# Azure integration methods

## Integration methods <a href="#shared_access_signature_configuration" id="shared_access_signature_configuration"></a>

After creating the storage account and a blob container, you can integrate them using one of two methods — **access keys** or a **shared access signature** (**SAS**):

1. **Access keys** provide full administrative access to your storage account, allowing any operation. They are suitable for scenarios requiring complete control but must be handled carefully due to their high level of access.
2. A **shared access signature** (**SAS**) offers more granular control, allowing access to specific resources for a limited time with restricted permissions. This method is ideal for scenarios where you need to grant a temporary access to clients or applications without exposing primary keys, enhancing security and flexibility in managing storage resources.

***

## SAS configuration <a href="#shared_access_signature_configuration" id="shared_access_signature_configuration"></a>

Minimal required permissions to configure **Azure Blob Storage** for use with:

1. Allowed services:
   1. **Blob**
2. Allowed resource types:
   1. **Container**
   2. **Objects**
3. Allowed permissions:
   1. **Read**
   2. **Write**
   3. **Delete**
   4. **List**

{% hint style="warning" %}
To use replication tasks when granting permissions, these permissions **must** either be full or extended with **Add** and **Create**.
{% endhint %}

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-e13e40e3c910d300080e155f88b4a3baebb71b7d%2Fimage%20(336).png?alt=media" alt=""><figcaption><p><em>Example of correct permissions for <strong>Azure Blob Storage</strong>.</em></p></figcaption></figure>

4. Allowed permissions for replication:

* [x] **Read**
* [x] **Write**
* [x] **Delete**
* [x] **List**
* [x] **Add**
* [x] **Create**

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-148d65ff8b2197c7413502bf30adf77cee7a03ef%2Fimage%20(337).png?alt=media" alt=""><figcaption><p><em>Example of correct replication permissions for <strong>Azure Blob Storage</strong>.</em></p></figcaption></figure>

***

## Generating the connection string <a href="#the_connection_string_generation" id="the_connection_string_generation"></a>

### <mark style="background-color:blue;">Generating the connection string with the specified permissions</mark>

1. Login to the **Azure** portal as an administrator.
2. Select the storage account and click **Shared Access Signature** in the **Settings** tab.
3. Select the permissions described in the [SAS configuration](#shared_access_signature_configuration-1) section of this article.
4. Click **Generate SAS and connection string**.

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-c8c855ec0d25d9b77f52ed60ed95f703d2c1de34%2Fimage%20(810).png?alt=media" alt=""><figcaption></figcaption></figure>

5. For setting up the blob storage, you will need the connection string:

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-0f5688c35336602ff843a64e0a5161e069e3fa06%2Fimage%20(338).png?alt=media" alt=""><figcaption></figcaption></figure>

### <mark style="background-color:blue;">Generating the connection string with the full permission</mark>

1. Login to the **Azure** portal as an administrator.
2. Select the storage account.
3. Go to **Access keys** under the **Security + networking** menu section.

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-c7fd551cc4f349cf06236cdb5a6706045a2eee38%2Fimage%20(340).png?alt=media" alt=""><figcaption></figcaption></figure>

4. For setting up the blob storage, you will need the connection string:

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2Fgit-blob-d8ceebd599dab9ffa6857debfafb900a65b730d3%2Fimage%20(806).png?alt=media" alt=""><figcaption></figcaption></figure>

***

## Useful links and items

{% embed url="<https://learn.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy>" %}

{% embed url="<https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helpcenter.gitprotect.io/storage/cloud-storage/azure-blob-storage/azure-integration-methods.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.