Generate SAS tokens for your storage containers

In this article, you'll learn how to create shared access signature (SAS) tokens using the Azure Storage Explorer or the Azure portal. An SAS token provides secure, delegated access to resources in your Azure storage account.

Create your SAS tokens with Azure Storage Explorer

Prerequisites

  • You'll need a Azure Storage Explorer app installed in your Windows, macOS, or Linux development environment. Azure Storage Explorer is a free tool that enables you to easily manage your Azure cloud storage resources.
  • After the Azure Storage Explorer app is installed, connect it the storage account you're using for Document Translation.

Create your tokens

  1. Open the Azure Storage Explorer app on your local machine and navigate to your connected Storage Accounts.

  2. Expand the Storage Accounts node and select Blob Containers.

  3. Expand the Blob Containers node and right-click on a storage container node or to display the options menu.

  4. Select Get Shared Access Signature... from options menu.

  5. In the Shared Access Signature window, make the following selections:

    • Select your Access policy (the default is none).
    • Specify the signed key Start and Expiry date and time. A short lifespan is recommended because, once generated, an SAS can't be revoked.
    • Select the Time zone for the Start and Expiry date and time (default is Local).
    • Define your container Permissions by checking and/or clearing the appropriate check box.
    • Review and select Create.
  6. A new window will appear with the Container name, URI, and Query string for your container.

  7. Copy and paste the container, URI, and query string values in a secure location. They'll only be displayed once and can't be retrieved once the window is closed.

  8. To construct an SAS URL, append the SAS token (URI) to the URL for a storage service.

Create SAS tokens for blobs in the Azure portal

Prerequisites

To get started, you'll need:

Create your tokens

Go to the Azure portal and navigate as follows:

Your storage accountcontainersyour containeryour blob

  1. Select Generate SAS from the menu near the top of the page.

  2. Select Signing methodUser delegation key.

  3. Define Permissions by checking and/or clearing the appropriate check box.

  4. Specify the signed key Start and Expiry times.

  5. The Allowed IP addresses field is optional and specifies an IP address or a range of IP addresses from which to accept requests. If the request IP address doesn't match the IP address or address range specified on the SAS token, it won't be authorized.

  6. The Allowed protocols field is optional and specifies the protocol permitted for a request made with the SAS. The default value is HTTPS.

  7. Review then select Generate SAS token and URL.

  8. The Blob SAS token query string and Blob SAS URL will be displayed in the lower area of window.

  9. Copy and paste the Blob SAS token and URL values in a secure location. They'll only be displayed once and cannot be retrieved once the window is closed.

  10. To construct an SAS URL, append the SAS token (URI) to the URL for a storage service.

Learn more

Next steps