# Azure integration methods

## Integration methods <a href="#shared_access_signature_configuration" id="shared_access_signature_configuration"></a>

After creating the storage account and a blob container, you can integrate them using one of two methods — **access keys** or a **shared access signature** (**SAS**):

1. **Access keys** provide full administrative access to your storage account, allowing any operation. They are suitable for scenarios requiring complete control but must be handled carefully due to their high level of access.
2. A **shared access signature** (**SAS**) offers more granular control, allowing access to specific resources for a limited time with restricted permissions. This method is ideal for scenarios where you need to grant a temporary access to clients or applications without exposing primary keys, enhancing security and flexibility in managing storage resources.

***

## SAS configuration <a href="#shared_access_signature_configuration" id="shared_access_signature_configuration"></a>

Minimal required permissions to configure **Azure Blob Storage** for use with:

1. Allowed services:
   1. **Blob**
2. Allowed resource types:
   1. **Container**
   2. **Objects**
3. Allowed permissions:
   1. **Read**
   2. **Write**
   3. **Delete**
   4. **List**

{% hint style="warning" %}
To use replication tasks when granting permissions, these permissions **must** either be full or extended with **Add** and **Create**.
{% endhint %}

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-e13e40e3c910d300080e155f88b4a3baebb71b7d%2Fimage%20(336).png?alt=media" alt=""><figcaption><p><em>Example of correct permissions for <strong>Azure Blob Storage</strong>.</em></p></figcaption></figure>

4. Allowed permissions for replication:

* [x] **Read**
* [x] **Write**
* [x] **Delete**
* [x] **List**
* [x] **Add**
* [x] **Create**

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-148d65ff8b2197c7413502bf30adf77cee7a03ef%2Fimage%20(337).png?alt=media" alt=""><figcaption><p><em>Example of correct replication permissions for <strong>Azure Blob Storage</strong>.</em></p></figcaption></figure>

***

## Generating the connection string <a href="#the_connection_string_generation" id="the_connection_string_generation"></a>

### <mark style="background-color:blue;">Generating the connection string with the specified permissions</mark>

1. Login to the **Azure** portal as an administrator.
2. Select the storage account and click **Shared Access Signature** in the **Settings** tab.
3. Select the permissions described in the [SAS configuration](#shared_access_signature_configuration-1) section of this article.
4. Click **Generate SAS and connection string**.

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-c8c855ec0d25d9b77f52ed60ed95f703d2c1de34%2Fimage%20(810).png?alt=media" alt=""><figcaption></figcaption></figure>

5. For setting up the blob storage, you will need the connection string:

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-0f5688c35336602ff843a64e0a5161e069e3fa06%2Fimage%20(338).png?alt=media" alt=""><figcaption></figcaption></figure>

### <mark style="background-color:blue;">Generating the connection string with the full permission</mark>

1. Login to the **Azure** portal as an administrator.
2. Select the storage account.
3. Go to **Access keys** under the **Security + networking** menu section.

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-c7fd551cc4f349cf06236cdb5a6706045a2eee38%2Fimage%20(340).png?alt=media" alt=""><figcaption></figcaption></figure>

4. For setting up the blob storage, you will need the connection string:

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-d8ceebd599dab9ffa6857debfafb900a65b730d3%2Fimage%20(806).png?alt=media" alt=""><figcaption></figcaption></figure>

***

## Useful links and items

{% embed url="<https://learn.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy>" %}

{% embed url="<https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview>" %}