New-AzStorageContainerSASToken

Generates an SAS token for an Azure storage container.

Syntax

New-AzStorageContainerSASToken
   [-Name] <String>
   -Policy <String>
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-EncryptionScope <String>]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageContainerSASToken
   [-Name] <String>
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-EncryptionScope <String>]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzStorageContainerSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage container.

Examples

Example 1: Generate a container SAS token with full container permission

New-AzStorageContainerSASToken -Name "Test" -Permission rwdl

This example generates a container SAS token with full container permission.

Example 2: Generate multiple container SAS token by pipeline

Get-AzStorageContainer -Container test* | New-AzStorageContainerSASToken -Permission rwdl

This example generates multiple container SAS tokens by using the pipeline.

Example 3: Generate container SAS token with shared access policy

New-AzStorageContainerSASToken -Name "Test" -Policy "PolicyName"

This example generates a container SAS token with shared access policy.

Example 3: Generate a User Identity container SAS token with storage context based on OAuth authentication

$ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
$StartTime = Get-Date
$EndTime = $startTime.AddDays(6)
New-AzStorageContainerSASToken -Name "ContainerName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -context $ctx

This example generates a User Identity container SAS token with storage context based on OAuth authentication

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Context

Specifies an Azure storage context. You can create it by using the New-AzStorageContext cmdlet. When the storage context is based on OAuth authentication, will generates a User Identity container SAS token.

Type:IStorageContext
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptionScope

Encryption scope to use when sending requests authorized with this SAS URI.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpiryTime

Specifies the time at which the shared access signature becomes invalid. If the user sets the start time but not the expiry time, the expiry time is set to the start time plus one hour. If neither the start time nor the expiry time is specified, the expiry time is set to the current time plus one hour. When the storage context is based on OAuth authentication, the expire time must be in 7 days from current time, and must not be earlier than current time.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FullUri

Indicates that this cmdlet return the full blob URI and the shared access signature token.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IPAddressOrRange

Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies an Azure storage container name.

Type:String
Aliases:N, Container
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Permission

Specifies permissions for a storage container. It is important to note that this is a string, like rwd (for Read, Write and Delete). The permissions that are supported for container resource type are described here.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Policy

Specifies an Azure Stored Access Policy.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Protocol

Specifies the protocol permitted for a request. The acceptable values for this parameter are:

  • HttpsOnly
  • HttpsOrHttp The default value is HttpsOrHttp.
Type:Nullable<T>[SharedAccessProtocol]
Accepted values:HttpsOnly, HttpsOrHttp
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-StartTime

Specifies the time at which the shared access signature becomes valid.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

IStorageContext

Outputs

String