使用服務連接器整合 Azure Blob 儲存體

發行項
09/25/2024

此頁面顯示使用服務連接器之 Azure Blob 儲存體支援的驗證類型、用戶端類型與範例程式碼。此頁面也顯示您在建立服務連線時取得的預設環境變數名稱和值 (或 Spring Boot 設定)。

支援的計算服務

服務連接器可用來將下列計算服務連線到 Azure Blob 儲存體：

Azure App Service
Azure 容器應用程式
Azure Functions
Azure Kubernetes Service (AKS)
Azure Spring Apps

支援的驗證類型和用戶端類型

下表顯示使用服務連接器將計算服務連線到 Azure Blob 儲存體時，支援哪些驗證方法和用戶端的組合。「是」表示支援的組合，而「否」則表示不支援。

用戶端類型	系統指派的受控識別	使用者指派的受控識別	祕密 / 連接字串	服務主體
.NET	Yes	.是	.是	Yes
Java	Yes	.是	.是	Yes
Java - Spring Boot	Yes	.是	.是	Yes
Node.js	Yes	.是	.是	Yes
Python	Yes	.是	.是	Yes
Go	Yes	.是	.是	Yes
無	Yes	.是	.是	Yes

此表明確指出支援的所有用戶端類型和驗證方法組合，但 Java - Spring Boot 用戶端類型 (其僅支援祕密/連接字串方法) 除外。所有其他用戶端類型都可以使用任何驗證方法，透過服務連接器連線到 Azure Blob 儲存體。

預設環境變數名稱或應用程式屬性和範例程式碼

根據連線的驗證類型和用戶端類型，參考下列表格中的連線詳細資料和範例程式碼，將計算服務連線到 Azure Blob 儲存體。您可以深入了解服務連接器環境變數命名慣例。

系統指派的受控識別

SpringBoot 用戶端

使用系統指派的受控識別進行驗證僅適用於 Spring Cloud Azure 4.0 版或更高版本。

預設環境變數名稱	描述	範例值
spring.cloud.azure.storage.blob.credential.managed-identity-enabled	是否要啟用受控識別	`True`
spring.cloud.azure.storage.blob.account-name	儲存體帳戶的名稱	`storage-account-name`
spring.cloud.azure.storage.blob.endpoint	Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`

其他用戶端

預設環境變數名稱	描述	範例值
AZURE_STORAGEBLOB_RESOURCEENDPOINT	Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`

範例指令碼

請參閱下面的步驟和程式碼，使用系統指派的受控識別連線到 Azure Blob 儲存體。

您可以使用 azure-identity，透過受控識別或服務主體進行驗證。從服務連接器新增的環境變數取得 Azure Blob 儲存體端點 URL。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

安裝相依性

dotnet add package Azure.Identity

以下是使用受控識別或服務主體連線到 Blob 儲存體的範例程式碼。

using Azure.Identity;
using Azure.Storage.Blobs;

// get Blob endpoint
var blobEndpoint = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_RESOURCEENDPOINT");

// Uncomment the following lines corresponding to the authentication type you want to use.
// system-assigned managed identity
// var credential = new DefaultAzureCredential();

// user-assigned managed identity
// var credential = new DefaultAzureCredential(
//     new DefaultAzureCredentialOptions
//     {
//         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
//     });

// service principal 
// var tenantId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTSECRET");
// var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

var blobServiceClient = new BlobServiceClient(
        new Uri(blobEndpoint),
        credential);

在您的 pom.xml 中新增下列相依性：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

使用 azure-identity 進行驗證，並從服務連接器新增的環境變數取得端點 URL。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

String url = System.getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT");  

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// for user assigned managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_STORAGEBLOB_CLIENTID"))
//     .build();

// for service principal
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_STORAGEBLOB_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_STORAGEBLOB_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_STORAGEBLOB_TENANTID>"))
//   .build();

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .endpoint(url)
    .credential(defaultCredential)
    .buildClient();

