{"id":10160,"date":"2018-12-05T00:00:00","date_gmt":"2018-12-05T06:00:00","guid":{"rendered":"https:\/\/threecloud.wpengine.com\/post\/3-things-to-know-about-shared-access-signatures\/"},"modified":"2023-05-01T15:19:22","modified_gmt":"2023-05-01T20:19:22","slug":"3-things-to-know-about-shared-access-signatures","status":"publish","type":"post","link":"https:\/\/3cloudsolutions.com\/resources\/3-things-to-know-about-shared-access-signatures\/","title":{"rendered":"3 Things to Know About Shared Access Signatures"},"content":{"rendered":"<p>My topic today is Shared Access Signatures, or SAS, for accessing Azure storage.<\/p>\n<p>When working with Azure storage, the keys operate like route passwords to your storage. Because of this, they should never be stored in plain text, distributed to users or embedded in applications. In short, don\u2019t give out your account keys, use Shared Access Signatures instead.<\/p>\n<p>We can use Shared Access Signatures in two scenarios: for backup and restore operations with SQL Managed Instances and for managing storage accounts to Azure Databricks. Here are 3 things to know about SAS:<\/p>\n<p><em><strong>1. Share Access Signatures are not stored in a recoverable way with your storage account.<\/strong><\/em> A bit of a shocking experience for most. Once you generate the signature, you should copy it to a desired location or to an intermediate space such as a Notepad.<\/p>\n<p>When you close the window where you\u2019ve created the signature, you\u2019ll have to recreate it if you need it again. Microsoft does not store this signature anywhere within the platform, so it\u2019s not recoverable from that perspective. You\u2019ll need a copy of the various keys and connection strings if you plan to use that for more than one application.<\/p>\n<p><em><strong>2. Share Access Signatures protect your account keys.<\/strong><\/em> If an SAS is exposed, you can terminate it without impacting other signatures or other account keys. However, if your account key were to be compromised, all Shared Access Signatures and other applications using that account key will need to be reset. A key reason why we recommend using SAS.<\/p>\n<p><em><strong>3. Shared Access Signatures provide granular control to your storage.<\/strong><\/em> Access keys give you full rights to everything in your storage account, but with SAS you\u2019re able to limit the access capabilities of its users. You can limit capabilities such as read, write or update or to containers, plus you can timebox when the signature is valid for. This allows for temporary access to your storage account and easily managing different levels of access to folks within or outside of your organization.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/qj6_gWvoJ10\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>On last important thing to tell you is that Microsoft has Azure Active Directory Access coming for storage. As of this writing, this is in preview, but it will likely be the preferred choice for individual access in the future. If you begin working with Share Access Signatures, you\u2019ll have the opportunity to switch to Azure Active Directory to secure access to your storage for internal users when this is generally available.<\/p>\n<p>Need further help? Our expert team and solution offerings can help your business with any Azure product or service, including Managed Services offerings. Contact us at 888-8AZURE or\u00a0 <a href=\"mailto:sales@3cloudsolutions.com\">sales@3cloudsolutions.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>My topic today is Shared Access Signatures, or SAS, for accessing Azure storage. When working&mldr;<\/p>\n","protected":false},"author":22,"featured_media":9402,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[290],"tags":[],"class_list":["post-10160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-platform","topics-blog"],"acf":[],"_links":{"self":[{"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/posts\/10160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/comments?post=10160"}],"version-history":[{"count":0,"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/posts\/10160\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/media\/9402"}],"wp:attachment":[{"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/media?parent=10160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/categories?post=10160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/3cloudsolutions.com\/wp-json\/wp\/v2\/tags?post=10160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}