We now recommend using the automatically generated temporary credentials from Cado. For more details, see our documentation here.
How to Create Secure Azure Credentials
To securely write to Azure, you will need to create a limited-access key called a Shared Access Signature (SAS).
Step 1: Create Blob Storage
If you haven’t already, follow this guide to Create a Blob storage container in Azure to store your data.
Step 2: Generate a Shared Access Signature (SAS)
- Go to your Azure Storage Account.
- Click on Shared Access Signature to generate credentials for writing to the storage containers.
- Uncheck permissions for Read, List, and Delete to restrict access, and then click Generate SAS.
Step 3: Generate a Shared Access Signature Using Azure Storage Explorer
You can also generate a Shared Access Signature using Azure Storage Explorer:
- Right-click the blob container you want to use and select Get Shared Access Signature.
- Specify the time period for which the credentials will be valid, and untick all permissions except for Write.
- Click Next and copy the Query String, which will be used for authentication.
Ready to Go
When you're ready for the imaging process, you should have:
- The Account Name (the account that owns the container where the access signature was generated).
- The Container Name (where the data will be stored).
- The Generated Access Signature (the query string used for authentication).
Keep this information safe, as you would with a sensitive password. Once access is no longer needed, we recommend revoking the credentials.
For additional security, we recommend setting up IP whitelisting for containers where possible. Ensure that read and list permissions are never granted, which prevents unauthorized access if the SAS token is exposed.