Skip to main content

Microsoft Azure Blob Storage

Prepare the storage

First, create a new Blob Storage Container from the Azure Portal or using the Azure CLI.

The STRM Privacy Data Connector for Azure Blob Storage currently supports Client Secret Credentials. It is recommended to create a new Application with Service Principal, including a client secret.

Next, assign the Storage Blob Data Contributor role to this service principal, specifically for the container created earlier. You can do that for example from the Access Control (IAM) menu of the container in the Azure Portal.

To create a data connector for your Blob Storage Container, you will need the following details:

  1. The full URI of your storage account (excluding container name), for example
  2. Your tenant ID.
  3. The client (application) ID of the Azure AD application used to access the container.
  4. The client secret of the service principal used to authenticate with the AAD application.

Create the data connector

An Azure Blob Storage Data Connector can be created with the following command, providing a name, the container name, and the other required flags:

strm create data-connector azure-blob-storage azure strmprivacy-export-demo \
--storage-account-uri "" \
--tenant-id "<your tenant ID>" \
--client-id "<the app client ID>" \
--client-secret "<the service principal's secret>"
"ref": {
"name": "azure",
"projectId": "30fcd008-9696-...."
"azureBlobStorageContainer": {
"storageAccountUri": "",
"containerName": "strmprivacy-export-demo"

This will create a data connector named azure for the container strmprivacy-export-demo, using the provided client secret credentials.