Does Azure Storage with SAS and azure.storage.blobs.blobcontainerclient use pinning

Scott Marcus 6 Reputation points
2023-12-02T15:21:06.8833333+00:00

I'm trying to figure out if I have an Android app that uses Azure storage via shared access signature if there is pinning inside azure.storage.blobs.blobcontainerclient or if I'm safe for the upcoming changes (pinning certficates)?

THANK YOU!

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,896 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sumarigo-MSFT 45,321 Reputation points Microsoft Employee
    2023-12-11T02:58:39.6133333+00:00

    @Scott Marcus Azure Storage uses some intermediate certificates that are set to expire on 27_th_ June,2024. We will be rolling out new certificates for the expiring intermediate certificates starting March 2024.

     We expect that most Azure Storage customers will not be impacted; however, your application may be impacted if you explicitly specify a list of acceptable CAs (a practice known as “certificate pinning”). Certificate pinning is no longer considered the best practice. In scope Azure Storage services include Blob, File, Table, Queue, Static Website, ADLS Gen2. This change is limited to public Azure cloud and US Government cloud.

     Refer the Action Required section here.

     Also regarding, how to address certificate pinning in your application, is explained in detail here.

    Please let us know if you have any further queries. I’m happy to assist you further.     


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you**, this can be beneficial to other community members.**

    0 comments No comments