ARTIFACTORY: Setting up Azure Blob storage with a SAS token

Ashraf Kherbawy
2023-02-27 11:11

In this article we will go over setting up Azure blob storage with Artifactory, using a SAS (Shared Access Signature) token as the authentication method, as an alternative to the regular Azure account key. 

For more information about the Azure storage template and how it generally works with Artifactory, please refer to our Azure Blob Storage official documentation.

Prior to describing on how to use the SAS token in your Azure template, It’s important to note the following:

It only works using V2 provider:

If you opt to use a SAS token as your authentication method, you will need to use the newer Azure Blob Storage V2 template, as it’s not supported on the older V1 template.

It must contain 5 specific fields:

Your SAS token must contain the following fields in the URL string (Azure reference):

  • signedVersion (sv)
  • signedResource (sr)
  • signedExpiry (se)
  • signedPermissions (sp)
  • signature (sig)

In case the SAS string doesn’t contain one of the above, we will run into an invalid token error like the following:Application could not be initialized: Invalid SAS token provided.
An example of a token that will not contain all of the above fields is a SAS token with stored access policies, the token will not contain the signedExpiry attribute.

Applying and using the SAS token:

In your Azure Binary provider template, you will need to specify the token in this format:<sasToken><![CDATA[YOUR_TOKEN]]></sasToken>
A real example with a full config:
 <config version="3">
<chain template="azure-blob-storage-v2-direct"/>
<provider type="cache-fs" id="cache-fs">
<provider id="azure-blob-storage-v2" type="azure-blob-storage-v2">