Creating Secure Credentials for Azure

In order to securely write to Azure, you’ll need to create a limited access key – called a Shared Access Signature.

Video

Creating Blog Storage

If you haven’t already, create a Blob storage container for your data in Azure:

Generating a Shared Access Signature

Browse to your Storage Account, and click Shared Access Signature to generate credentials to write to the Storage Containers in the Storage Account.

Remove the ability to Read, List or Delete files, and click Generate SAS:

Generating a Shared Access Signature with Azure Storage Explorer

Alternatively you can create a Shared Access Signature with the Azure Storage Explorer.

Right click the blob container you wish to use, and select Get Shared Access Signature:

Select the time period you will be using these credentials for, and untick all permissions except for Write:

Click Next, then Copy the Query string – this will be used for authentication

So when you’re ready for the imaging process you will have:

1) The account name (the account name that owns the new or existing container and that the access signature was generated, under “storage accounts”)

2) The container name (set up to store the data)

3) And the generated long access signature (the query string, similar to the above diagram)

Security reminder

  • We recommend that you keep this information safe. Treat this information just as you would for a sensitive password or similar.
  • Once access is no longer required, we recommend removing access.
  • Where possible with containers, we recommend setting up IP whitelisting as an extra layer of security.
  • Please ensure that read and list access are never granted. This prevents unauthorised access to the data uploaded in the case your access signature has been lost or exposed.