skip to Main Content

I have the script to list the container files using the SAS token, But in our organization, they have stored this SAS token in the Azure vault and shared the read access with us. We are not able to view the SAS token from the vault instead we can use the vault secret name.

Please help to list the container files using Azure vault Secrets.

 $ContainerSAS = "sas*******"
 $StorageAccountName = "trialstorageaccount3"
 $ContainerName = "trialcontainer1"
 $Blob1Name = "AdventureWorksLT2019.bak"
 $TargetFolderPath = "D:AnandDownloadsHTCDATAAzureBlob"
    
 $context = New-AzureStorageContext -StorageAccountName $StorageAccountName -SASToken $ContainerSAS
    
 $blobs = Get-AzureStorageBlob -Container $ContainerName -Context $context
    
 foreach($blob in $blobs) {
     Write-Host $blob.Name
     # New-Item -ItemType Directory -Force -Path $destination_path
     # Get-AzureStorageBlobContent -Container $ContainerName -Blob $blob.Name -Destination $TargetFolderPath -Context $context
 }

2

Answers


  1. You can use the Get-AzKeyVaultSecret to get the access token from the keyVault secret with respective SAS Definition.

    To retrieve the specific SAS Definition, you have to use the below PowerShell Command

    
    # Take a substring of vault secret from the secret identifier 
    # https://<keyvaultName>.vault.azure.net/secrets/<vault name>/<vault secret>
    
    $sas = Set-AzKeyVaultManagedStorageSasDefinition -AccountName <StorageAccount Name> -VaultName <vault Name> -Name accountsas -TemplateUri <Template Uri> -SasType 'account' -ValidityPeriod ([System.Timespan]::FromDays(30))
    
    Get-AzKeyVaultSecret -VaultName <Keyvault Name> -Name $sas.Sid.Substring($sas.Sid.LastIndexOf('/')+1)
    

    After retrieving the SAS Definition try to list the container files.

    Refer here for more information.

    Login or Signup to reply.
  2. You can use the PowerShell script below to list the blobs inside the container. In the script below Storage context will be created using the secret value that is stored in the keyvault.

    $ContainerName="<containerName>"
    $StorageAccountName = "<storageAccountName>"
    $secretName="<KeyVaultSecretnName>"
    $KeyvaultName="<KeyVaultName>"
    
    $secret = Get-AzKeyVaultSecret -VaultName $KeyvaultName -Name $secretName -AsPlainText #Pull the secret value from keyvault and Stored in secret variable as plaintext format
    
    $context= New-AzStorageContext -StorageAccountName $StorageAccountName -SasToken $secret
    
    Get-AzStorageBlob -Container $ContainerName -Context $context | select -Property Name,ContentType
    

    I have tested the above PowerShell Script and it is working from our end . I would suggest you to check the same from your end as well.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search