azcopy loginazcopy login

登录到 Azure Active Directory 以访问 Azure 存储资源。Logs in to Azure Active Directory to access Azure Storage resources.


登录到 Azure Active Directory 以访问 Azure 存储资源。Log in to Azure Active Directory to access Azure Storage resources.

若要获得访问 Azure 存储帐户的授权,必须在存储帐户、父资源组或父订阅的上下文中为用户帐户分配“存储 Blob 数据参与者”角色。 To be authorized to your Azure Storage account, you must assign the Storage Blob Data Contributor role to your user account in the context of either the Storage account, parent resource group or parent subscription.

此命令会通过 OS 内置机制缓存当前用户的已加密登录信息。This command will cache encrypted login information for current user using the OS built-in mechanisms.

有关详细信息,请参阅示例。Please refer to the examples for more information.


如果使用命令行设置环境变量,则可以在命令行历史记录中读取该变量。If you set an environment variable by using the command line, that variable will be readable in your command line history. 请考虑从命令行历史记录中清除包含凭据的变量。Consider clearing variables that contain credentials from your command line history. 若要防止变量出现在历史记录中,可以使用脚本提示用户输入凭据,并设置环境变量。To keep variables from appearing in your history, you can use a script to prompt the user for their credentials, and to set the environment variable.

azcopy login [flags] --aad-endpoint


将默认的 AAD 租户 ID 设置为常用 ID,以交互方式登录:Log in interactively with default AAD tenant ID set to common:

azcopy login --aad-endpoint

使用指定的租户 ID 以交互方式登录:Log in interactively with a specified tenant ID:

azcopy login --tenant-id "[TenantID]" --aad-endpoint

使用虚拟机 (VM) 的系统分配标识登录:Log in by using the system-assigned identity of a Virtual Machine (VM):

azcopy login --identity --aad-endpoint

使用 VM 的用户分配标识和服务标识的客户端 ID 登录:Log in by using the user-assigned identity of a VM and a Client ID of the service identity:

azcopy login --identity --identity-client-id "[ServiceIdentityClientID]" --aad-endpoint

使用 VM 的用户分配标识和服务标识的对象 ID 登录:Log in by using the user-assigned identity of a VM and an Object ID of the service identity:

azcopy login --identity --identity-object-id "[ServiceIdentityObjectID]" --aad-endpoint

使用 VM 的用户分配标识和服务标识的资源 ID 登录:Log in by using the user-assigned identity of a VM and a Resource ID of the service identity:

azcopy login --identity --identity-resource-id "/subscriptions/<subscriptionId>/resourcegroups/myRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myID" --aad-endpoint

使用客户端机密以服务主体身份登录。Log in as a service principal using a client secret. 将环境变量 AZCOPY_SPA_CLIENT_SECRET 设置为客户端机密,以便进行基于机密的服务主体身份验证。Set the environment variable AZCOPY_SPA_CLIENT_SECRET to the client secret for secret based service principal auth.

azcopy login --service-principal --aad-endpoint

使用证书和密码以服务主体身份登录。Log in as a service principal using a certificate and password. 将环境变量 AZCOPY_SPA_CERT_PASSWORD 设置为证书的密码,以便进行基于证书的服务主体授权。Set the environment variable AZCOPY_SPA_CERT_PASSWORD to the certificate's password for cert-based service principal authorization.

azcopy login --service-principal --certificate-path /path/to/my/cert --aad-endpoint

确保将 /path/to/my/cert 作为 PEM 或 PKCS12 文件的路径处理。Make sure to treat /path/to/my/cert as a path to a PEM or PKCS12 file. AzCopy 不会到系统证书存储中获取你的证书。AzCopy does not reach into the system cert store to obtain your certificate.

进行基于证书的服务主体身份验证时,--certificate-path 是必需的。--certificate-path is mandatory when doing cert-based service principal auth.


选项Option 说明Description
--aad-endpoint--aad-endpoint 要使用的 Azure Active Directory 终结点。The Azure Active Directory endpoint to use. 默认值 ( 适用于公共 Azure 云。The default ( is correct for the public Azure cloud. 在国家云中进行身份验证时设置此参数。Set this parameter when authenticating in a national cloud. 请参阅 Azure AD 身份验证终结点See Azure AD authentication endpoints.
托管服务标识不需要此标志。This flag is not needed for Managed Service Identity.
--application-id string--application-id string 用户分配标识的应用程序 ID。Application ID of user-assigned identity. 服务主体身份验证所需。Required for service principal auth.
--certificate-path string--certificate-path string 用于 SPN 身份验证的证书的路径。Path to certificate for SPN authentication. 基于证书的服务主体身份验证所需。Required for certificate-based service principal auth.
-h、--help-h, --help 显示 login 命令的帮助内容。Show help content for the login command.
--identity--identity 使用虚拟机的标识(也称托管服务标识 (MSI))登录。log in using virtual machine's identity, also known as managed service identity (MSI).
--identity-client-id string--identity-client-id string 用户分配标识的客户端 ID。Client ID of user-assigned identity.
--identity-object-id string--identity-object-id string 用户分配标识的对象 ID。Object ID of user-assigned identity.
--identity-resource-id string--identity-resource-id string 用户分配标识的资源 ID。Resource ID of user-assigned identity.
--service-principal--service-principal 使用证书或机密通过 SPN(服务主体名称)登录。Log in via SPN (Service Principal Name) by using a certificate or a secret. 客户端机密或证书密码必须置于相应的环境变量中。The client secret or certificate password must be placed in the appropriate environment variable. 键入 AzCopy env 即可查看环境变量的名称和说明。Type AzCopy env to see names and descriptions of environment variables.
--tenant-id string--tenant-id string Azure Active Directory 目录 ID,用于 OAuth 设备交互式登录。the Azure active directory tenant ID to use for OAuth device interactive login.

从父命令继承的选项Options inherited from parent commands

选项Option 说明Description
--cap-mbps uint32--cap-mbps uint32 以兆位/秒为单位限制传输速率。Caps the transfer rate, in megabits per second. 瞬间吞吐量可能与上限略有不同。Moment-by-moment throughput might vary slightly from the cap. 如果此选项设置为零,或者省略,则吞吐量不受限制。If this option is set to zero, or it is omitted, the throughput isn't capped.
--output-type string--output-type string 命令输出的格式。Format of the command's output. 选项包括:text、json。The choices include: text, json. 默认值为“text”。The default value is "text".

另请参阅See also