use Service Principal when reading azure blob

Question

i followed the tutorial (below *) and now have a Service Principal . How can i use this Service Principal when reading a blob using Get-AzureStorageBlob ? Get-AzureStorageBlob requires a New-AzureStorageContext , can i use the SP instead of the StorageAccountKey guid? Thanks,Peter

• https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/

Answer 1

As far as I know, you cannot use a SPN for accessing items in blob storage. You will need to use the access keys or SAS tokens.

Answer 2

Recently, Azure has added an option to Manage access rights to Azure Storage data with RBAC. You need to add one of the built-in RBAC roles scoped to the storage account to your service principal.

• Storage Blob Data Contributor (Preview)
• Storage Blob Data Reader (Preview)

Then, if you want to use the AzureCLI to access the Blob Storage with a Service Principal

1. Log in with a service principal

   $ az login --service-principal --tenant contoso.onmicrosoft.com -u http://azure-cli-2016-08-05-14-31-15 -p VerySecret \
   

2. Enable the preview extension

   $ az extension add -n storage-preview
   

3. Use --auth-mode parameter with your AzureCLI command

   $ az storage blob download --account-name storagesamples --container sample-container --name myblob.txt --file myfile.txt --auth-mode login
   

For more information please see:

Manage access rights to Azure Storage data with RBAC (Preview)

Use an Azure AD identity to access Azure Storage with CLI or PowerShell (Preview)