Prepare the storage
The STRM Privacy Data Connector for Azure Blob Storage currently supports Client Secret Credentials. It is recommended to create a new Application with Service Principal, including a client secret.
Next, assign the
Storage Blob Data Contributor role to this service principal, specifically for
the container created earlier. You can do that for example from the
Access Control (IAM) menu
of the container in the Azure Portal.
To create a data connector for your Blob Storage Container, you will need the following details:
- The full URI of your storage account (excluding container name), for example
- Your tenant ID.
- The client (application) ID of the Azure AD application used to access the container.
- The client secret of the service principal used to authenticate with the AAD application.
Create the data connector
An Azure Blob Storage Data Connector can be created with the following command, providing a name, the container name, and the other required flags:
strm create data-connector azure-blob-storage azure strmprivacy-export-demo \
--storage-account-uri "https://foo.blob.core.windows.net" \
--tenant-id "<your tenant ID>" \
--client-id "<the app client ID>" \
--client-secret "<the service principal's secret>"
This will create a data connector named
azure for the container
using the provided client secret credentials.