az storage container

Manage blob storage containers.

Please specify one of the following authentication parameters for your commands: --auth-mode, --account-key, --connection-string, --sas-token. You also can use corresponding environment variables to store your authentication credentials, e.g. AZURE_STORAGE_KEY, AZURE_STORAGE_CONNECTION_STRING and AZURE_STORAGE_SAS_TOKEN.

Commands

az storage container create

Create a container in a storage account.

az storage container delete

Marks the specified container for deletion.

az storage container exists

Check for the existence of a storage container.

az storage container generate-sas

Generate a SAS token for a storage container.

az storage container immutability-policy

Manage container immutability policies.

az storage container immutability-policy create

Create or update an unlocked immutability policy.

az storage container immutability-policy delete

Aborts an unlocked immutability policy.

az storage container immutability-policy extend

Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.

az storage container immutability-policy lock

Sets the ImmutabilityPolicy to Locked state.

az storage container immutability-policy show

Gets the existing immutability policy along with the corresponding ETag in response headers and body.

az storage container lease

Manage blob storage container leases.

az storage container lease acquire

Requests a new lease.

az storage container lease break

Break the lease, if the container has an active lease.

az storage container lease change

Change the lease ID of an active lease.

az storage container lease release

Release the lease.

az storage container lease renew

Renews the lease.

az storage container legal-hold

Manage container legal holds.

az storage container legal-hold clear

Clear legal hold tags.

az storage container legal-hold set

Set legal hold tags.

az storage container legal-hold show

Get the legal hold properties of a container.

az storage container list

List containers in a storage account.

az storage container metadata

Manage container metadata.

az storage container metadata show

Returns all user-defined metadata for the specified container.

az storage container metadata update

Sets one or more user-defined name-value pairs for the specified container.

az storage container policy

Manage container stored access policies.

az storage container policy create

Create a stored access policy on the containing object.

az storage container policy delete

Delete a stored access policy on a containing object.

az storage container policy list

List stored access policies on a containing object.

az storage container policy show

Show a stored access policy on a containing object.

az storage container policy update

Set a stored access policy on a containing object.

az storage container restore

Restore soft-deleted container.

az storage container set-permission

Sets the permissions for the specified container or stored access policies that may be used with Shared Access Signatures.

az storage container show

Returns all user-defined metadata and system properties for the specified container.

az storage container show-permission

Gets the permissions for the specified container.

az storage container create

Create a container in a storage account.

By default, container data is private ("off") to the account owner. Use "blob" to allow public read access for blobs. Use "container" to allow public read and list access to the entire container. You can configure the --public-access using az storage container set-permission -n CONTAINER_NAME --public-access blob/container/off.

az storage container create --name
                            [--account-key]
                            [--account-name]
                            [--auth-mode {key, login}]
                            [--connection-string]
                            [--default-encryption-scope]
                            [--fail-on-exist]
                            [--metadata]
                            [--prevent-encryption-scope-override {false, true}]
                            [--public-access {blob, container, off}]
                            [--resource-group]
                            [--sas-token]
                            [--timeout]

Examples

Create a storage container in a storage account.

az storage container create -n mystoragecontainer

Create a storage container in a storage account and return an error if the container already exists.

az storage container create -n mystoragecontainer --fail-on-exist

Create a storage container in a storage account and allow public read access for blobs.

az storage container create -n mystoragecontainer --public-access blob

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--default-encryption-scope -d

Default the container to use specified encryption scope for all writes.

--fail-on-exist

Throw an exception if the container already exists.

--metadata

Metadata in space-separated key=value pairs. This overwrites any existing metadata.

--prevent-encryption-scope-override -p

Block override of encryption scope from the container default.

accepted values: false, true
--public-access

Specifies whether data in the container may be accessed publicly.

accepted values: blob, container, off
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container delete

Marks the specified container for deletion.

