You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/common/storage-configure-connection-string.md
+13-10Lines changed: 13 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ author: jimmart-dev
7
7
8
8
ms.service: storage
9
9
ms.topic: how-to
10
-
ms.date: 01/23/2023
10
+
ms.date: 01/24/2023
11
11
ms.author: jammart
12
12
ms.reviewer: nachakra
13
13
ms.subservice: common
@@ -27,15 +27,14 @@ To learn how to view your account access keys and copy a connection string, see
27
27
28
28
## Store a connection string
29
29
30
-
Your application needs to access the connection string at runtime to authorize requests made to Azure Storage. You have several options for storing your connection string:
30
+
Your application needs to access the connection string at runtime to authorize requests made to Azure Storage. You have several options for storing your account access keys or connection string:
31
31
32
+
- You can store your account keys securely in Azure Key Vault. For more information, see [About Azure Key Vault managed storage account keys](../../key-vault/secrets/about-managed-storage-account-keys.md).
32
33
- You can store your connection string in an environment variable.
33
-
- An application running on the desktop or on a device can store the connection string in an **app.config** or **web.config** file. Add the connection string to the **AppSettings** section in these files.
34
-
- An application running in an Azure cloud service can store the connection string in the [Azure service configuration schema (.cscfg) file](/previous-versions/azure/reference/ee758710(v=azure.100)). Add the connection string to the **ConfigurationSettings** section of the service configuration file.
34
+
- An application can store the connection string in an **app.config** or **web.config** file. Add the connection string to the **AppSettings** section in these files.
35
35
36
-
Storing your connection string in a configuration file makes it easy to update the connection string to switch between the [Azurite storage emulator](../common/storage-use-azurite.md) and an Azure storage account in the cloud. You only need to edit the connection string to point to your target environment.
37
-
38
-
You can use the [Microsoft Azure Configuration Manager](https://www.nuget.org/packages/Microsoft.Azure.ConfigurationManager/) to access your connection string at runtime regardless of where your application is running.
36
+
> [!WARNING]
37
+
> Storing your account access keys or connection string in clear text presents a security risk and is not recommended. Store your account keys in an encrypted format, or migrate your applications to use Azure AD authorization for access to your storage account.
39
38
40
39
## Configure a connection string for Azurite
41
40
@@ -131,11 +130,15 @@ AccountKey=<account-key>;
131
130
EndpointSuffix=core.chinacloudapi.cn;
132
131
```
133
132
134
-
## Parsing a connection string
133
+
## Authorizing access with Shared Key
134
+
135
+
To learn how to authorize access to Azure Storage with the account key or with a connection string, see one of the following articles:
-[Authorize access and connect to Blob Storage with .NET](../blobs/storage-blob-dotnet-get-started.md?tabs=account-key#authorize-access-and-connect-to-blob-storage)
138
+
-[Authorize access and connect to Blob Storage with Java](../blobs/storage-blob-java-get-started.md?tabs=account-key#authorize-access-and-connect-to-blob-storage)
137
139
138
140
## Next steps
139
141
140
-
-[Use the Azurite emulator for local Azure Storage development](storage-use-azurite.md)
142
+
-[Use the Azure Identity library to get an access token for authorization](identity-library-acquire-token.md)
141
143
-[Grant limited access to Azure Storage resources using shared access signatures (SAS)](storage-sas-overview.md)
144
+
-[Use the Azurite emulator for local Azure Storage development](storage-use-azurite.md)
Copy file name to clipboardExpand all lines: includes/storage-account-key-note-include.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: storage
5
5
author: tamram
6
6
ms.service: storage
7
7
ms.topic: "include"
8
-
ms.date: 11/17/2022
8
+
ms.date: 01/24/2023
9
9
ms.author: tamram
10
10
ms.custom: "include file"
11
11
---
@@ -17,4 +17,6 @@ Your storage account access keys are similar to a root password for your storage
17
17
> [!IMPORTANT]
18
18
> Microsoft recommends using Azure Active Directory (Azure AD) to authorize requests against blob, queue, and table data if possible, rather than using the account keys (Shared Key authorization). Authorization with Azure AD provides superior security and ease of use over Shared Key authorization.
19
19
>
20
-
> To protect an Azure Storage account with Azure AD Conditional Access policies, you must disallow Shared Key authorization for the storage account. For more information about how to disallow Shared Key authorization, see [Prevent Shared Key authorization for an Azure Storage account](../articles/storage/common/shared-key-authorization-prevent.md).
20
+
> To prevent users from accessing data in your storage account with Shared Key, you can disallow Shared Key authorization for the storage account. Disallowing Shared Key access is recommended as a security best practice. For more information, see [Prevent Shared Key authorization for an Azure Storage account](../articles/storage/common/shared-key-authorization-prevent.md).
21
+
>
22
+
> To protect an Azure Storage account with Azure AD Conditional Access policies, you must disallow Shared Key authorization for the storage account.
0 commit comments