Using a Shared Access Signature (SAS) is usually the best way to control access rights to Azure storage resources (like a container for backups) without exposing the primary / secondary storage keys. It is based on a URI and this is what I want to look at today.
I always use the Azure Storage Explorer to build a SAS token. Let’s dig into what the different parts mean.
- In red is the start time (ST) and expiry time (SE) for the access.
- In blue SP = permissions assigned, for this example being read, write, delete and list.
- In green, SV is the storage version in use.
- Dark blue is SR which is the service resource accessed, c = container.
- Orange is SIG, used to authenticate to the resource.
All combined gives the unique URI.