Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make use of Azure CLI environment variables #1833

Open
webcompas opened this issue Jun 20, 2022 · 4 comments
Open

Make use of Azure CLI environment variables #1833

webcompas opened this issue Jun 20, 2022 · 4 comments
Labels
feature request

Comments

@webcompas
Copy link

Which version of the AzCopy was used?

10.15.0

Which platform are you using? (ex: Windows, Mac, Linux)

Linux

What command did you run?

azcopy sync

What problem was encountered?

Since the command line contains the SAS token it is readable for everyone who can look into the system's process list. Of course there are options to prevent users from seeing other users' processes. But on systems managed by third-parties this isn't possible.

How can we reproduce the problem in the simplest way?

Just run an azcopy sync job and look into the process list.

Have you found a mitigation/solution?

The best solution would be to optionally make use of the Azure CLI's environment variable AZURE_STORAGE_SAS_TOKEN. This also applies to other environment variables like AZURE_STORAGE_ACCOUNT or AZURE_STORAGE_SERVICE_ENDPOINT.
@zezha-msft
Copy link
Contributor

Hi @webcompas, thanks for reaching out!

Would it be possible for you to use AAD(Azure Active Directory) instead? In other words, perform azcopy login first before invoking the copy command. AAD is safer than SAS.

@aleblanc70
Copy link

Hi @webcompas, thanks for reaching out!

Would it be possible for you to use AAD(Azure Active Directory) instead? In other words, perform azcopy login first before invoking the copy command. AAD is safer than SAS.

Can we use AAD with file share ? I know it work with Blob, AAD + file share is not supported to my knowledge... ??

@zezha-msft
Copy link
Contributor

@aleblanc70 AAD support for Azure Files is forthcoming. I can't give an exact ETA, but it should be soon.

@webcompas
Copy link
Author

Hi @webcompas, thanks for reaching out!

Would it be possible for you to use AAD(Azure Active Directory) instead? In other words, perform azcopy login first before invoking the copy command. AAD is safer than SAS.

Unfortunately I'm not that much familiar with AAD. But since this kind of authentication (SAS) is also used with similar storage services it would make it easier to interact with multiple of them.
Apart from this using environment variables makes sense since they can also be used by Azure CLI.

@marc-hb marc-hb mentioned this issue Dec 13, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@webcompas @aleblanc70 @zezha-msft @nakulkar-msft