Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-AzStorageBlobSASToken
- Module:
- Az.Storage Module
Generates a SAS token for an Azure storage blob.
Syntax
BlobNameWithPermission (Default)
New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
BlobPipelineWithPolicy
New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
-Policy <String>
[-BlobBaseClient <BlobBaseClient>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
BlobPipelineWithPermission
New-AzStorageBlobSASToken
-CloudBlob <CloudBlob>
[-BlobBaseClient <BlobBaseClient>]
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
BlobNameWithPolicy
New-AzStorageBlobSASToken
[-Container] <String>
[-Blob] <String>
-Policy <String>
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-FullUri]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.
Examples
Example 1: Generate a blob SAS token with full blob permission
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd
This example generates a blob SAS token with full blob permission.
Example 2: Generate a blob SAS token with life time
$StartTime = Get-Date
$EndTime = $startTime.AddHours(2.0)
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime
This example generates a blob SAS token with life time.
Example 3: Generate a User Identity SAS token with storage context based on OAuth authentication
$ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
$StartTime = Get-Date
$EndTime = $startTime.AddDays(6)
New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -Context $ctx
This example generates a User Identity blob SAS token with storage context based on OAuth authentication
Parameters
-Blob
Specifies the storage blob name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-BlobBaseClient
BlobBaseClient Object
Parameter properties
| Type: | BlobBaseClient |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CloudBlob
Specifies the CloudBlob object. To obtain a CloudBlob object, use the Get-AzStorageBlob cmdlet.
Parameter properties
| Type: | Microsoft.Azure.Storage.Blob.CloudBlob |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ICloudBlob |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-Container
Specifies the storage container name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Context
Specifies the storage context. When the storage context is based on OAuth authentication, will generates a User Identity blob SAS token.
Parameter properties
| Type: | IStorageContext |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzureRmContext, AzureCredential |
Parameter sets
-EncryptionScope
Encryption scope to use when sending requests authorized with this SAS URI.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ExpiryTime
Specifies when the shared access signature expires. When the storage context is based on OAuth authentication, the expire time must be in 7 days from current time, and must not be earlier than current time.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-FullUri
Indicates that this cmdlet return the full blob URI and the shared access signature token.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IPAddressOrRange
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Permission
Specifies the permissions for a storage blob.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Policy
Specifies an Azure Stored Access Policy.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Protocol
Specifies the protocol permitted for a request. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp The default value is HttpsOrHttp.
Parameter properties
| Type: | |
| Default value: | None |
| Accepted values: | HttpsOnly, HttpsOrHttp |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-StartTime
Specifies the time at which the shared access signature becomes valid.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Azure.Storage.Blob.CloudBlob
IStorageContext
Outputs
String
Related Links
Azure PowerShell
Feedback
Was this page helpful?