The container and any blobs contained within it are later deleted during garbage collection.

az storage container delete --name
                            [--account-key]
                            [--account-name]
                            [--auth-mode {key, login}]
                            [--bypass-immutability-policy]
                            [--connection-string]
                            [--fail-not-exist]
                            [--if-modified-since]
                            [--if-unmodified-since]
                            [--lease-id]
                            [--sas-token]
                            [--timeout]

Examples

Marks the specified container for deletion. (autogenerated)

az storage container delete --account-key 00000000 --account-name MyAccount --name mycontainer

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--bypass-immutability-policy

Bypasses upcoming service behavior that will block a container from being deleted if it has a immutability-policy. Specifying this will ignore arguments aside from those used to identify the container ("--name", "--account-name").

--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--fail-not-exist

Throw an exception if the container does not exist.

--if-modified-since

Commence only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--if-unmodified-since

Commence only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--lease-id

If specified, delete_container only succeeds if the container's lease is active and matches this ID. Required if the container has an active lease.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container exists

Check for the existence of a storage container.

az storage container exists --name
                            [--account-key]
                            [--account-name]
                            [--auth-mode {key, login}]
                            [--connection-string]
                            [--sas-token]
                            [--timeout]

Examples

Check for the existence of a storage container. (autogenerated)

az storage container exists --account-name mystorageccount --account-key 00000000 --name mycontainer

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container generate-sas

Generate a SAS token for a storage container.

az storage container generate-sas --name
                                  [--account-key]
                                  [--account-name]
                                  [--as-user]
                                  [--auth-mode {key, login}]
                                  [--blob-endpoint]
                                  [--cache-control]
                                  [--connection-string]
                                  [--content-disposition]
                                  [--content-encoding]
                                  [--content-language]
                                  [--content-type]
                                  [--encryption-scope]
                                  [--expiry]
                                  [--https-only]
                                  [--ip]
                                  [--permissions]
                                  [--policy-name]
                                  [--start]

Examples

Generate a sas token for blob container and use it to upload a blob.

end=`date -u -d "30 minutes" '+%Y-%m-%dT%H:%MZ'`
sas=`az storage container generate-sas -n mycontainer --https-only --permissions dlrw --expiry $end -o tsv`
az storage blob upload -n MyBlob -c mycontainer -f file.txt --sas-token $sas

Generate a shared access signature for the container (autogenerated)

az storage container generate-sas --account-key 00000000 --account-name mystorageaccount --expiry 2020-01-01 --name mycontainer --permissions dlrw

Generate a SAS token for a storage container. (autogenerated)

az storage container generate-sas --account-name mystorageaccount --as-user --auth-mode login --expiry 2020-01-01 --name container1 --permissions dlrw

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name or service endpoint. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--as-user

Indicates that this command return the SAS signed with the user delegation key. The expiry parameter and '--auth-mode login' are required if this argument is specified.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--blob-endpoint

Storage data service endpoint. Must be used in conjunction with either storage account key or a SAS token. You can find each service primary endpoint with az storage account show. Environment variable: AZURE_STORAGE_SERVICE_ENDPOINT.

--cache-control

Response header value for Cache-Control when resource is accessed using this shared access signature.

--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--content-disposition

Response header value for Content-Disposition when resource is accessed using this shared access signature.

--content-encoding

Response header value for Content-Encoding when resource is accessed using this shared access signature.

--content-language

Response header value for Content-Language when resource is accessed using this shared access signature.

--content-type

Response header value for Content-Type when resource is accessed using this shared access signature.

--encryption-scope

A predefined encryption scope used to encrypt the data on the service.

--expiry

Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes invalid. Do not use if a stored access policy is referenced with --policy-name that specifies this value.

--https-only

Only permit requests made with the HTTPS protocol. If omitted, requests from both the HTTP and HTTPS protocol are permitted.

--ip

Specifies the IP address or range of IP addresses from which to accept requests. Supports only IPv4 style addresses.

--permissions

The permissions the SAS grants. Allowed values: (a)dd (c)reate (d)elete (e)xecute (f)ilter_by_tags (i)set_immutability_policy (l)ist (m)ove (r)ead (t)ag (w)rite (x)delete_previous_version (y)permanent_delete. Do not use if a stored access policy is referenced with --id that specifies this value. Can be combined.

--policy-name

The name of a stored access policy within the container's ACL.

