Set-​Azure​Key​Vault​Managed​Storage​Sas​Definition

Sets a Shared Access Signature (SAS) definition with Key Vault for a given Key Vault managed Azure Storage Account.

Syntax

Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-ApiVersion <String>]
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Permission <String[]>
   [-Protocol <String>]
   -ResourceType <String[]>
   -Service <String[]>
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   -Blob <String>
   [-Confirm]
   -Container <String>
   [-Disable]
   [-IPAddressOrRange <String>]
   -Permission <String[]>
   [-Protocol <String>]
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   -Blob <String>
   [-Confirm]
   -Container <String>
   [-Disable]
   [-IPAddressOrRange <String>]
   -Policy <String>
   [-Protocol <String>]
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   -Container <String>
   [-Disable]
   [-IPAddressOrRange <String>]
   -Permission <String[]>
   [-Protocol <String>]
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   -Container <String>
   [-Disable]
   [-IPAddressOrRange <String>]
   -Policy <String>
   [-Protocol <String>]
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-EndPartitionKey <String>]
   [-EndRowKey <String>]
   [-IPAddressOrRange <String>]
   -Permission <String[]>
   [-Protocol <String>]
   [-StartPartitionKey <String>]
   [-StartRowKey <String>]
   -Table <String>
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-EndPartitionKey <String>]
   [-EndRowKey <String>]
   [-IPAddressOrRange <String>]
   -Policy <String>
   [-Protocol <String>]
   [-StartPartitionKey <String>]
   [-StartRowKey <String>]
   -Table <String>
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Path <String>
   -Permission <String[]>
   [-Protocol <String>]
   -Share <String>
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Permission <String[]>
   [-Protocol <String>]
   -Share <String>
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Permission <String[]>
   [-Protocol <String>]
   -Queue <String>
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   -ValidityPeriod <TimeSpan>
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Path <String>
   -Policy <String>
   [-Protocol <String>]
   -Share <String>
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Policy <String>
   [-Protocol <String>]
   -Share <String>
   [-SharedAccessHeader <String[]>]
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Confirm]
   [-Disable]
   [-IPAddressOrRange <String>]
   -Policy <String>
   [-Protocol <String>]
   -Queue <String>
   [-Tag <Hashtable>]
   [-TargetStorageVersion <String>]
   [-WhatIf]
   [<CommonParameters>]
Set-AzureKeyVaultManagedStorageSasDefinition
   [-VaultName] <String>
   [-AccountName] <String>
   [-Name] <String>
   [-Parameter] <Hashtable>
   [-Confirm]
   [-Disable]
   [-Tag <Hashtable>]
   [-WhatIf]
   [<CommonParameters>]

Description

Sets a Shared Access Signature (SAS) definition with a given Key Vault managed Azure Storage Account. This also sets a secret which can be used to get the SAS token per this SAS definition. SAS token is generated using these parameters and the active key of the Key Vault managed Azure Storage Account.

Examples

Example 1 : Set an ad hoc service Blob sas definition

PS C:\> Set-AzureKeyVaultManagedStorageSasDefinition -Blob 'blob1' -Container 'container1' -VaultName 'vault1' -AccountName 'account1' -Name 'sas1' -ValidityPeriod ([System.Timespan]::FromDays(30)) -Permission Read,Add -SharedAccessHeader CacheControl,ContentDisposition -Protocol HttpsOnly -IPAddressOrRange '168.1.5.60-168.1.5.70'

Sets an ad hoc service blob sas definition 'sas1' with key vault managed storage account 'account1' in vault 'vault1'.

Example 2 : Set an ad hoc account sas definition

PS C:\> Set-AzureKeyVaultManagedStorageSasDefinition -Service Blob,File -ResourceType Container,Service -VaultName 'vault1' -AccountName 'account1' -Name 'sas1' -Protocol HttpsOrHttp -IPAddressOrRange '168.1.5.60' -ValidityPeriod ([System.Timespan]::FromDays(30)) -Permission Read,Add

Sets an ad hoc blob sas definition 'sas1' with key vault managed storage account 'account1' in vault 'vault1'.

Example 3 : Set a sas definition using a hashtable

PS C:\> Set-AzureKeyVaultManagedStorageSasDefinition -VaultName vault1 -AccountName account1 -Name sas1 -Parameter @{"sasType"="blob";"signedVersion"="2016-05-31";"signedProtocols"="https";"signedIp"="168.1.5.60-168.1.5.70";"validityPeriod"="P30D";"signedPermissions"="ra";"blobName"="blob1";"containerName"="container1";"rscd"="";"rscc"=""}

Sets an ad hoc blob sas definition 'sas1' with key vault managed storage account 'account1' in vault 'vault1' using a hashtable.

Required Parameters

-AccountName

Key Vault managed storage account name. Cmdlet constructs the FQDN of a managed storage account name from vault name, currently selected environment and manged storage account name.

Type:String
Aliases:StorageAccountName
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Blob

Blob Name

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Container

Container Name

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Storage sas definition name. Cmdlet constructs the FQDN of a storage sas definition from vault name, currently selected environment, storage account name and sas definition name.

Type:String
Aliases:SasDefinitionName
Position:2
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Parameter

Sas definition parameters that will be used to create the sas token.

Type:Hashtable
Position:3
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Path

Path to the cloud file to generate sas token against.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Permission

Permission. Values include 'Query','Add','Update','Process'

Type:String[]
Parameter Sets:Add, Create, Delete, List, Process, Read, Query, Update, Write
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Policy

Policy Identifier

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Queue

Queue Name

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceType

Resource types that this SAS token applies to. Values include 'Service','Container','Object'

Type:String[]
Parameter Sets:Service, Container, Object
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Service

Service types that this SAS token applies to. Values include 'Blob','File','Queue','Table'

Type:String[]
Parameter Sets:Blob, File, Queue, Table
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Share

Share Name

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Table

Table Name

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ValidityPeriod

Validity period that will get used to set the expiry time of sas token from the time it gets generated

Type:TimeSpan
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-VaultName

Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-ApiVersion

Specifies the storage service version to use to execute the request made using the account SAS URI.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Disable

Disables the use of sas definition for generation of sas token.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EndPartitionKey

End Partition Key

Type:String
Aliases:endpk
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EndRowKey

End Row Key

Type:String
Aliases:endrk
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IPAddressOrRange

IP, or IP range ACL (access control list) of the request that would be accepted by Azure Storage.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Protocol

Protocol can be used in the request with the SAS token.

Type:String
Parameter Sets:HttpsOnly, HttpsOrHttp
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SharedAccessHeader

Specifies the query parameters to override response headers.

Type:String[]
Parameter Sets:CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StartPartitionKey

Start Partition Key

Type:String
Aliases:startpk
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StartRowKey

Start Row Key

Type:String
Aliases:startrk
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Tag

A hashtable representing tags of sas definition.

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-TargetStorageVersion

Specifies the signed storage service version to use to authenticate requests made with the SAS token.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.String

System.Collections.Generic.IDictionary`2[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Collections.Hashtable

Outputs

Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageSasDefinition