Azure Blob Storage Destination
  • 17 Apr 2023
  • 1 Minute to read
  • PDF

Azure Blob Storage Destination

  • PDF

Article summary

Azure Blob Storage, an object storage service offered by Azure, is one of many delivery destinations that Bobsled supports. Bobsled will transfer the data to a Bobsled-managed destination Azure Blob Storage and grant permissions to the Azure application(s) that are configured in the destination section of a given share. The permissions granted allow each Azure application to perform read and copy operations on the Bobsled-managed destination container. 

Set up an Azure Blob Storage Destination

To learn how to Configure an Azure Blob Storage destination in Bobsled, please visit: Configure an Azure Blob Storage Destination

Authorization

To access deliveries made to the Bobsled-managed container, you will need to configure Bobsled to grant an Azure application with read access to the Bobsled-managed destination container. There are two types of Azure applications that you may configure to gain access to the container: Bobsled-managed application or Consumer managed application. To learn more about Azure applications used within Bobsled please visit: Account Access Identifiers in Azure


Bobsled-managed Application

You are able to create up to 100 client secrets or "passwords" for the Azure application principal in order to access the data. Using the credentials of the Bobsled-managed service principal, the consumer is able to list the contents of the container and generate a Shared Access Token to copy the data to their own container. 


Consumer-managed Application

When using a consumer-managed application, you will be required to provide its associated application (client) ID. Bobsled will grant your application access to the Bobsled-managed destination container that is present in Bobsled's AD tenant. Using the credentials of the consumer-managed application, the consumer is able to list the contents of the container and generate a Shared Access Token to copy the data to their own container. 


Bobsled grants the following permissions to all Azure applications that are granted access to the data in the share:

  • Storage Blob Data Reader
    • Read and list Azure Storage containers and blobs
  • Storage Blob Delegator 
    • Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials.



Was this article helpful?