Is azCopy command supported for using mTLS?
We are considering using azCopy command to permit clients to copy files to Azure Blob Storage. The transport layer security must use mTLS.
The following command from https://learn.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-login, looks like it should achieve mTLS connection. However, it requires the client to use service principal in addition to a client cert. We cannot use service principal.
azcopy login --service-principal --certificate-path /path/to/my/cert --application-id <your service principal's application ID>
Am I correct that mTLS works with this command, however a service principal must also be used? Any thoughts on how I can achieve mTLS communication without need of service principal?
Am I correct that mTLS works with this command, however a service principal must also be used? Any thoughts on how I can achieve mTLS communication without need of service principal?
Yes, you are correct that the azCopy login command supports mTLS, but it requires the use of a service principal in addition to the client certificate. This is because the service principal is used for authentication and authorization purposes while the client certificate is used for secure communication.
However, if you cannot use a service principal, you may consider or alternate approach using other Azure tools or libraries that support mTLS without the need for a service principal.
You can use Python-sdk to authenticate with mTLS using only a client certificate.
Code:
from azure.storage.blob import BlobServiceClient
from azure.core.credentials import AzureSasCredential
# Specify the path to your client certificate
client_cert_path = "<your certificate path>"
# Specify the URL of your Azure Blob Storage account
account_url = "https://<storageaccount name>.blob.core.windows.net"
path="<your files path>"
# Create a BlobServiceClient with mTLS authentication using the client certificate
credential = AzureSasCredential("<?sastoken>")
blob_service_client = BlobServiceClient(account_url=account_url, credential=credential, transport_type="mtls", client_cert_path=client_cert_path)
# Use the BlobServiceClient to perform operations on your Blob Storage container
container_client = blob_service_client.get_container_client("test3")
blob_client = container_client.get_blob_client("sample.html")
with open(path, "rb") as data:
blob_client.upload_blob(data)
Portal:
Reference:
azure.storage.blob.BlobServiceClient class | Microsoft Learn
- How to Minimize Egress Costs in Azure for Public Open Data Sharing
- Azure SAS token always not authenticated when use by not whitelist IP
- 400 XML specified is not syntactically valid
- Azure ShareClient: This request is not authorized to perform this operation
- Generating SAS account token in powershell
- When generating a ADLS SAS token, specifying the path causes an authorization failure
- ADLS Rest API - Getting directory list using a SAS token from directory not container?
- Microsoft.Bot.Builder.Azure doesn't contain type or namespace 'AzureTableStorage'
- Read image path from file share and store in table storage Azure
- Running .NET 6 project in Docker throws Globalization.CultureNotFoundException
- How to change the Lease state of Azure Blob to Available
- Azure Run Command Error: The string is missing the terminator: "
- Secure access to Azure storage account from only app service, database server and specific Internet address
- Azure Storage Monitoring Total capacity problem
- How to connect an Azure Share to a Windows Drive Letter
- Error when python program reads a file from an Azure fileshare: "Signature did not match. String to sign used was r..."
- Connecting to an Azure Virtual Network from PC
- Azure-sdk-for-cpp parallelism
- Statistics on Hot, Cool, and Archive Azure Storage
- How can I use Azurite in a command line application?
- Is there a way to mount Azure File Share on Web App via Key Vault Reference using Bicep?
- disabling azure classic storage account diagnostics
- Azure Redis import: "Not Found. There was no storage account called '<redacted>' in the Azure region 'Brazil South'"
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Azure Storage Account: File Access Denied while being connected to a VNet via P2S VPN
- list files and folders inside an azure DataLake storage Gen2 container using SAS at a directory level
- Is there a way to deploy a azure function directly to a storage account with private endpoint
- How to use Azurite with Visual Studio 2022?
- Error when viewing parquet file in Azure Data Factory
- How do I serialize a .NET object into Azure Blob Storage without using a temporary file?