Authorize access to blobs with AzCopy & Azure Active Directory | Microsoft Docs
There are several options to authenticate with Azure Active Directory when using AzCopy. This article is to cover using Active Directory Service Principles to authenticate to Azure with AzCopy. Other options include using certificates, system or user managed identities.
Go to Azure Active Directory in the Azure Portal
Click on App Registrations
Click New Registration
Click Register
Make note of the Directory (tenant) ID and Application ID as this will be used in the AZCopy login parameters.
Click Add a certificate or secret
Click New client secret
Choose the amount of time for the client secret to expire. 6 months is the default.
Click Add at the bottom. (24 months is the max)
Click the Add button.
Make note of the value as this will not be visible later.
Create an environment variable with the secret value. Using the below method will not place the value in the history of PowerShell/Windows Terminal.
$env:AZCOPY_SPA_CLIENT_SECRET=”$(Read-Host -prompt “Enter key”)”
Paste in the Value key and hit return.
You can also manually add the key to Environment Variables.
Allow access to the storage account with the service principle, or other users.
Add the service principle to the storage account container IAM/RBAC roles.
Click Access Control (IAM)
Then click +Add for the service principle that was created above AZcopyTransfers.
Click Review and Assign.
Download AZCopy https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
.\azcopy login –service-principal –application-id 6f1fe065-662c-xxxx-xxxx-xxxxxxxxxxxx –tenant-id=66212ded-ca18-xxxx-xxxx-xxxxxxxxxxxx
AzCopy – azcopy | Microsoft Docs
- Full directory and sub directories – using the –recursive parameter.
.\azcopy copy “c:\temp\” “https:// pigottlabsazcopydemo.blob.core.windows.net/ demo ” –recursive
- Copy individual file
.\azcopy copy “c:\temp\vs_enterprise__2b9eab1d4c4946c6a7a894898ac0a173a.exe” “https://pigottlabsazcopydemo.blob.core.windows.net/demo”