安裝相依性

pip install azure-identity
pip install azure-storage-blob

使用 azure-identity 程式庫進行驗證，並從服務連接器新增的環境變數取得端點 URL。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
from azure.storage.blob import BlobServiceClient
import os

account_url = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret) 

blob_service_client = BlobServiceClient(account_url, credential=cred)

安裝相依性。

pip install azure-identity
pip install django-storages[azure]

透過 azure-identity 程式庫進行驗證。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
import os

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

在設定檔中，新增下列幾行。如需詳細資訊，請參閱 django-storages[azure] (英文)。

# in your setting file, eg. settings.py
AZURE_CUSTOM_DOMAIN = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')
AZURE_ACCOUNT_NAME = AZURE_CUSTOM_DOMAIN.split('.')[0].removeprefix('https://')    
AZURE_TOKEN_CREDENTIAL = cred # this is the cred acquired from above step.

安裝相依性。

go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

在程式碼中，透過 azidentity 程式庫進行驗證。從服務連接器新增的環境變數取得 Azure Blob 儲存體端點 URL。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  account_endpoint = os.Getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT")

  // Uncomment the following lines corresponding to the authentication type you want to use.
  // for system-assigned managed identity
  // cred, err := azidentity.NewDefaultAzureCredential(nil)

  // for user-assigned managed identity
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // azidentity.ManagedIdentityCredentialOptions.ID := clientid
  // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
  // cred, err := azidentity.NewManagedIdentityCredential(options)

  // for service principal
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // tenantid := os.Getenv("AZURE_STORAGEBLOB_TENANTID")
  // clientsecret := os.Getenv("AZURE_STORAGEBLOB_CLIENTSECRET")
  // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

  if err != nil {
    // error handling
  }

  client, err := azblob.NewBlobServiceClient(account_endpoint, cred, nil)
}

安裝相依性

npm install --save @azure/identity
npm install @azure/storage-blob

從服務連接器新增的環境變數取得 Azure Blob 儲存體端點 URL。透過 @azure/identity 程式庫進行驗證。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";

const { BlobServiceClient } = require("@azure/storage-blob");

const account_url = process.env.AZURE_STORAGEBLOB_RESOURCEENDPOINT;

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system assigned managed identity
// const credential = new DefaultAzureCredential();

// for user assigned managed identity
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// for service principal
// const tenantId = process.env.AZURE_STORAGEBLOB_TENANTID;
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const clientSecret = process.env.AZURE_STORAGEBLOB_CLIENTSECRET;
// const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

const blobServiceClient = new BlobServiceClient(account_url, credential);

使用者指派的受控識別

SpringBoot 用戶端

使用使用者指派的受控識別進行驗證僅適用於 Spring Cloud Azure 4.0 版或更高版本。

預設環境變數名稱	描述	範例值
spring.cloud.azure.storage.blob.credential.managed-identity-enabled	是否要啟用受控識別	`True`
spring.cloud.azure.storage.blob.account-name	儲存體帳戶的名稱	`storage-account-name`
spring.cloud.azure.storage.blob.endpoint	Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`
spring.cloud.azure.storage.blob.credential.client-id	使用者指派之受控識別的用戶端識別碼	`00001111-aaaa-2222-bbbb-3333cccc4444`

其他用戶端

預設環境變數名稱	描述	範例值
AZURE_STORAGEBLOB_RESOURCEENDPOINT	Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`
AZURE_STORAGEBLOB_CLIENTID	您的用戶端識別碼	`<client-ID>`

範例指令碼

請參閱下面的步驟和程式碼，使用使用者指派的受控識別連線到 Azure Blob 儲存體。

安裝相依性

dotnet add package Azure.Identity

以下是使用受控識別或服務主體連線到 Blob 儲存體的範例程式碼。

using Azure.Identity;
using Azure.Storage.Blobs;

// get Blob endpoint
var blobEndpoint = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_RESOURCEENDPOINT");

// Uncomment the following lines corresponding to the authentication type you want to use.
// system-assigned managed identity
// var credential = new DefaultAzureCredential();

// user-assigned managed identity
// var credential = new DefaultAzureCredential(
//     new DefaultAzureCredentialOptions
//     {
//         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
//     });

