential()
key_vault_url = "<your_key_vault_url>"
secret_name = "<your_secret_name>"
secret_value = sas_token

Store the SAS key in the Key Vault secret
client = SecretClient(vault_url=key_vault_url, credential=credential)
client.set_secret(secret_name, secret_value)

print("SAS key

Make sure to replace the placeholder values (<your_storage_connection_string>, <your_storage_account_url>, <your_container_name>, <your_blob_name>, <your_sas_expiry_time>, <your_key_vault_url>, and <your_secret_name>) with your actual values.

And see if it helps,
Thank you 
--If the reply is helpful, please Upvote and Accept as answer--
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.