az keyvault storage sas-definition
Manage storage account SAS definitions.
Commands
az keyvault storage sas-definition create |
Creates or updates a new SAS definition for the specified storage account. |
az keyvault storage sas-definition delete |
Deletes a SAS definition from a specified storage account. |
az keyvault storage sas-definition list |
List storage SAS definitions for the given storage account. |
az keyvault storage sas-definition list-deleted |
Lists deleted SAS definitions for the specified vault and storage account. |
az keyvault storage sas-definition recover |
Recovers the deleted SAS definition. |
az keyvault storage sas-definition show |
Gets information about a SAS definition for the specified storage account. |
az keyvault storage sas-definition show-deleted |
Gets the specified deleted sas definition. |
az keyvault storage sas-definition update |
Updates the specified attributes associated with the given SAS definition. |
az keyvault storage sas-definition create
Creates or updates a new SAS definition for the specified storage account.
az keyvault storage sas-definition create --account-name
--name
--sas-type {account, service}
--template-uri
--validity-period
--vault-name
[--disabled {false, true}]
[--subscription]
[--tags]
Examples
Add a sas-definition for an account sas-token
$sastoken = az storage account generate-sas --expiry 2020-01-01 --permissions rw --resource-types sco --services bfqt --https-only --account-name storageacct --account-key 00000000
az keyvault storage sas-definition create --vault-name vault --account-name storageacct -n rwallserviceaccess --validity-period P2D --sas-type account --template-uri $sastoken
Add a sas-definition for a blob sas-token
$sastoken = az storage blob generate-sas --account-name storageacct --account-key 00000000 -c container1 -n blob1 --https-only --permissions rw
$url = az storage blob url --account-name storageacct -c container1 -n blob1
az keyvault storage sas-definition create --vault-name vault --account-name storageacct -n rwblobaccess --validity-period P2D --sas-type service --template-uri $url?$sastoken
Add a sas-definition for a container sas-token
$sastoken = az storage container generate-sas --account-name storageacct --account-key 00000000 -n container1 --https-only --permissions rw
$url = "https://{storage-account-name}.blob.core.windows.net/{container-name}" # The prefix of your blob url
az keyvault storage sas-definition create --vault-name vault --account-name storageacct -n rwcontaineraccess --validity-period P2D --sas-type service --template-uri $url?$sastoken
Required Parameters
Name to identify the storage account in the vault.
Name to identify the SAS definition in the vault.
The type of SAS token the SAS definition will create.
The SAS definition token template signed with the key 00000000. In the case of an account token this is only the sas token itself, for service tokens, the full service endpoint url along with the sas token. Tokens created according to the SAS definition will have the same properties as the template.
The validity period of SAS tokens created according to the SAS definition in ISO-8601, such as "PT12H" for 12 hour tokens.
Name of the Vault.
Optional Parameters
Add the storage account in a disabled state.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition delete
Deletes a SAS definition from a specified storage account.
This operation requires the storage/deletesas permission.
az keyvault storage sas-definition delete [--account-name]
[--id]
[--name]
[--subscription]
[--vault-name]
Optional Parameters
Name to identify the storage account in the vault. Required if --id is not specified.
Id of the SAS definition. If specified all other 'Id' arguments should be omitted.
Name to identify the SAS definition in the vault. Required if --id is not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Name of the Key Vault. Required if --id is not specified.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition list
List storage SAS definitions for the given storage account.
This operation requires the storage/listsas permission.
az keyvault storage sas-definition list --account-name
--vault-name
[--maxresults]
[--query-examples]
[--subscription]
Required Parameters
Name to identify the storage account in the vault.
Name of the Vault.
Optional Parameters
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition list-deleted
Lists deleted SAS definitions for the specified vault and storage account.
The Get Deleted Sas Definitions operation returns the SAS definitions that have been deleted for a vault enabled for soft-delete. This operation requires the storage/listsas permission.
az keyvault storage sas-definition list-deleted --account-name
--vault-name
[--maxresults]
[--subscription]
Required Parameters
Name to identify the storage account in the vault.
Name of the Vault.
Optional Parameters
Maximum number of results to return in a page. If not specified the service will return up to 25 results.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition recover
Recovers the deleted SAS definition.
Recovers the deleted SAS definition for the specified storage account. This operation can only be performed on a soft-delete enabled vault. This operation requires the storage/recover permission.
az keyvault storage sas-definition recover --account-name
--name
--vault-name
[--subscription]
Required Parameters
Name to identify the storage account in the vault.
Name to identify the SAS definition in the vault.
Name of the Vault.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition show
Gets information about a SAS definition for the specified storage account.
This operation requires the storage/getsas permission.
az keyvault storage sas-definition show [--account-name]
[--id]
[--name]
[--query-examples]
[--subscription]
[--vault-name]
Optional Parameters
Name to identify the storage account in the vault. Required if --id is not specified.
Id of the SAS definition. If specified all other 'Id' arguments should be omitted.
Name to identify the SAS definition in the vault. Required if --id is not specified.
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Name of the Key Vault. Required if --id is not specified.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition show-deleted
Gets the specified deleted sas definition.
The Get Deleted SAS Definition operation returns the specified deleted SAS definition along with its attributes. This operation requires the storage/getsas permission.
az keyvault storage sas-definition show-deleted --account-name
--name
--vault-name
[--subscription]
Required Parameters
Name to identify the storage account in the vault.
Name to identify the SAS definition in the vault.
Name of the Vault.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault storage sas-definition update
Updates the specified attributes associated with the given SAS definition.
This operation requires the storage/setsas permission.
az keyvault storage sas-definition update [--account-name]
[--disabled {false, true}]
[--id]
[--name]
[--sas-type {account, service}]
[--subscription]
[--tags]
[--template-uri]
[--validity-period]
[--vault-name]
Optional Parameters
Name to identify the storage account in the vault. Required if --id is not specified.
Add the storage account in a disabled state.
Id of the SAS definition. If specified all other 'Id' arguments should be omitted.
Name to identify the SAS definition in the vault. Required if --id is not specified.
The type of SAS token the SAS definition will create.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The SAS definition token template signed with the key 00000000. In the case of an account token this is only the sas token itself, for service tokens, the full service endpoint url along with the sas token. Tokens created according to the SAS definition will have the same properties as the template.
The validity period of SAS tokens created according to the SAS definition in ISO-8601, such as "PT12H" for 12 hour tokens.
Name of the Key Vault. Required if --id is not specified.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.