# Azure integration methods

## Integration methods <a href="#shared_access_signature_configuration" id="shared_access_signature_configuration"></a>

After creating the storage account and a blob container, you can integrate them using one of two methods— **access keys** or a **shared access signature** (**SAS**):

1. **Access keys** provide full administrative access to your storage account, allowing <mark style="color:$danger;">any operation</mark>. They are suitable for scenarios requiring complete control but <mark style="color:$danger;">must be handled carefully</mark> due to their high level of access.
2. A s**hared access signature** (**SAS**) offers more granular control, allowing access to specific resources for a limited time with restricted permissions. This method is ideal for scenarios where you need to grant a temporary access to clients or applications <mark style="color:$danger;">without exposing primary keys</mark>, enhancing security and flexibility in managing storage resources.

***

## SAS configuration <a href="#shared_access_signature_configuration" id="shared_access_signature_configuration"></a>

Minimal required permissions to configure **Azure Blob Storage** for use with:

1. Allowed services:

* [x] **Blob**

2. Allowed resource types:

* [x] **Container**
* [x] **Objects**

3. Allowed permissions:

* [x] **Read**
* [x] **Write**
* [x] **Delete**
* [x] **List**

{% hint style="warning" %}
To use replication tasks when granting permissions, these permissions <mark style="color:$danger;">**must**</mark> either be full or extended with **Add** and **Create**.
{% endhint %}

<figure><img src="/files/mbJaeoVRheKEIc1iTgtT" alt=""><figcaption><p><em>Example of correct permissions for <strong>Azure Blob Storage</strong>.</em></p></figcaption></figure>

4. Allowed permissions for replication:

* [x] **Read**
* [x] **Write**
* [x] **Delete**
* [x] **List**
* [x] **Add**
* [x] **Create**

<figure><img src="/files/p9MPzjHdjeLZPSgG4iov" alt=""><figcaption><p><em>Example of correct replication permissions for <strong>Azure Blob Storage</strong>.</em></p></figcaption></figure>

***

## Generating the connection string <a href="#the_connection_string_generation" id="the_connection_string_generation"></a>

#### Generating the connection string with the specified permissions:

1. Login to the **Azure** portal as an administrator.
2. Select the storage account and click **Shared Access Signature** in the **Settings** tab.
3. Select the permissions described in the [SAS configuration](#shared_access_signature_configuration-1) section of this article.
4. Click **Generate SAS and connection string**.

<figure><img src="/files/rZG2NiBFZjIkmuqU4lbD" alt=""><figcaption></figcaption></figure>

5. For setting up the blob storage, you will need the connection string:

<figure><img src="/files/IKaWCmZLirZgoF2Ssw0K" alt=""><figcaption></figcaption></figure>

#### Generating the connection string with the full permission:

1. Login to the **Azure** portal as an administrator.
2. Select the storage account.
3. Go to **Access keys** under the **Security + networking** menu section.

<figure><img src="/files/powIItzp8FBWtj3BLtK1" alt=""><figcaption></figcaption></figure>

4. For setting up the blob storage, you will need the connection string:

<figure><img src="/files/iPtfCNoLMoJeiQ9zfpUf" alt=""><figcaption></figcaption></figure>

***

## Useful links and items

{% embed url="<https://learn.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy>" %}

{% embed url="<https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helpcenter.xopero.com/xopero-one-en/storage/cloud-storage/azure-blob-storage/azure-integration-methods.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.