Skip to main content

We now recommend using the automatically created temporary credentials generated by Cado Response. See our documentation here for more details.

Creating Secure Azure Credentials

In order to securely write to Azure, you'll need to create a limited access key called a Shared Access Signature.

Creating Blog Storage

Generating a Shared Access Signature

  • Browse to your Storage Account, and click Shared Access Signature to generate credentials to write to the Storage Containers in the Storage Account.
  • Remove the ability to Read, List or Delete files, and click Generate SAS.

Generating a Shared Access Signature with Azure Storage Explorer

  • Alternatively you can create a Shared Access Signature with the Azure Storage Explorer.
  • Right click the blob container you wish to use, and select Get Shared Access Signature.
  • Select the time period you will be using these credentials for, and untick all permissions except for Write.
  • Click Next, then Copy the Query string. This will be used for authentication

When you are ready for the imaging process you will have:

  1. The account name (the account name that owns the new or existing container and that the access signature was generated, under "storage accounts")
  2. The container name (set up to store the data)
  3. And the generated long access signature (the query string, similar to the above diagram)

We recommend that you keep this information safe. Treat this information just as you would for a sensitive password or similar. Once access is no longer required, we recommend removing access.


Where possible with containers, we recommend setting up IP whitelisting as an extra layer of security. Please ensure that read and list access are never granted. This prevents unauthorised access to the data uploaded in the case your access signature has been lost or exposed.