Microsoft Azure Blob Storage
Prepare the storage
First, create a new Blob Storage Container from the Azure Portal or using the Azure CLI.
The STRM Privacy Data Connector for Azure Blob Storage currently supports Client Secret Credentials. It is recommended to create a new Application with Service Principal, including a client secret.
Next, assign the Storage Blob Data Contributor
role to this service principal, specifically for
the container created earlier. You can do that for example from the Access Control (IAM)
menu
of the container in the Azure Portal.
To create a data connector for your Blob Storage Container, you will need the following details:
- The full URI of your storage account (excluding container name), for example
https://foo.blob.core.windows.net
. - Your tenant ID.
- The client (application) ID of the Azure AD application used to access the container.
- The client secret of the service principal used to authenticate with the AAD application.
Create the data connector
An Azure Blob Storage Data Connector can be created with the following command, providing a name, the container name, and the other required flags:
strm create data-connector azure-blob-storage azure strmprivacy-export-demo \
--storage-account-uri "https://foo.blob.core.windows.net" \
--tenant-id "<your tenant ID>" \
--client-id "<the app client ID>" \
--client-secret "<the service principal's secret>"
{
"ref": {
"name": "azure",
"projectId": "30fcd008-9696-...."
},
"azureBlobStorageContainer": {
"storageAccountUri": "https://foo.blob.core.windows.net",
"containerName": "strmprivacy-export-demo"
}
}
This will create a data connector named azure
for the container strmprivacy-export-demo
,
using the provided client secret credentials.