Quickstart: Azure Blob Storage client library for Python
Get started with the Azure Blob Storage client library for Python to manage blobs and containers. Follow these steps to install the package and try out example code for basic tasks in an interactive console app.
- Azure account with an active subscription - create an account for free
- Azure Storage account - create a storage account
- Python 3.6+
This section walks you through preparing a project to work with the Azure Blob Storage client library for Python.
Create the project
Create a Python application named blob-quickstart.
In a console window (such as PowerShell or Bash), create a new directory for the project:
Switch to the newly created blob-quickstart directory:
Install the packages
From the project directory, install packages for the Azure Blob Storage and Azure Identity client libraries using the
pip install command. The azure-identity package is needed for passwordless connections to Azure services.
pip install azure-storage-blob azure-identity
Set up the app framework
From the project directory, follow steps to create the basic structure of the app:
- Open a new text file in your code editor.
importstatements, create the structure for the program, and include basic exception handling, as shown below.
- Save the new file as blob-quickstart.py in the blob-quickstart directory.
import os, uuid from azure.identity import DefaultAzureCredential from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient try: print("Azure Blob Storage Python quickstart sample") # Quickstart code goes here except Exception as ex: print('Exception:') print(ex)
Azure Blob Storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn't adhere to a particular data model or definition, such as text or binary data. Blob storage offers three types of resources:
- The storage account
- A container in the storage account
- A blob in the container
The following diagram shows the relationship between these resources:
Use the following Python classes to interact with these resources:
- BlobServiceClient: The
BlobServiceClientclass allows you to manipulate Azure Storage resources and blob containers.
- ContainerClient: The
ContainerClientclass allows you to manipulate Azure Storage containers and their blobs.
- BlobClient: The
BlobClientclass allows you to manipulate Azure Storage blobs.
These example code snippets show you how to do the following tasks with the Azure Blob Storage client library for Python:
- Authenticate to Azure and authorize access to blob data
- Create a container
- Upload blobs to a container
- List the blobs in a container
- Download blobs
- Delete a container
Authenticate to Azure and authorize access to blob data
Application requests to Azure Blob Storage must be authorized. Using the
DefaultAzureCredential class provided by the Azure Identity client library is the recommended approach for implementing passwordless connections to Azure services in your code, including Blob Storage.
You can also authorize requests to Azure Blob Storage by using the account access key. However, this approach should be used with caution. Developers must be diligent to never expose the access key in an unsecure location. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data.
DefaultAzureCredential offers improved management and security benefits over the account key to allow passwordless authentication. Both options are demonstrated in the following example.
DefaultAzureCredential supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code.
The order and locations in which
DefaultAzureCredential looks for credentials can be found in the Azure Identity library overview.
For example, your app can authenticate using your Azure CLI sign-in credentials with when developing locally. Your app can then use a managed identity once it has been deployed to Azure. No code changes are required for this transition.
Assign roles to your Azure AD user account
When developing locally, make sure that the user account that is accessing blob data has the correct permissions. You'll need Storage Blob Data Contributor to read and write blob data. To assign yourself this role, you'll need to be assigned the User Access Administrator role, or another role that includes the Microsoft.Authorization/roleAssignments/write action. You can assign Azure RBAC roles to a user using the Azure portal, Azure CLI, or Azure PowerShell. You can learn more about the available scopes for role assignments on the scope overview page.
In this scenario, you'll assign permissions to your user account, scoped to the storage account, to follow the Principle of Least Privilege. This practice gives users only the minimum permissions needed and creates more secure production environments.
The following example will assign the Storage Blob Data Contributor role to your user account, which provides both read and write access to blob data in your storage account.
In most cases it will take a minute or two for the role assignment to propagate in Azure, but in rare cases it may take up to eight minutes. If you receive authentication errors when you first run your code, wait a few moments and try again.
In the Azure portal, locate your storage account using the main search bar or left navigation.
On the storage account overview page, select Access control (IAM) from the left-hand menu.
On the Access control (IAM) page, select the Role assignments tab.
Select + Add from the top menu and then Add role assignment from the resulting drop-down menu.
Use the search box to filter the results to the desired role. For this example, search for Storage Blob Data Contributor and select the matching result and then choose Next.
Under Assign access to, select User, group, or service principal, and then choose + Select members.
In the dialog, search for your Azure AD username (usually your user@domain email address) and then choose Select at the bottom of the dialog.
Select Review + assign to go to the final page, and then Review + assign again to complete the process.
Sign in and connect your app code to Azure using DefaultAzureCredential
You can authorize access to data in your storage account using the following steps:
Make sure you're authenticated with the same Azure AD account you assigned the role to on your storage account. You can authenticate via the Azure CLI, Visual Studio Code, or Azure PowerShell.