// service principal 
// var tenantId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTSECRET");
// var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

var blobServiceClient = new BlobServiceClient(
        new Uri(blobEndpoint),
        credential);

在您的 pom.xml 中新增下列相依性：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

使用 azure-identity 進行驗證，並從服務連接器新增的環境變數取得端點 URL。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

String url = System.getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT");  

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// for user assigned managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_STORAGEBLOB_CLIENTID"))
//     .build();

// for service principal
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_STORAGEBLOB_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_STORAGEBLOB_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_STORAGEBLOB_TENANTID>"))
//   .build();

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .endpoint(url)
    .credential(defaultCredential)
    .buildClient();

安裝相依性

pip install azure-identity
pip install azure-storage-blob

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
from azure.storage.blob import BlobServiceClient
import os

account_url = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret) 

blob_service_client = BlobServiceClient(account_url, credential=cred)

安裝相依性。

pip install azure-identity
pip install django-storages[azure]

透過 azure-identity 程式庫進行驗證。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
import os

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

在設定檔中，新增下列幾行。如需詳細資訊，請參閱 django-storages[azure] (英文)。

# in your setting file, eg. settings.py
AZURE_CUSTOM_DOMAIN = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')
AZURE_ACCOUNT_NAME = AZURE_CUSTOM_DOMAIN.split('.')[0].removeprefix('https://')    
AZURE_TOKEN_CREDENTIAL = cred # this is the cred acquired from above step.

安裝相依性。

go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  account_endpoint = os.Getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT")

  // Uncomment the following lines corresponding to the authentication type you want to use.
  // for system-assigned managed identity
  // cred, err := azidentity.NewDefaultAzureCredential(nil)

  // for user-assigned managed identity
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // azidentity.ManagedIdentityCredentialOptions.ID := clientid
  // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
  // cred, err := azidentity.NewManagedIdentityCredential(options)

  // for service principal
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // tenantid := os.Getenv("AZURE_STORAGEBLOB_TENANTID")
  // clientsecret := os.Getenv("AZURE_STORAGEBLOB_CLIENTSECRET")
  // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

  if err != nil {
    // error handling
  }

  client, err := azblob.NewBlobServiceClient(account_endpoint, cred, nil)
}

安裝相依性

npm install --save @azure/identity
npm install @azure/storage-blob

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";

const { BlobServiceClient } = require("@azure/storage-blob");

const account_url = process.env.AZURE_STORAGEBLOB_RESOURCEENDPOINT;

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system assigned managed identity
// const credential = new DefaultAzureCredential();

// for user assigned managed identity
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// for service principal
// const tenantId = process.env.AZURE_STORAGEBLOB_TENANTID;
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const clientSecret = process.env.AZURE_STORAGEBLOB_CLIENTSECRET;
// const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

const blobServiceClient = new BlobServiceClient(account_url, credential);

Connection string

警告

Microsoft 建議您使用最安全的可用驗證流程。這個程序描述的驗證流程需要在應用程式中具備極高的信任度，且伴隨著其他流程並未面臨的風險。請僅在其他較安全的流程 (例如受控身分識別) 皆不具可行性的情況下，才使用這個流程。

SpringBoot 用戶端

應用程式屬性	描述	範例值
azure.storage.account-name	您的 Blob 儲存體帳戶名稱	`<storage-account-name>`
azure.storage.account-key	您的 Blob 儲存體帳戶金鑰	`<account-key>`
azure.storage.blob-endpoint	您的 Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`
spring.cloud.azure.storage.blob.account-name	Spring Cloud Azure 版本 4.0 或以上的 Blob 儲存體帳戶名稱	`<storage-account-name>`
spring.cloud.azure.storage.blob.account-key	Spring Cloud Azure 版本 4.0 或以上的 Blob 儲存體帳戶金鑰	`<account-key>`
spring.cloud.azure.storage.blob.endpoint	Spring Cloud Azure 版本 4.0 或以上的 Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`

