New-AzureStorageBlobSASToken

Generates a SAS token for an Azure storage blob.

Important

Because Az PowerShell modules now have all the capabilities of AzureRM PowerShell modules and more, we'll retire AzureRM PowerShell modules on 29 February 2024.

To avoid service interruptions, update your scripts that use AzureRM PowerShell modules to use Az PowerShell modules by 29 February 2024. To automatically update your scripts, follow the quickstart guide.

Syntax

New-AzureStorageBlobSASToken
   [-Container] <String>
   [-Blob] <String>
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzureStorageBlobSASToken
   -CloudBlob <CloudBlob>
   -Policy <String>
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzureStorageBlobSASToken
   -CloudBlob <CloudBlob>
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzureStorageBlobSASToken
   [-Container] <String>
   [-Blob] <String>
   -Policy <String>
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzureStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.

Examples

Example 1: Generate a blob SAS token with full blob permission

PS C:\>New-AzureStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd

This example generates a blob SAS token with full blob permission.

Example 2: Generate a blob SAS token with life time

PS C:\> $StartTime = Get-Date
PS C:\> $EndTime = $startTime.AddHours(2.0)
PS C:\> New-AzureStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime

This example generates a blob SAS token with life time.

Parameters

-Blob

Specifies the storage blob name.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CloudBlob

Specifies the CloudBlob object. To obtain a CloudBlob object, use the Get-AzureStorageBlob cmdlet.

Type:Microsoft.WindowsAzure.Storage.Blob.CloudBlob
Aliases:ICloudBlob
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-Container

Specifies the storage container name.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Context

Specifies the storage context.

Type:IStorageContext
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExpiryTime

Specifies when the shared access signature expires.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FullUri

Indicates that this cmdlet return the full blob URI and the shared access signature token.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IPAddressOrRange

Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Permission

Specifies the permissions for a storage blob. It is important to note that this is a string, like rwd (for Read, Write and Delete).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Policy

Specifies an Azure Stored Access Policy.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Protocol

Specifies the protocol permitted for a request. The acceptable values for this parameter are:

  • HttpsOnly
  • HttpsOrHttp The default value is HttpsOrHttp.
Type:Nullable<T>[Microsoft.WindowsAzure.Storage.SharedAccessProtocol]
Accepted values:HttpsOnly, HttpsOrHttp
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StartTime

Specifies the time at which the shared access signature becomes valid.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.WindowsAzure.Storage.Blob.CloudBlob

IStorageContext

Outputs

String