| title | titleSuffix | description | author | ms.service | ms.topic | ms.date | ms.author | ms.reviewer | ms.devlang | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|
Create a service SAS for a container with Python |
Azure Storage |
Learn how to create a service shared access signature (SAS) for a container using the Azure Blob Storage client library for Python. |
pauljewellmsft |
azure-blob-storage |
how-to |
06/09/2023 |
pauljewell |
nachakra |
python |
devx-track-python, devguide-python, engagement-fy23 |
[!INCLUDE storage-dev-guide-selector-service-sas-container]
[!INCLUDE storage-auth-sas-intro-include]
This article shows how to use the storage account key to create a service SAS for a container with the Blob Storage client library for Python.
A service SAS is signed with the storage account access key. A service SAS delegates access to a resource in a single Azure Storage service, such as Blob Storage.
You can also use a stored access policy to define the permissions and duration of the SAS. If the name of an existing stored access policy is provided, that policy is associated with the SAS. To learn more about stored access policies, see Define a stored access policy. If no stored access policy is provided, the code examples in this article show how to define permissions and duration for the SAS.
You can create a service SAS to delegate limited access to a container resource using the following method:
The storage account access key used to sign the SAS is passed to the method as the account_key argument. Allowed permissions are passed to the method as the permission argument, and are defined in the ContainerSasPermissions class.
The following code example shows how to create a service SAS with read permissions for a container resource:
:::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob_devguide_create_sas.py" id="Snippet_create_service_sas_container":::
The following code example shows how to use the service SAS created in the earlier example to authorize a ContainerClient object. This client object can be used to perform operations on the container resource based on the permissions granted by the SAS.
:::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob_devguide_create_sas.py" id="Snippet_use_service_sas_container":::
To learn more about using the Azure Blob Storage client library for Python, see the following resources.
[!INCLUDE storage-dev-guide-resources-python]