--start

Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes valid. Do not use if a stored access policy is referenced with --policy-name that specifies this value. Defaults to the time of the request.

az storage container list

List containers in a storage account.

az storage container list [--account-key]
                          [--account-name]
                          [--auth-mode {key, login}]
                          [--blob-endpoint]
                          [--connection-string]
                          [--include-deleted {false, true}]
                          [--include-metadata {false, true}]
                          [--marker]
                          [--num-results]
                          [--prefix]
                          [--sas-token]
                          [--show-next-marker]
                          [--timeout]

Examples

List containers in a storage account.

az storage container list

List soft deleted containers in a storage account.

az storage container list --include-deleted

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name or service endpoint. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--blob-endpoint

Storage data service endpoint. Must be used in conjunction with either storage account key or a SAS token. You can find each service primary endpoint with az storage account show. Environment variable: AZURE_STORAGE_SERVICE_ENDPOINT.

--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--include-deleted

Specify that deleted containers to be returned in the response. This is for container restore enabled account. The default value is False.

accepted values: false, true
--include-metadata

Specify that container metadata to be returned in the response.

accepted values: false, true
--marker

A string value that identifies the portion of the list of containers to be returned with the next listing operation. The operation returns the NextMarker value within the response body if the listing operation did not return all containers remaining to be listed with the current page. If specified, this generator will begin returning results from the point where the previous generator stopped.

--num-results

Specify the maximum number to return. If the request does not specify num_results, or specifies a value greater than 5000, the server will return up to 5000 items. Note that if the listing operation crosses a partition boundary, then the service will return a continuation token for retrieving the remaining of the results. Provide "*" to return all.

default value: 5000
--prefix

Filter the results to return only blobs whose name begins with the specified prefix.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name or service endpoint. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--show-next-marker

Show nextMarker in result when specified.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container restore

Restore soft-deleted container.

Operation will only be successful if used within the specified number of days set in the delete retention policy.

az storage container restore --deleted-version
                             --name
                             [--account-key]
                             [--account-name]
                             [--auth-mode {key, login}]
                             [--blob-endpoint]
                             [--connection-string]
                             [--sas-token]
                             [--timeout]

Examples

List and restore soft-deleted container.

az storage container list --include-deleted
az storage container restore -n deletedcontainer --deleted-version deletedversion

Required Parameters

--deleted-version

Specify the version of the deleted container to restore.

--name -n

Specify the name of the deleted container to restore.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name or service endpoint. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--blob-endpoint

Storage data service endpoint. Must be used in conjunction with either storage account key or a SAS token. You can find each service primary endpoint with az storage account show. Environment variable: AZURE_STORAGE_SERVICE_ENDPOINT.

--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name or service endpoint. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container set-permission

Sets the permissions for the specified container or stored access policies that may be used with Shared Access Signatures.

The permissions indicate whether blobs in a container may be accessed publicly.

az storage container set-permission --name
                                    [--account-key]
                                    [--account-name]
                                    [--auth-mode {key, login}]
                                    [--connection-string]
                                    [--if-modified-since]
                                    [--if-unmodified-since]
                                    [--lease-id]
                                    [--public-access {blob, container, off}]
                                    [--sas-token]
                                    [--timeout]

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--if-modified-since

Commence only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--if-unmodified-since

Commence only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--lease-id

If specified, set_container_acl only succeeds if the container's lease is active and matches this ID.

--public-access

Specifies whether data in the container may be accessed publicly.

accepted values: blob, container, off
--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container show

Returns all user-defined metadata and system properties for the specified container.

The data returned does not include the container's list of blobs.

az storage container show --name
                          [--account-key]
                          [--account-name]
                          [--auth-mode {key, login}]
                          [--connection-string]
                          [--lease-id]
                          [--sas-token]
                          [--timeout]

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--lease-id

If specified, get_container_properties only succeeds if the container's lease is active and matches this ID.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

az storage container show-permission

Gets the permissions for the specified container.

The permissions indicate whether container data may be accessed publicly.

az storage container show-permission --name
                                     [--account-key]
                                     [--account-name]
                                     [--auth-mode {key, login}]
                                     [--connection-string]
                                     [--lease-id]
                                     [--sas-token]
                                     [--timeout]

Required Parameters

--name -n

The container name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--lease-id

If specified, get_container_acl only succeeds if the container's lease is active and matches this ID.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.