Related Articles
Newsletter
Join our blog
Join other Azure, Power Platform and SQL Server pros by subscribing to our blog.
Start with the FREE community plan and get your lifetime access to 20+ courses. Get Instant Access Now!
Need help? Talk to an expert: (904) 638-5743
Private Training
Customized training to master new skills and grow your business.
On-Demand Learning
Beginner to advanced classes taught by Microsoft MVPs and Authors.
Bootcamps
In-depth boot camps take you from a novice to mastery in less than a week.
Season Learning Pass
Get access to our very best training offerings for successful up-skilling.
Stream Pro Plus
Combine On-Demand Learning platform with face-to-face Virtual Mentoring.
Certification Training
Prepare and ace your next certification with CertXP.
Private Training
All Courses
View all of the courses available on our on-demand learning platform.
By Learning Path
Explore our courses based on role-specific learning path.
By Product
Find all of the courses for the product you want to master.
Power BI
Turn data into actionable insights with our Power BI courses
Power Apps
Learn to build custom business solutions with ease
Cheat Sheets
Quick references for when you need a little guidance.
Nerd Guides
Summaries developed in conjunction with our Learn with the Nerds sessions.
Downloads
Digital goodies - code samples, student files, and other must have files.
Blog
Stay up-to-date on all things Power BI, Power Apps, Microsoft 365 and Azure.
Community Discord Server
Start here for technology questions to get answers from the community.
Career Guides
Breaking into the field? Let these guides help get you started with a plan.
Affiliate Program
Earn money by driving sales through the Pragmatic Works' Training Affiliate Program.
Reseller Partner
It's time to address your client's training needs.
Foundation
Learn how to get into IT with free training and mentorship.
Management Team
Discover the faces behind our success: Meet our dedicated team
Contact Us
How can we help? Connect with Our Team Today!
FAQs
Find all the information you’re looking for. We’re happy to help.
In this final blog of my series, ‘3 Things to Know About Azure’, my topic is Shared Access Signatures, or SAS, for accessing Azure storage.
When working with Azure storage, the keys operate like route passwords to your storage. Because of this, they should never be stored in plain text, distributed to users or embedded in applications. In short, don’t give out your account keys, use Shared Access Signatures instead.
Here at Pragmatic Works we’ve been using Shared Access Signatures recently in two scenarios: for backup and restore operations with SQL Managed Instances and for managing storage accounts to Azure Databricks. Here are 3 things to know about SAS:
1. Share Access Signatures are not stored in a recoverable way with your storage account. A bit of a shocking experience for most. Once you generate the signature, you should copy it to a desired location or to an intermediate space such as a Notepad.
When you close the window where you’ve created the signature, you’ll have to recreate it if you need it again. Microsoft does not store this signature anywhere within the platform, so it’s not recoverable from that perspective. You’ll need a copy of the various keys and connection strings if you plan to use that for more than one application.
2. Share Access Signatures protect your account keys. If an SAS is exposed, you can terminate it without impacting other signatures or other account keys. However, if your account key were to be compromised, all Shared Access Signatures and other applications using that account key will need to be reset. A key reason why we recommend using SAS.
3. Shared Access Signatures provide granular control to your storage. Access keys give you full rights to everything in your storage account, but with SAS you’re able to limit the access capabilities of its users. You can limit capabilities such as read, write or update or to containers, plus you can timebox when the signature is valid for. This allows for temporary access to your storage account and easily managing different levels of access to folks within or outside of your organization.
On last important thing to tell you is that Microsoft has Azure Active Directory Access coming for storage. As of this writing, this is in preview, but it will likely be the preferred choice for individual access in the future. If you begin working with Share Access Signatures, you’ll have the opportunity to switch to Azure Active Directory to secure access to your storage for internal users when this is generally available.
If you have questions about securing access to Azure storage with Share Access Signatures or anything Azure related, we are the people to talk to. Click the link below or contact us—we’re here to help where ever you are on your Azure journey.
ABOUT THE AUTHOR
Free Trial
private training
Newsletter
Join other Azure, Power Platform and SQL Server pros by subscribing to our blog.
Leave a comment