BlobStorage delegationToken

Create a user delegation SAS token

This tool demonstrates how to generate a User Delegation SAS (Shared Access Signature) token for an Azure Blob using Azure Active Directory (Azure AD) authentication. A SAS token grants limited access to Azure Storage resources without exposing your storage account key.

How to get this tool to work:

Create a Storage Account
Create a storage account in Azure (default name: clouddebuggerstorage).
Create a Blob Container
In your storage account, create a blob container (default name: clouddebugger).
Upload a Blob
Upload a blob (default name: MyBlob.txt) into the container for testing purposes.
Assign Roles to the Cloud Debugger
The tool requires specific roles to access the storage account. Assign one of the following roles at the storage account level to the identity running this tool:
- Contributor
- Storage Account Contributor
- Storage Blob Data Contributor
- Storage Blob Data Owner
- Storage Blob Data Reader
- Storage Blob Delegator
To assign a role, navigate to the Access Control (IAM) section of your storage account in the Azure Portal, and add a role assignment to the cloud debugger identity.
Generate the SAS Token
Once the tool successfully runs, a SAS token will be generated. You can append this token to the blob URL to gain secure, time-limited access to the blob.

Example format for the Blob URL with the SAS token:
https://clouddebuggerstorage.blob.core.windows.net/clouddebugger/MyBlob.txt?<SASToken>

BlobStorage delegationToken

Create a user delegation SAS token

How to get this tool to work:

Resources

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally