Related Articles
Newsletter
Join our blog
Join other Azure, Power Platform and SQL Server pros by subscribing to our blog.


-1.png)
Start with the FREE community plan and get your lifetime access to 20+ courses. Get Instant Access Now!
Need help? Talk to an expert: (904) 638-5743
Private Classes
Private deliveries of courses for groups
On-Demand Learning
Beginner to advanced classes taught by Microsoft MVPs and Authors.
Bootcamps
In-depth boot camps take you from a novice to mastery in less than a week.
Season Learning Pass
Get access to our very best training offerings for successful up-skilling.
Stream Pro Plus
Combine On-Demand Learning platform with face-to-face Virtual Mentoring.
Certification Training
Prepare and ace your next certification with CertXP.
Cheat Sheets
Quick references for when you need a little guidance.
Prag Guides
Explore our knowledge base for quick tips on syntax, functions, and more!
Downloads
Digital goodies - code samples, student files, and other must have files.
Blog
Stay up-to-date on all things Power BI, Power Apps, Microsoft 365 and Azure.
Community Discord Server
Start here for technology questions to get answers from the community.
Career Guides
Breaking into the field? Let these guides help get you started with a plan.
Nerd Guides
Summaries developed in conjunction with our Learn with the Nerds sessions.
Quickstarts
Hands-on training with expert-led collaborative development.
Private Training
Personalized approach for your specific training requirements
Hackathons
Use your own data to take your team's skills to the next level.
Virtual mentoring
Get there faster with your personal trainer.
Enablement
Comprehensive enterprise enablement training for your team.
Admin Hackathon
Tame your power platform environment.
In this final blog of my series, ‘3 Things to Know About Azure’, my topic is Shared Access Signatures, or SAS, for accessing Azure storage.
When working with Azure storage, the keys operate like route passwords to your storage. Because of this, they should never be stored in plain text, distributed to users or embedded in applications. In short, don’t give out your account keys, use Shared Access Signatures instead.
Here at Pragmatic Works we’ve been using Shared Access Signatures recently in two scenarios: for backup and restore operations with SQL Managed Instances and for managing storage accounts to Azure Databricks. Here are 3 things to know about SAS:
1. Share Access Signatures are not stored in a recoverable way with your storage account. A bit of a shocking experience for most. Once you generate the signature, you should copy it to a desired location or to an intermediate space such as a Notepad.
When you close the window where you’ve created the signature, you’ll have to recreate it if you need it again. Microsoft does not store this signature anywhere within the platform, so it’s not recoverable from that perspective. You’ll need a copy of the various keys and connection strings if you plan to use that for more than one application.
2. Share Access Signatures protect your account keys. If an SAS is exposed, you can terminate it without impacting other signatures or other account keys. However, if your account key were to be compromised, all Shared Access Signatures and other applications using that account key will need to be reset. A key reason why we recommend using SAS.
3. Shared Access Signatures provide granular control to your storage. Access keys give you full rights to everything in your storage account, but with SAS you’re able to limit the access capabilities of its users. You can limit capabilities such as read, write or update or to containers, plus you can timebox when the signature is valid for. This allows for temporary access to your storage account and easily managing different levels of access to folks within or outside of your organization.
On last important thing to tell you is that Microsoft has Azure Active Directory Access coming for storage. As of this writing, this is in preview, but it will likely be the preferred choice for individual access in the future. If you begin working with Share Access Signatures, you’ll have the opportunity to switch to Azure Active Directory to secure access to your storage for internal users when this is generally available.
If you have questions about securing access to Azure storage with Share Access Signatures or anything Azure related, we are the people to talk to. Click the link below or contact us—we’re here to help where ever you are on your Azure journey.
ABOUT THE AUTHOR
Free Trial
private training
Newsletter
Join other Azure, Power Platform and SQL Server pros by subscribing to our blog.
Leave a comment