Sign-up now and get instant access
Leave a comment
Customized training to master new skills and grow your business.
Beginner to advanced classes taught by Microsoft MVPs and Authors.
In-depth boot camps take you from a novice to mastery in less than a week.
Season Learning Pass
Get access to our very best training offerings for successful up-skilling.
Stream Pro Plus
Combine On-Demand Learning platform with face-to-face Virtual Mentoring.
Quick references for when you need a little guidance.
Summaries developed in conjunction with our Learn with the Nerds sessions.
Digital goodies - code samples, student files, and other must have files.
Stay up-to-date on all things Power BI, Power Apps, Microsoft 365 and Azure.
Earn money by driving sales through the Pragmatic Works' Training Affiliate Program.
It's time to address your client's training needs.
Learn how to get into IT with free training and mentorship.
Discover the faces behind our success: Meet our dedicated team
How can we help? Connect with Our Team Today!
Find all the information you’re looking for. We’re happy to help.
In this final blog of my series, ‘3 Things to Know About Azure’, my topic is Shared Access Signatures, or SAS, for accessing Azure storage.
When working with Azure storage, the keys operate like route passwords to your storage. Because of this, they should never be stored in plain text, distributed to users or embedded in applications. In short, don’t give out your account keys, use Shared Access Signatures instead.
Here at Pragmatic Works we’ve been using Shared Access Signatures recently in two scenarios: for backup and restore operations with SQL Managed Instances and for managing storage accounts to Azure Databricks. Here are 3 things to know about SAS:
1. Share Access Signatures are not stored in a recoverable way with your storage account. A bit of a shocking experience for most. Once you generate the signature, you should copy it to a desired location or to an intermediate space such as a Notepad.
When you close the window where you’ve created the signature, you’ll have to recreate it if you need it again. Microsoft does not store this signature anywhere within the platform, so it’s not recoverable from that perspective. You’ll need a copy of the various keys and connection strings if you plan to use that for more than one application.
2. Share Access Signatures protect your account keys. If an SAS is exposed, you can terminate it without impacting other signatures or other account keys. However, if your account key were to be compromised, all Shared Access Signatures and other applications using that account key will need to be reset. A key reason why we recommend using SAS.
3. Shared Access Signatures provide granular control to your storage. Access keys give you full rights to everything in your storage account, but with SAS you’re able to limit the access capabilities of its users. You can limit capabilities such as read, write or update or to containers, plus you can timebox when the signature is valid for. This allows for temporary access to your storage account and easily managing different levels of access to folks within or outside of your organization.
On last important thing to tell you is that Microsoft has Azure Active Directory Access coming for storage. As of this writing, this is in preview, but it will likely be the preferred choice for individual access in the future. If you begin working with Share Access Signatures, you’ll have the opportunity to switch to Azure Active Directory to secure access to your storage for internal users when this is generally available.
If you have questions about securing access to Azure storage with Share Access Signatures or anything Azure related, we are the people to talk to. Click the link below or contact us—we’re here to help where ever you are on your Azure journey.
Join other Azure, Power Platform and SQL Server pros by subscribing to our blog.