其他用戶端

預設環境變數名稱	描述	範例值
AZURE_STORAGEBLOB_CONNECTIONSTRING	Blob 儲存體連接字串	`DefaultEndpointsProtocol=https;AccountName=<account name>;AccountKey=<account-key>;EndpointSuffix=core.windows.net`

範例指令碼

請參閱下面的步驟和程式碼，使用連接字串連線到 Azure Blob 儲存體。

從服務連接器新增的環境變數取得 Azure Blob 儲存體連接字串。

安裝相依性

dotnet add package Azure.Storage.Blob

using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using System; 

// get Blob connection string
var connectionString = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CONNECTIONSTRING");

// Create a BlobServiceClient object 
var blobServiceClient = new BlobServiceClient(connectionString);

在您的 pom.xml 中新增下列相依性：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>

從環境變數取得連接字串以連線到 Azure Blob 儲存體：

String connectionStr = System.getenv("AZURE_STORAGEBLOB_CONNECTIONSTRING");
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .connectionString(connectionStr)
    .buildClient();

安裝相依性
```
pip install azure-storage-blob
```

從服務連接器新增的環境變數取得 Azure Blob 儲存體連接字串。

from azure.storage.blob import BlobServiceClient
import os

connection_str = os.getenv('AZURE_STORAGEBLOB_CONNECTIONSTRING')

blob_service_client = BlobServiceClient.from_connection_string(connection_str)

安裝相依性。
```
pip install django-storages[azure]
```
根據您的 Django 版本，在 Django 設定檔中配置並設定 Azure Blob 儲存體後端。如需詳細資訊，請參閱 django-storages[azure] (英文)。

在設定檔中，新增下列幾行。

# in your setting file, eg. settings.py
AZURE_CONNECTION_STRING = os.getenv('AZURE_STORAGEBLOB_CONNECTIONSTRING')

安裝相依性。

go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

從服務連接器新增的環境變數取得 Azure Blob 儲存體連接字串。

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  connection_str = os.LookupEnv("AZURE_STORAGEBLOB_CONNECTIONSTRING")     
  client, err := azblob.NewClientFromConnectionString(connection_str, nil);
}

安裝相依性
```
npm install @azure/storage-blob
```

從服務連接器新增的環境變數取得 Azure Blob 儲存體連接字串。

const { BlobServiceClient } = require("@azure/storage-blob");

const connection_str = process.env.AZURE_STORAGEBLOB_CONNECTIONSTRING;
const blobServiceClient = BlobServiceClient.fromConnectionString(connection_str);

服務主體

SpringBoot 用戶端

使用服務主體進行驗證僅適用於 Spring Cloud Azure 4.0 版或更高版本。

預設環境變數名稱	描述	範例值
spring.cloud.azure.storage.blob.account-name	儲存體帳戶的名稱	`storage-account-name`
spring.cloud.azure.storage.blob.endpoint	Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`
spring.cloud.azure.storage.blob.credential.client-id	服務主體的用戶端識別碼	`00001111-aaaa-2222-bbbb-3333cccc4444`
spring.cloud.azure.storage.blob.credential.client-secret	執行服務主體驗證的客戶端密碼	`Aa1Bb~2Cc3.-Dd4Ee5Ff6Gg7Hh8Ii9_Jj0Kk1Ll2`

其他用戶端

預設環境變數名稱	描述	範例值
AZURE_STORAGEBLOB_RESOURCEENDPOINT	Blob 儲存體端點	`https://<storage-account-name>.blob.core.windows.net/`
AZURE_STORAGEBLOB_CLIENTID	您的用戶端識別碼	`<client-ID>`
AZURE_STORAGEBLOB_CLIENTSECRET	您的用戶端密碼	`<client-secret>`
AZURE_STORAGEBLOB_TENANTID	您的租用戶識別碼	`<tenant-ID>`

範例指令碼

請參閱下面的步驟和程式碼，使用服務主體連線到 Azure Blob 儲存體。

安裝相依性

dotnet add package Azure.Identity

以下是使用受控識別或服務主體連線到 Blob 儲存體的範例程式碼。

using Azure.Identity;
using Azure.Storage.Blobs;

