0

Can these issues be sorted out or any feedback comments welcome.

  • Using for the Azcopy the SAS token can this be done without SAS token or way out which this operation can be performed in another alternative
  • Suggestions on the expiry time to be set on SAS token, how about security breaches.
  • Use on the SAS token is it workable by alternative where we can generate for every 1 hour automatically on the bash script where SAS is used.
Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
Anirudh B
  • 39
  • 6
  • Also Comment on the Non expiration option if any. – Anirudh B Mar 05 '20 at 12:59
  • 1
    For what purpose you’re using azcopy? Is it for upload, download or something else? – Gaurav Mantri Mar 05 '20 at 13:26
  • @Gaurav Mantra azcopy is being used within a bash script to perform file copy from the sftP server(Linux vm) local to azure blob. – Anirudh B Mar 05 '20 at 14:30
  • 1
    @AnirudhBragadeesana If you want to copy a large amount of files with azcopy, I think you can use Azure AD Authentication. For more details, please refer to https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#option-1-use-azure-active-directory – Jim Xu Mar 06 '20 at 01:35
  • Thank you. I was using managed identity and completed it ... – Anirudh B Mar 08 '20 at 09:01
  • @AnirudhBragadeesan Do you have any other concerns? If you have no other concerns, could you please accept the answer? It may help more people. – Jim Xu Mar 09 '20 at 01:56
  • @ Jim Xu today only I logged in office today I have done thank you -Could you Please help me for Azure table storage REST API also? – Anirudh B Mar 09 '20 at 05:53
  • @AnirudhBragadeesan If you have any other concerns about Azure table storage rest api, you can create a new issue and @ me – Jim Xu Mar 09 '20 at 05:59

1 Answers1

1

If you want to upload large amounts of files to Azure blob and it will spend lots of time, I suggest you use Azure AD Authentication. It may be a better way. And, Azcopy supports multiple Azure AD Authentication ways, such as managed identity, User, Service principal. But, please note that no matter which method you use, you need to assign Storage Blob Data Contributor for them. For more details, please refer to the document

For example, I use a service principal

  1. create a service principal and assign Reader role for the sp.
az login
az account set --subscription "<your subscription id>"
# it will assign Storage Blob Data Contributor to the sp at subscription level
az ad sp create-for-rbac -n "mysample" --role Storage Blob Data Contributor

enter image description here

  1. Azcopy login with Powershell
$env:AZCOPY_SPA_CLIENT_SECRET="$(Read-Host -prompt "Enter key")"
azcopy login --service-principal --application-id <application-id> --tenant-id=<tenant-id>
  1. Use azcopy
Community
  • 1
  • 1
Jim Xu
  • 21,610
  • 2
  • 19
  • 39