New-AzureStorageBlobSASToken
Generates a SAS token for an Azure storage blob.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
New-AzureStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] New-AzureStorageBlobSASToken
-CloudBlob <CloudBlob>
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] New-AzureStorageBlobSASToken
-CloudBlob <CloudBlob>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] New-AzureStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The New-AzureStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.
Examples
Example 1: Generate a blob SAS token with full blob permission
PS C:\>New-AzureStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwdThis example generates a blob SAS token with full blob permission.
Example 2: Generate a blob SAS token with life time
PS C:\> $StartTime = Get-Date
PS C:\> $EndTime = $startTime.AddHours(2.0)
PS C:\> New-AzureStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTimeThis example generates a blob SAS token with life time.
Parameters
-Blob
Specifies the storage blob name.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CloudBlob
Specifies the CloudBlob object. To obtain a CloudBlob object, use the Get-AzureStorageBlob cmdlet.
| Type: | CloudBlob |
| Aliases: | ICloudBlob |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Container
Specifies the storage container name.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Context
Specifies the storage context.
| Type: | IStorageContext |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExpiryTime
Specifies when the shared access signature expires.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FullUri
Indicates that this cmdlet return the full blob URI and the shared access signature token.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IPAddressOrRange
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Permission
Specifies the permissions for a storage blob.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Policy
Specifies an Azure Stored Access Policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Protocol
Specifies the protocol permitted for a request. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp The default value is HttpsOrHttp.
| Type: | Nullable<T>[SharedAccessProtocol] |
| Accepted values: | HttpsOnly, HttpsOrHttp |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StartTime
Specifies the time at which the shared access signature becomes valid.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |