@thecherrytree Thank you very much for this inquiry and suggestion. We are investigating whether the Shared Access Signature is a functional alternative to using the Shared Access Token.

@thecherrytree Here is the first issue with using the Shared Access Signature. It allows for temporary access only as it has a Start and Expiry duration which is set along with Allowed IP Addresses and Allowed protocols, before being generated:

Also, the :setvar variables of file_storage and file_storage_key are currently recognized and I see that you have pointed the new variables, FileEndpoint and SharedAccessSignature, to the existing:

FileEndpoint = file_storage
SharedAccessSignature = file_storage_key

So, have you tried generating a SAS and using that instead of an Access Key, without redirecting the variables?

Hey Mike - the documentation I've read on Shared Access Signatures indicates that you can set the expiry in a storage access policy within storage. This would enable the SAS URI to work for a very long (i.e. a year) period of time.

You can use the access policy to specify constraints for a service SAS on the container or its blobs.

What is unclear, is whether or not configuration in the tutorial can be alternatively done with a SAS instead of the storage account key. It would be preferable to use a shared access signature (constrained by a storage access policy) rather than use the storage account key. The tutorial implies that only the storage account key can be used. If this is the case, is it possible to make this configuration more flexible so that SAS can be used? If this is not the case, can you provide guidance as to how to configure this using SAS?

My example above was an attempt to more succintly indicate what would be desirable (e.g. use a SAS URI and TOKEN for the file_storage and file_storage_key) in the configuration.

As of this point, we are determining if the storage account key shows up anywhere in our logging using the current configuration. We have plans to try and use a SAS in place of the storage account key, but had doubts since that configuration alternative is not clearly outlined as a possibility.

@thecherrytree Perfect, this feedback is sufficient to request a doc-enhancement. This is not necessarily a doc-bug but brings up a great discussion point. I am assigning this to the content author to see if the SAS option can be added to the documentation, even adding that it is not supported if that is the case.

@allenwux Can this tutorial also leverage SAS? Configure replication in an Azure SQL Database managed instance database (link)

Thanks, @Mike-Ubezzi-MSFT, since this is in public preview, how would one go about requesting a feature enhancement if SAS is not supported?

@thecherrytree The Azure SQL Uservoice is the best place to make feature requests. Please post this request here. I took a quick look through for any existing related topics but did not.

@allenwux - have you had a chance to review? We'd like to raise this as a feature request with Uservoice if this is not an optional config pattern, but are planning to wait until we have an indication one way or the other.

@thecherrytree - Let me take a look and see if I can find someone who can assist on this. Thanks!

reassign:stevestein

Azure file does not support SAS key for mounting (https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows). Therefore it can't be supported.

@psongms - thanks for the response. Looks like it's called out in this section: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows#prerequisites

@thecherrytree - thanks for the feedback. As Mike indicated, Azure SQL Uservoice is the best place to make feature requests.

please-close