Skip to content

Commit ea7fdb0

Browse files
khdowniekhdownie
authored
Merge pull request #4 from jimmart-dev/patch-2
Update storage-account-key-note-include.md
2 parents 1af3ccf + 7d9dd2a commit ea7fdb0

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

includes/storage-account-key-note-include.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,12 @@ ms.service: storage
77
ms.topic: "include"
88
ms.date: 03/22/2023
99
ms.author: tamram
10-
ms.custom: "include file"
10+
ms.custom: "include file", engagement-fy23
1111
---
1212

1313
## Protect your access keys
1414

15-
Your storage account access keys are similar to a root password for your storage account. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Access to the shared key grants a user full access to a storage account’s configuration and its data. Access to shared keys should be carefully limited and monitored. Use SAS tokens with limited scope of access in scenarios where Azure AD based authorization can't be used. Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they might have been compromised.
15+
Storage account access keys provide full access to the configuration of a storage account, as well as the data. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Access to the shared key grants a user full access to a storage account’s configuration and its data. Access to shared keys should be carefully limited and monitored. Use SAS tokens with limited scope of access in scenarios where Azure AD based authorization can't be used. Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they might have been compromised.
1616

1717
> [!IMPORTANT]
1818
> Microsoft recommends using Azure Active Directory (Azure AD) to authorize requests against blob, queue, and table data if possible, rather than using the account keys (Shared Key authorization). Authorization with Azure AD provides superior security and ease of use over Shared Key authorization. For more information about using Azure AD authorization from your applications, see [How to authenticate .NET applications with Azure services](/dotnet/azure/sdk/authentication). For SMB Azure file shares, Microsoft recommends using on-premises Active Directory Domain Services (AD DS) integration or Azure AD Kerberos authentication.

0 commit comments

Comments
 (0)