Access keys are used to authenticate client applications when making requests to this Azure storage account
Store your access keys securely i.e. Azure Key Vault
Regenerating your access keys regularly is recommended
Two access keys are provided so that you can maintain connections using one key while regenerating the other
Get aceess key and connection string
Go to Azure portal > Resource groups > Select storage account
“Settings” section > Access keys
Shared access signature
A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources
You can provide a shared access signature to clients who should not be trusted with your storage account key but whom you wish to delegate access to certain storage account resources
By distributing a shared access signature URI to these clients, you grant them access to a resource for a specified period of time
An account-level SAS can delegate access to multiple storage services (i.e. blob, file, queue, table)
Why to use SAS?
Access keys are root/administrator, while SAS keys allow for:
Available for blob containers, file shares, queues, tables
Encryption
Azure Storage encrypts your data as it’s written in our datacenters, and automatically decrypts it for you as you access it
By default, data in the storage account is encrypted using Microsoft-managed keys
After enabling Storage Service Encryption, only new data will be encrypted, and any existing files in this storage account will retroactively get encrypted by a background encryption process
Use can store your own encryption key in Azure KeyVault and use that key