DEV Community

Cover image for Managing Azure Storage: Containers, File Shares, and Security Tokens
Louis Oodo
Louis Oodo

Posted on

Managing Azure Storage: Containers, File Shares, and Security Tokens

#tutorial #cloud #azure #devchallenge

Managing Azure Storage: Containers, File Shares, and Security Tokens

Introduction

Storage is the backbone of any cloud application. In Azure, Storage Accounts provide a versatile foundation for holding everything from unstructured data like images to structured file shares for collaborative work. In this guide, we will walk through the lifecycle of data management: creating containers, uploading blobs, managing cost-efficiency through access tiers, and securing your data using Shared Access Signatures (SAS). We will also cover the critical administrative task of revoking access by rotating security keys.

Create a Storage Container

  1. Login to Microsoft Azure at https://portal.azure.com.
  2. From the Azure portal home page, in the search box, enter storage accounts.
  3. Select storage accounts under services. storage accounts

  4. Select the storage account you created in the Prepare exercise. The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.)
    storage account

  5. On the storage account blade, under the Data storage submenu, select Containers.

  6. Select + Add container.
    Containers

  7. In the Name field, enter storage-container.

  8. Select Create.
    storage-container

Great! With a storage container created, you can upload a blob to the container. Locate a picture that you can upload, either on your computer or from the internet, and save it locally to make uploading easier.

Upload a File to the Storage Container

  1. Select the storage container you just created.
    storage container

  2. Select Upload and upload the file you prepared.
    Upload

  3. Once the file is ready for upload, select Upload.
    Upload

With the file uploaded, notice that the Access tier is displayed. For something we uploaded just for testing, it doesn’t need to be assigned to the Hot access tier. In the next few steps, you’ll change the access tier for the file.

Change the Access Tier

  1. Select the file you just uploaded (the file name is a hyperlink).
    file you just uploaded

  2. Select Change tier.
    Change tier

  3. Select Cold.

  4. Select Save.
    Cold and Save

    Note: You just changed the access tier for an individual blob or file. To change the default access tier for all blobs within the storage account, you could change it at the storage account level.

  5. Select Home to return to the Azure portal home page.
    Home

Good job! You’ve successfully uploaded a storage blob and changed the access tier from Hot to Cold. Next, you’ll work with file shares.

Create a File Share

  1. From the Azure portal home page, in the search box, enter storage accounts.

  2. Select storage accounts under services.
    storage accounts

  3. Select the storage account you created earlier (associated with guided-project-rg).
    storage account

  4. On the storage account blade, under the Data storage submenu, select File shares.
    Data storage

  5. Select + File share.
    File share

  6. On the Basics tab, in the name field enter file-share.
    file-share

  7. On the Backup tab, uncheck Enable backup.

  8. Select Review + create, then select Create.
    Review + create
    Create

  9. Once the file share is created, select Upload and upload the same file or a different one.
    Upload

  10. Select Home to return to the Azure portal home page.
    Home

Create a Shared Access Signature (SAS) Token

The Azure admin wants you to use shared access tokens or keys to control access to files.

  1. From the Azure portal home page, search for and select storage accounts.
    storage account

  2. Select your storage account.
    storage account

  3. On the storage account blade, select Storage browser.

  4. Expand Blob containers. (Note: Blob container is another name for the storage containers.)

  5. Select storage-container.
    Blob containers

  6. Select the ellipses (three dots) at the end of the line for the image you uploaded and select Generate SAS.
    ellipses
    Generate SAS

  7. Set Signing method to Account key and Signing key to Key 1.

  8. Set Stored access policy to None and Permissions to Read.

  9. Enter a custom start and expiry time or leave the defaults.

  10. Set Allowed protocols to HTTPS only.

  11. Select Generate SAS token and URI.
    Generate SAS

  12. Copy the Blob SAS URL and paste it into a new browser tab. Your image should appear. Keep this tab open.
    Copy the Blob SAS URL

  13. Select Home to return to the Azure portal home page.
    Home

Rotate Access Keys

To revoke access, you need to invalidate the SAS token by rotating the key used to sign it.

  1. Navigate back to your Storage account. Storage account

Storage account

  1. Expand the Security + networking submenu and select Access keys.
    Security + networking

  2. For Key 1, select Rotate key.
    Rotate key

  3. Acknowledge the warning by selecting Yes.
    Yes

  4. Once successful, go back to the browser tab where you viewed the image via the SAS URL and refresh the page. You should receive an authentication failed error.
    authentication failed error

Conclusion

Managing Azure Storage is about balancing accessibility with security and cost. By moving data to the Cold tier, you've optimized storage costs for infrequently accessed data. By creating and then revoking a Shared Access Signature through key rotation, you have practiced a fundamental cloud security principle: ensuring that access is granted only for as long as it is needed. These skills form the basis of robust data management in any Azure-based project.

I would like to hear from you

Top comments (0)