Azure Storage - Part 3
This is final part 3 of Azure Storage Service. We talked about it in earlier articles Part 1 and Part 2.
Azure Storage API
Azure Storage provides a REST API to work with the
containers and data stored in each account. There are independent APIs
available to work with each type of data you can store.
·
Blobs for
unstructured data such as binary and text files.
·
Queues for
persistent messaging.
·
Tables for
structured storage of key/values.
·
Files for
traditional SMB file shares.
Storage REST APIs are accessible from anywhere on the
Internet, by any application that can send an HTTP/HTTPS request and receive an
HTTP/HTTPS response.
For example (HTTP)
GET https://[url-for-service-account]/?comp=list&include=metadata
– This returns the data in XML format.
This requires there a lot of manual
parsing and the creation of HTTP packets to work with each API. To avoid such
cumbersome process, Azure provides pre-built client
libraries that make your life easier. The client libraries
are just a thin wrapper over the REST API. They do the same operation what you
would do if you used the web services directly.
How to connect to your Azure storage account - Through an
access key, and REST API endpoint
Security access keys
Each storage account has two unique access keys that are
used to secure the storage account. If your app needs to connect to multiple
storage accounts, then your app will require an access key for each storage
account.
The REST endpoint is a combination of your storage account
name, the data type, and a known domain. For example:
Blobs https://[storage
account name].blob.core.windows.net/
Queues https://[storage
account name].queue.core.windows.net/
Table https://[storage
account name].table.core.windows.net/
Files https://[storage
account name].file.core.windows.net/
The simplest way to handle access keys and endpoint URLs
within applications is to use storage account connection strings.
DefaultEndpointsProtocol=https;AccountName={your-storage};
AccountKey={your-access-key};
EndpointSuffix=core.windows.net
Typically, storage account connectivity information is
stored within an environment variable, database, or configuration file.
Azure Key Vault allow us to store the access key. Key Vaults
support to synchronize directly to the Storage Account and automatically rotate
the keys periodically. It provides an additional layer of security.
Storage accounts offer a separate authentication mechanism
called shared access signatures that support expiration and limited permissions
for scenarios where you need to grant limited access.
Comments
Post a Comment