Ibe Okafor

How to Securely Share a Confidential Document in Azure Blob Storage Using a SAS URL

Ibe Okafor's photo
Ibe Okafor
·

2 min read

If you need to store a confidential document in Azure Blob Storage while keeping it private but also need to share it with an external user for a limited time, a Shared Access Signature (SAS) URL is the perfect solution. This guide will walk you through creating a SAS URL that grants temporary access to a file for just 5 minutes.

firstly, upload the document to azure blob storage

start by signing in to the Azure portal (portal.azure.com) and navigate to your storage account.

Create a storage container

  • In the storage account section, locate and click on the option ‘data storage’ which is highlighted in red and then click on containers also, you should see an interface that allows you to create, modify and manipulate containers, click on the button that has “+ container” it is highlighted in black in the diagram below. Give it a name, set access level to private and click on create.

After the container has been created open the container by double clicking on it and click on the upload button, select your confidential file and upload it.

Generate a SAS Token for Temporary Access

In the Azure portal, go to your ‘Storage Account’ → ‘Containers’ → ‘Your container’ → ‘Your File’.

On the storage account click on SAS (shared access signature), click on the Blob, select the resource type you would like to allow, set permissions to Read (so the user can only view/download the file), then set the expiry time to 5mins from now, you can also choose to give access to specify IP address. Finally click on Generate SAS and URL.

NB: Blob is a collection of binary data stored as a single entity and are used to store large amounts of unstructured data, such as images, audio, video, or other types of files.

copy the SAS URL which includes a token granting temporary access and then share it which the external user.

when the External User Accesses the File, the user can paste the SAS URL into their browser to download the file. After 5mins, the link will expire, and access will be denied.

In conclusion Using a SAS URL, you can securely share files in Azure Blob Storage without exposing the entire storage account. This method ensures the document remains private while allowing temporary access only when needed.

Cloud Computingcloud security