Azure Blob Storage Access Module

This module provides different methods to access Azure Blob Storage using various authentication approaches.

Features

Multiple authentication methods:
- Connection String
- SAS Token
- Microsoft Entra ID (formerly Azure AD)
Blob download functionality
Error handling and validation

Prerequisites

Python 3.x
Azure Storage Account
Azure AD App Registration (for Entra ID authentication)

Installation

Clone the repository
Install required packages:

pip install azure-storage-blob azure-identity python-dotenv

Create a .env file with the required environment variables. You can use the .env.template file as a reference.

Configuration

Copy .env.template to .env:

cp .env.template .env

Fill in your Azure credentials in .env:

AZURE_STORAGE_URL=https://<your-storage-account>.blob.core.windows.net/
AZURE_TENANT_ID=<your-tenant-id>
AZURE_CLIENT_ID=<your-client-id>
AZURE_CLIENT_SECRET=<your-client-secret>
AZURE_CONNECTION_STRING=<your-connection-string>
AZURE_SAS_TOKEN=<your-sas-token>

Update config.py with your container name:

CONTAINER_NAME = "your-container-name"

Usage

Using Microsoft Entra ID (Recommended)

from main import EntraIDBlobStorage

# Initialize storage client
blob_storage = EntraIDBlobStorage()

# Download blob
data = blob_storage.download_blob("your-blob-name.txt")
print(data)

Using SAS Token

from main import SASBlobStorage

blob_storage = SASBlobStorage()
data = blob_storage.download_blob("your-blob-name.txt")

Using Connection String

from main import ConStrBlobStorage

blob_storage = ConStrBlobStorage()
data = blob_storage.download_blob("your-blob-name.txt")

Security Best Practices

Use Microsoft Entra ID authentication when possible
Rotate credentials regularly
Use minimum required permissions
Store sensitive credentials in Azure Key Vault in production

Service Principal Best Practices

We can use the same service principal (same client ID, client secret, and tenant ID) for accessing multiple Azure Servies. The differences lies in teh permission/policies you grant to that service principal

The best practces are:

Create one service principal for your application
Grant the minimum required permissions for each sergie it needs to access
Use teh same credentials to authenticate, but different services will check their own access policies.

Required RBAC Roles

For Microsoft Entra ID authentication, ensure your service principal has:

Storage Blob Data Reader role (minimum for reading blobs)
Reader role (for container operations)
Key Vault Administrator role (for accessing Key Vault)

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.env.template		.env.template
.gitignore		.gitignore
AddData2AISearch.py		AddData2AISearch.py
AzureOpenAI.py		AzureOpenAI.py
BlobStorageAccess.py		BlobStorageAccess.py
CreateAISearchIndex.py		CreateAISearchIndex.py
KeyVault.py		KeyVault.py
README.md		README.md
config.py		config.py
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
schema.json		schema.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Azure Blob Storage Access Module

Features

Prerequisites

Installation

Configuration

Usage

Using Microsoft Entra ID (Recommended)

Using SAS Token

Using Connection String

Security Best Practices

Service Principal Best Practices

Required RBAC Roles

License

About

Releases

Packages

Languages

namtran6701/Azure-Fundamentals

Folders and files

Latest commit

History

Repository files navigation

Azure Blob Storage Access Module

Features

Prerequisites

Installation

Configuration

Usage

Using Microsoft Entra ID (Recommended)

Using SAS Token

Using Connection String

Security Best Practices

Service Principal Best Practices

Required RBAC Roles

License

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages