New-AzStorageBlobSASToken
Generates a SAS token for an Azure storage blob.
Syntax
BlobNameWithPermission (Default)
New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
BlobPipelineWithPolicy
New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
-Policy <String>
[-BlobBaseClient <BlobBaseClient>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
BlobPipelineWithPermission
New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
[-BlobBaseClient <BlobBaseClient>]
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
BlobNameWithPolicy
New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.
Examples
Example 1: Generate a blob SAS token with full blob permission
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd
This example generates a blob SAS token with full blob permission.
Example 2: Generate a blob SAS token with life time
$StartTime = Get-Date
$EndTime = $startTime.AddHours(2.0)
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime
This example generates a blob SAS token with life time.
Example 3: Generate a User Identity SAS token with storage context based on OAuth authentication
$ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
$StartTime = Get-Date
$EndTime = $startTime.AddDays(6)
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -Context $ctx
This example generates a User Identity blob SAS token with storage context based on OAuth authentication
Parameters
-Blob
Specifies the storage blob name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
BlobNameWithPermission
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
BlobNameWithPolicy
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-BlobBaseClient
BlobBaseClient Object
Parameter properties
Type: BlobBaseClient
Default value: None Supports wildcards: False DontShow: False
Parameter sets
BlobPipelineWithPolicy
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
BlobPipelineWithPermission
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-CloudBlob
Specifies the CloudBlob object.
To obtain a CloudBlob object, use the Get-AzStorageBlob cmdlet.
Parameter properties
Type: CloudBlob
Default value: None Supports wildcards: False DontShow: False Aliases: ICloudBlob
Parameter sets
BlobPipelineWithPolicy
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
BlobPipelineWithPermission
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Container
Specifies the storage container name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
BlobNameWithPermission
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
BlobNameWithPolicy
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Context
Specifies the storage context.
When the storage context is based on OAuth authentication, will generates a User Identity blob SAS token.
Parameter properties
Type: IStorageContext
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: True Value from pipeline by property name: True Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EncryptionScope
Encryption scope to use when sending requests authorized with this SAS URI.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ExpiryTime
Specifies when the shared access signature expires.
When the storage context is based on OAuth authentication, the expire time must be in 7 days from current time, and must not be earlier than current time.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-FullUri
Indicates that this cmdlet return the full blob URI and the shared access signature token.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IPAddressOrRange
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70.
The range is inclusive.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Permission
Specifies the permissions for a storage blob.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
BlobNameWithPermission
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
BlobPipelineWithPermission
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Policy
Specifies an Azure Stored Access Policy.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
BlobPipelineWithPolicy
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
BlobNameWithPolicy
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Protocol
Specifies the protocol permitted for a request.
The acceptable values for this parameter are:
HttpsOnly
HttpsOrHttp
The default value is HttpsOrHttp.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StartTime
Specifies the time at which the shared access signature becomes valid.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