// get Blob endpoint
var blobEndpoint = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_RESOURCEENDPOINT");

// Uncomment the following lines corresponding to the authentication type you want to use.
// system-assigned managed identity
// var credential = new DefaultAzureCredential();

// user-assigned managed identity
// var credential = new DefaultAzureCredential(
//     new DefaultAzureCredentialOptions
//     {
//         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
//     });

// service principal 
// var tenantId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTSECRET");
// var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

var blobServiceClient = new BlobServiceClient(
        new Uri(blobEndpoint),
        credential);

在您的 pom.xml 中新增下列相依性：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

使用 azure-identity 進行驗證，並從服務連接器新增的環境變數取得端點 URL。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

String url = System.getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT");  

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// for user assigned managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_STORAGEBLOB_CLIENTID"))
//     .build();

// for service principal
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_STORAGEBLOB_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_STORAGEBLOB_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_STORAGEBLOB_TENANTID>"))
//   .build();

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .endpoint(url)
    .credential(defaultCredential)
    .buildClient();

安裝相依性

pip install azure-identity
pip install azure-storage-blob

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
from azure.storage.blob import BlobServiceClient
import os

account_url = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret) 

blob_service_client = BlobServiceClient(account_url, credential=cred)

安裝相依性。

pip install azure-identity
pip install django-storages[azure]

透過 azure-identity 程式庫進行驗證。使用下列程式代碼時，請取消註解您想要使用的驗證類型代碼段部分。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
import os

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

在設定檔中，新增下列幾行。如需詳細資訊，請參閱 django-storages[azure] (英文)。

# in your setting file, eg. settings.py
AZURE_CUSTOM_DOMAIN = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')
AZURE_ACCOUNT_NAME = AZURE_CUSTOM_DOMAIN.split('.')[0].removeprefix('https://')    
AZURE_TOKEN_CREDENTIAL = cred # this is the cred acquired from above step.

安裝相依性。

go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  account_endpoint = os.Getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT")

  // Uncomment the following lines corresponding to the authentication type you want to use.
  // for system-assigned managed identity
  // cred, err := azidentity.NewDefaultAzureCredential(nil)

  // for user-assigned managed identity
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // azidentity.ManagedIdentityCredentialOptions.ID := clientid
  // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
  // cred, err := azidentity.NewManagedIdentityCredential(options)

  // for service principal
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // tenantid := os.Getenv("AZURE_STORAGEBLOB_TENANTID")
  // clientsecret := os.Getenv("AZURE_STORAGEBLOB_CLIENTSECRET")
  // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

  if err != nil {
    // error handling
  }

  client, err := azblob.NewBlobServiceClient(account_endpoint, cred, nil)
}

安裝相依性

npm install --save @azure/identity
npm install @azure/storage-blob

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";

const { BlobServiceClient } = require("@azure/storage-blob");

const account_url = process.env.AZURE_STORAGEBLOB_RESOURCEENDPOINT;

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system assigned managed identity
// const credential = new DefaultAzureCredential();

// for user assigned managed identity
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// for service principal
// const tenantId = process.env.AZURE_STORAGEBLOB_TENANTID;
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const clientSecret = process.env.AZURE_STORAGEBLOB_CLIENTSECRET;
// const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

const blobServiceClient = new BlobServiceClient(account_url, credential);

下一步

請遵循教學課程以深入了解服務連接器。

了解服務連接器概念

共用方式為

使用服務連接器整合 Azure Blob 儲存體

支援的計算服務

支援的驗證類型和用戶端類型

預設環境變數名稱或應用程式屬性和範例程式碼

系統指派的受控識別

SpringBoot 用戶端

其他用戶端

範例指令碼

使用者指派的受控識別

SpringBoot 用戶端

其他用戶端

範例指令碼

Connection string

SpringBoot 用戶端

其他用戶端

範例指令碼

服務主體

SpringBoot 用戶端

其他用戶端

範例指令碼

下一步

意見反應

其他資源