Search code examples
azurepowershellazure-secrets

Access Azure container files using Azure Vault Secrets


I have the script to list the container files using the SAS token, But in our organization, they have stored this SAS token in the Azure vault and shared the read access with us. We are not able to view the SAS token from the vault instead we can use the vault secret name.

Please help to list the container files using Azure vault Secrets.

 $ContainerSAS = "sas*******"
 $StorageAccountName = "trialstorageaccount3"
 $ContainerName = "trialcontainer1"
 $Blob1Name = "AdventureWorksLT2019.bak"
 $TargetFolderPath = "D:\Anand\Downloads\HTC\DATA\AzureBlob\"
    
 $context = New-AzureStorageContext -StorageAccountName $StorageAccountName -SASToken $ContainerSAS
    
 $blobs = Get-AzureStorageBlob -Container $ContainerName -Context $context
    
 foreach($blob in $blobs) {
     Write-Host $blob.Name
     # New-Item -ItemType Directory -Force -Path $destination_path
     # Get-AzureStorageBlobContent -Container $ContainerName -Blob $blob.Name -Destination $TargetFolderPath -Context $context
 }

Solution

  • You can use the PowerShell script below to list the blobs inside the container. In the script below Storage context will be created using the secret value that is stored in the keyvault.

    $ContainerName="<containerName>"
    $StorageAccountName = "<storageAccountName>"
    $secretName="<KeyVaultSecretnName>"
    $KeyvaultName="<KeyVaultName>"
    
    $secret = Get-AzKeyVaultSecret -VaultName $KeyvaultName -Name $secretName -AsPlainText #Pull the secret value from keyvault and Stored in secret variable as plaintext format
    
    $context= New-AzStorageContext -StorageAccountName $StorageAccountName -SasToken $secret
    
    Get-AzStorageBlob -Container $ContainerName -Context $context | select -Property Name,ContentType
    

    I have tested the above PowerShell Script and it is working from our end . I would suggest you to check the same from your end as well.