Azure Storage account configured with Shared Key authorization

R Aishwarya 65 Reputation points
2023-11-23T08:58:23.1+00:00

Hi,

I m working upon a Ruby on Rails application hosted on Azure app service. The application uses access keys of storage account to access the storage account. The access keys are specified in credentials file in codebase and at configuration tab in app services.

if Azure Storage account configured with Shared Key authorization is enabled , will the application still be able to access storage account via access keys? or how will I be able to connect storage account with app service after enabling shared key authorization.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,930 questions
0 comments No comments
{count} votes

Accepted answer
  1. SAMIT SARKAR 791 Reputation points Microsoft Employee
    2023-11-23T14:10:35.7+00:00

    Hi,

    Yes, your Ruby on Rails application hosted on Azure App Service will still be able to access the Azure Storage account via access keys even if Shared Key authorization is enabled.

    When you create a storage account, by default, Azure storage platform generates two 512-bit storage account access keys for that account. These keys can be used to authorize access to data in your storage account via Shared Key authorization, or via SAS tokens that are signed with the shared key.

    You can view and manage these access keys in the Azure portal. To connect your Azure App Service to the Azure Storage account, you can use these access keys in your application's configuration or credentials file.

    However, it's important to note that using access keys does grant full access to the storage account, so it's recommended to handle them securely. If possible, consider using Azure Active Directory (Azure AD) for authorization for superior security and ease of use.

    If you need further assistance, feel free to ask.


1 additional answer

Sort by: Most helpful
  1. TP 83,731 Reputation points
    2023-11-23T09:20:49.09+00:00

    Hi,

    Yes, because Shared Key authorization is the same as accessing your storage account via access keys. With Shared Key authorization, your application uses storage account access key to sign the requests. Please see article below:

    Authorize with Shared Key

    https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

    Please click Accept Answer and upvote if the above was helpful. If something is unclear please add a comment below.

    Thanks.

    -TP