New-AzStorageBlobSASToken
Generates a SAS token for an Azure storage blob.
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
[-BlobBaseClient <BlobBaseClient>]
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
[-BlobBaseClient <BlobBaseClient>]
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The New-AzStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.
Examples
Example 1: Generate a blob SAS token with full blob permission
PS C:\>New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwdThis example generates a blob SAS token with full blob permission.
Example 2: Generate a blob SAS token with life time
PS C:\> $StartTime = Get-Date
PS C:\> $EndTime = $startTime.AddHours(2.0)
PS C:\> New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTimeThis example generates a blob SAS token with life time.
Example 3: Generate a User Identity SAS token with storage context based on OAuth authentication
PS C:\> $ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
PS C:\> $StartTime = Get-Date
PS C:\> $EndTime = $startTime.AddDays(6)
PS C:\> New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -context $ctxThis example generates a User Identity blob SAS token with storage context based on OAuth authentication
Parameters
Specifies the storage blob name.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
BlobBaseClient Object
| Type: | BlobBaseClient |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the CloudBlob object. To obtain a CloudBlob object, use the Get-AzStorageBlob cmdlet.
| Type: | CloudBlob |
| Aliases: | ICloudBlob |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the storage container name.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the storage context. When the storage context is based on OAuth authentication, will generates a User Identity blob SAS token.
| Type: | IStorageContext |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Encryption scope to use when sending requests authorized with this SAS URI.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies when the shared access signature expires. When the storage context is based on OAuth authentication, the expire time must be in 7 days from current time, and must not be earlier than current time.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Indicates that this cmdlet return the full blob URI and the shared access signature token.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the permissions for a storage blob.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies an Azure Stored Access Policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the protocol permitted for a request. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp The default value is HttpsOrHttp.
| Type: | Nullable<T>[SharedAccessProtocol] |
| Accepted values: | HttpsOnly, HttpsOrHttp |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the time at which the shared access signature becomes valid.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |