Home > other >  How to create Azure Container SAS Token signed with Account key with PowerShell?
How to create Azure Container SAS Token signed with Account key with PowerShell?

Time:07-23

I need to create a SAS token for a container using PowerShell with an expiry date one year from now. If I use New-AzStorageContainerSASToken I cannot set an expiry date after 7 days because it uses a user delegation key.

For example, if I do this:

$container = New-AzStorageContainer -Name $saName -Context $backupContext
$token = $container | New-AzStorageContainerSASToken -Permission rwdl -ExpiryTime (Get-Date).AddYears(1)

I get error

New-AzStorageContainerSASToken: Generate User Delegation SAS with OAuth bases Storage context. User Delegate Key expiry time 20/07/2023 15:46:12  00:00 must be in 7 days from now.

How can I specify to sign with the account key instead?

CodePudding user response:

If you have access to the account name and key, you can create a context using that. You can then pass that context to New-AzStorageContainerSASToken Cmdlet.

Something like:

$ctx = New-AzStorageContext -StorageAccountName "account-name" -StorageAccountKey "account-key"
$container = New-AzStorageContainer -Name $saName -Context $ctx
$token = $container | New-AzStorageContainerSASToken -Permission rwdl -ExpiryTime (Get-Date).AddYears(1) -Context $ctx

You can learn more about New-AzStorageContext here: https://docs.microsoft.com/en-us/powershell/module/az.storage/new-azstoragecontext?view=azps-8.1.0.

  • Related