How to Generate an Azure SAS Token to Access Storage Accounts


VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

Azure Storage, often called Microsoft Azure Storage, is a cloud storage service offered by Microsoft as part of their Azure platform. It provides reliable data storage and retrieval at an unprecedented scale while also supporting the needs of a wide range of applications that span many different industries. Tokens can be generated to access these accounts in order to have read/write access without having to provide credentials or pay for subscriptions like Google Cloud Storage or Amazon S3 do with their APIs.

The “connect to azure blob storage using sas token” is a useful SAS token generator. It will generate a SAS token that can be used to access Azure Storage accounts.

How to Generate an Azure SAS Token to Access Storage Accounts

You may assign access to Azure resources in a few different ways. A Shared Access Signature (SAS) token is one option. A SAS token allows you to limit how a client may access Azure data. You have complete control over what resources the client can access, what permissions the client has, and how long the token is valid.

The use of an account SAS to protect Azure storage accounts is a frequent usage of SAS token.

You’ll learn how to generate an Azure SAS token using both the Azure site and PowerShell in this tutorial. You’ll have an SAS token to feed to different client commands to authenticate and authorize Azure storage management after you’re done.


This post will teach you how to accomplish a few different activities. If you want to join in, make sure you meet the following requirements.

  • A subscription to Azure. You may get a trial subscription if you don’t already have it.
  • Account for Azure Storage For further information, see Create a storage account.
  • PowerShell module for Az (optional). This is only necessary if you’re going to use PowerShell to produce Shared Access Signature tokens.
  • If you’re using PowerShell to generate an SAS token, you’ll need Windows PowerShell 5.1 or PowerShell Core 6+.

Using the Azure Portal to create an SAS Token

The Azure Portal is the most easy method to generate an SAS token. You can traverse the many choices visually using the Azure interface.

To generate a token using the Azure portal, go to the Settings section of the storage account you want to access, then choose Shared access signature. Below is an illustration of what this would look like.

SAS tokens and start/end timings may be given a variety of permissions. You’ll provide full access to this article and leave the default expiry period of eight hours. Check out the Microsoft documents for a breakdown and explanation of each permission.

As illustrated below, leave all of the default settings unchecked and click the Generate SAS and connection string button.

SAS Token generation via the Azure PortalSAS Token generation via the Azure Portal

The token will appear in the fields below the Generate SAS and connection string button after it has been produced, as seen below.

Copying the SAS token that was createdCopying the SAS token that was created

At this point, you may copy the SAS token’s value and paste it anywhere you need it.

Using PowerShell to generate an SAS Token

You may use PowerShell to generate SAS tokens for several storage accounts at once without having to enter into the Azure site. PowerShell makes calls to Azure using the REST API to create the token.

Open a PowerShell terminal and authenticate using Connect-AzAccount to generate an SAS token through PowerShell. After you’ve been authorized, look for the storage account you want to use. An example of accessing a storage account named demo account in the demo rg resource group is shown below. You’ll then provide this to the token-generation command using the value of $context.

Get-AzStorageAccount -ResourceGroupName ‘demo rg’ -AccountName ‘demo account’ $context = (Get-AzStorageAccount -ResourceGroupName ‘demo rg’ context

After you’ve located the storage account context, use the New-AzStorageAccountSASToken command to produce an SAS token. The example below explains how to create an SAS token that grants complete access to the storage account and its subcomponents.

-Context $context -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission racwdlup New-AzStorageAccountSASToken

The SAS tokens created using New-AzStorageAccountSASToken will be valid for one hour. You may use the ExpiryTime argument to prolong the time limit.

SAS Token Permissions Restrictions

Giving access to other parties for a limited period and set of rights is one reason to utilize an SAS token. In the preceding example, an SAS token with complete access rights was created. Giving complete access isn’t always the best option.

The Service argument specifies which services are accessible. Use blob to restrict access to the Azure Blob Storage service, for example. File, Table, and Queue are examples of other services.

The ResourceType argument controls which resources may be accessed. For example, using the container as a value only allows access to container resources. Other resource types that are acceptable are Service and Object.

Permissions may be defined using the Permission parameter. As required, provide one or more permissions. Giving read, write, and delete rights is the value of rwd. (l)ist, (a)dd, (u)pdate, and (p)rocess are all acceptable permission values.

The SAS Token in Action

The SAS token created may be used in a variety of ways. One of the most popular applications is in the realm of storage. A storage context is a means to “bundle” credentials and deliver them to other tasks.

A common way to use the SAS token is via PowerShell. Using the New-AzStorageContext command that’s part of the Az PowerShell module. You can see an example below The SAS Token in Action to upload a file to an existing storage container.

‘foo’ as $StorageAccountName ‘bar’ as $ContainerName Establish a storage context. ” $sasToken New-AzStorageContext = $StorageContext -SasToken $StorageAccountName $sasToken Please upload a file. Get-AzStorageContainer -Name $storageContainer -Context $ContainerName Set-AzStorage $StorageContext $storageContainer –File ‘C:file.txt’ –Blob ‘file.txt’ BlobContent


There are many methods for creating an SAS token. You learnt a few of the most prevalent methods in this post. A SAS token may be used in a variety of ways after it is produced, but the method you choose is entirely up to you.

The “azure sas token format” is a tool that can generate an Azure SAS token to access storage accounts. The tool will create a random string of characters, which will be used as the SAS token.

Related Tags

  • shared access signature example
  • generate sas token azure file share
  • azure sas token example
  • generate sas token azure blob nodejs
  • generate sas and connection string greyed out