New-AzStorageBlobSASToken
Generates a SAS token for an Azure storage blob.
Syntax
New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
[-BlobBaseClient <BlobBaseClient>]
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
[-BlobBaseClient <BlobBaseClient>]
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The New-AzStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.
Examples
Example 1: Generate a blob SAS token with full blob permission
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwdThis example generates a blob SAS token with full blob permission.
Example 2: Generate a blob SAS token with life time
$StartTime = Get-Date
$EndTime = $startTime.AddHours(2.0)
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTimeThis example generates a blob SAS token with life time.
Example 3: Generate a User Identity SAS token with storage context based on OAuth authentication
$ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
$StartTime = Get-Date
$EndTime = $startTime.AddDays(6)
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -Context $ctxThis example generates a User Identity blob SAS token with storage context based on OAuth authentication
Parameters
-Blob
Specifies the storage blob name.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BlobBaseClient
BlobBaseClient Object
| Type: | BlobBaseClient |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-CloudBlob
Specifies the CloudBlob object. To obtain a CloudBlob object, use the Get-AzStorageBlob cmdlet.
| Type: | CloudBlob |
| Aliases: | ICloudBlob |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Container
Specifies the storage container name.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Context
Specifies the storage context. When the storage context is based on OAuth authentication, will generates a User Identity blob SAS token.
| Type: | IStorageContext |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EncryptionScope
Encryption scope to use when sending requests authorized with this SAS URI.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExpiryTime
Specifies when the shared access signature expires. When the storage context is based on OAuth authentication, the expire time must be in 7 days from current time, and must not be earlier than current time.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FullUri
Indicates that this cmdlet return the full blob URI and the shared access signature token.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IPAddressOrRange
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Permission
Specifies the permissions for a storage blob.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Policy
Specifies an Azure Stored Access Policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Protocol
Specifies the protocol permitted for a request. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp The default value is HttpsOrHttp.
| Type: | Nullable<T>[SharedAccessProtocol] |
| Accepted values: | HttpsOnly, HttpsOrHttp |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StartTime
Specifies the time at which the shared access signature becomes valid.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |