TEXAS A&M UNIVERSITY
Azure Blob Storage Commands
Audience: Developers and System Administrators.
Purpose: Reference commands for transferring files to Azure Blob Storage.
Overview
Azure Blob Storage is used for storing unstructured data such as backups, logs, and file archives. This guide covers common AzCopy commands for automated file transfers.
Prerequisites
| Requirement | Description |
|---|---|
| AzCopy | Download from Microsoft |
| Service Principal | Application ID and client secret |
| Tenant ID | 68f381e3-46da-47b9-ba57-6f322b8f0da1 |
Authentication
Azure CLI Login
az acr login --name profilename
Service Principal Login (Bash)
# Set the client secret as environment variable
export AZCOPY_SPA_CLIENT_SECRET="your-secret-here"
# Login with service principal
azcopy login --service-principal \
--application-id [ApplicationID] \
--tenant-id=68f381e3-46da-47b9-ba57-6f322b8f0da1
Service Principal Login (PowerShell)
# Set the client secret
$env:AZCOPY_SPA_CLIENT_SECRET = "your-secret-here"
# Or using set command
set AZCOPY_SPA_CLIENT_SECRET=your-secret-here
# Login with service principal
./azcopy login --service-principal `
--application-id [ApplicationID] `
--tenant-id=68f381e3-46da-47b9-ba57-6f322b8f0da1
Common Operations
Copy Single File
azcopy copy 'test.txt' 'https://storageaccount.blob.core.windows.net/container/test.txt'
Sync Directory
Synchronize a local folder with a blob container (one-way sync):
./azcopy sync "C:\localpath\folder\" `
"https://storageaccount.blob.core.windows.net/container/folder" `
--recursive=false
Recursive Option
Set --recursive=true to include subdirectories.
PowerShell Script Template
Save as upload-to-blob.ps1:
# Azure Blob Upload Script
# Prerequisites: azcopy.exe in current directory or PATH
# Configuration
$applicationId = "[your-application-id]"
$tenantId = "68f381e3-46da-47b9-ba57-6f322b8f0da1"
$storageAccount = "storageaccount"
$container = "container"
$localPath = "C:\localpath\folder\"
$remotePath = "folder"
# Set secret (retrieve from secure store in production)
$env:AZCOPY_SPA_CLIENT_SECRET = "your-secret-here"
# Login
./azcopy login --service-principal `
--application-id $applicationId `
--tenant-id $tenantId
# Sync files
./azcopy sync $localPath `
"https://$storageAccount.blob.core.windows.net/$container/$remotePath" `
--recursive=true
Security Best Practices
Credential Security
Never hardcode secrets in scripts. Use:
- Azure Key Vault for secret storage
- Environment variables from secure CI/CD systems
- Managed identities when running in Azure
| Practice | Description |
|---|---|
| Rotate secrets | Regularly rotate service principal credentials |
| Least privilege | Grant only required permissions to storage account |
| Audit logging | Enable Azure Storage analytics for access logs |
| Network restrictions | Use private endpoints or firewall rules |