DefaultAzureCredential, make sure that the azure-identity package is installed, and the class is imported:
from azure.identity import DefaultAzureCredential
Add this code inside the
tryblock. When the code runs on your local workstation,
DefaultAzureCredentialuses the developer credentials of the prioritized tool you're logged into to authenticate to Azure. Examples of these tools include Azure CLI or Visual Studio Code.
account_url = "https://<storageaccountname>.blob.core.windows.net" default_credential = DefaultAzureCredential() # Create the BlobServiceClient object blob_service_client = BlobServiceClient(account_url, credential=default_credential)
Make sure to update the storage account name in the URI of your
BlobServiceClientobject. The storage account name can be found on the overview page of the Azure portal.
When deployed to Azure, this same code can be used to authorize requests to Azure Storage from an application running in Azure. However, you'll need to enable managed identity on your app in Azure. Then configure your storage account to allow that managed identity to connect. For detailed instructions on configuring this connection between Azure services, see the Auth from Azure-hosted apps tutorial.
Create a container
Decide on a name for the new container. The code below appends a UUID value to the container name to ensure that it's unique.
Container names must be lowercase. For more information about naming containers and blobs, see Naming and Referencing Containers, Blobs, and Metadata.
Call the create_container method to actually create the container in your storage account.
Add this code to the end of the
# Create a unique name for the container container_name = str(uuid.uuid4()) # Create the container container_client = blob_service_client.create_container(container_name)
Upload blobs to a container
The following code snippet:
- Creates a local directory to hold data files.
- Creates a text file in the local directory.
- Gets a reference to a BlobClient object by calling the get_blob_client method on the BlobServiceClient from the Create a container section.
- Uploads the local text file to the blob by calling the upload_blob method.
Add this code to the end of the
# Create a local directory to hold blob data local_path = "./data" os.mkdir(local_path) # Create a file in the local data directory to upload and download local_file_name = str(uuid.uuid4()) + ".txt" upload_file_path = os.path.join(local_path, local_file_name) # Write text to the file file = open(file=upload_file_path, mode='w') file.write("Hello, World!") file.close() # Create a blob client using the local file name as the name for the blob blob_client = blob_service_client.get_blob_client(container=container_name, blob=local_file_name) print("\nUploading to Azure Storage as blob:\n\t" + local_file_name) # Upload the created file with open(file=upload_file_path, mode="rb") as data: blob_client.upload_blob(data)
List the blobs in a container
List the blobs in the container by calling the list_blobs method. In this case, only one blob has been added to the container, so the listing operation returns just that one blob.
Add this code to the end of the
print("\nListing blobs...") # List the blobs in the container blob_list = container_client.list_blobs() for blob in blob_list: print("\t" + blob.name)
Download the previously created blob by calling the download_blob method. The example code adds a suffix of "DOWNLOAD" to the file name so that you can see both files in local file system.
Add this code to the end of the
# Download the blob to a local file # Add 'DOWNLOAD' before the .txt extension so you can see both files in the data directory download_file_path = os.path.join(local_path, str.replace(local_file_name ,'.txt', 'DOWNLOAD.txt')) container_client = blob_service_client.get_container_client(container= container_name) print("\nDownloading blob to \n\t" + download_file_path) with open(file=download_file_path, mode="wb") as download_file: download_file.write(container_client.download_blob(blob.name).readall())
Delete a container
The following code cleans up the resources the app created by removing the entire container using the delete_container method. You can also delete the local files, if you like.
The app pauses for user input by calling
input() before it deletes the blob, container, and local files. Verify that the resources were created correctly before they're deleted.
Add this code to the end of the
# Clean up print("\nPress the Enter key to begin clean up") input() print("Deleting blob container...") container_client.delete_container() print("Deleting the local source and downloaded files...") os.remove(upload_file_path) os.remove(download_file_path) os.rmdir(local_path) print("Done")
Run the code
This app creates a test file in your local folder and uploads it to Azure Blob Storage. The example then lists the blobs in the container, and downloads the file with a new name. You can compare the old and new files.
Navigate to the directory containing the blob-quickstart.py file, then execute the following
python command to run the app:
The output of the app is similar to the following example (UUID values omitted for readability):
Azure Blob Storage Python quickstart sample Uploading to Azure Storage as blob: quickstartUUID.txt Listing blobs... quickstartUUID.txt Downloading blob to ./data/quickstartUUIDDOWNLOAD.txt Press the Enter key to begin clean up Deleting blob container... Deleting the local source and downloaded files... Done
Before you begin the cleanup process, check your data folder for the two files. You can compare them and observe that they're identical.
Clean up resources
After you've verified the files and finished testing, press the Enter key to delete the test files along with the container you created in the storage account. You can also use Azure CLI to delete resources.
In this quickstart, you learned how to upload, download, and list blobs using Python.
To see Blob storage sample apps, continue to: