I want to create SAS token to download a blob stored in container in azure storage. I can easily generate SAS token using shared credential but this requires storage access key. How can I generate sas token using managed Identity.
credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)
sasQueryParams, err := azblob.BlobSASSignatureValues{
Protocol: azblob.SASProtocolHTTPS,
ExpiryTime: time.Now().UTC().Add(4 * time.Hour),
ContainerName: containerName,
BlobName: blobName,
Permissions: azblob.BlobSASPermissions{Add: false,
Read: true, Write: false}.String(),
}.NewSASQueryParameters(credential)
You can generate it by using
DefaultAzureCredential
and the properaccess
to that blob in the storage container.Connect to the storage account by using the Azure AD credentials of Default Azure Credential class.
Sample Code:
And re-check the delegated access is there or not for that blob. So, we don't use any access key and connection string for this.
Thanks to
@Anupam Maiti
for this Article, please refer this for step-by-step procedure.