This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Azure Files: Link

!!!! General restrictions: Azure Storage is not a traditional file system but an object storage service. What appears to be a folder is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To move a folder, you must copy all the objects to the new location and then delete them from the original one.

!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:
• file.core.windows.net or file.privatelink.core.windows.net
• blob.core.windows.net, blob.core.chinacloudapi.cn or blob.privatelink.core.windows.net

1. Azure File Share
#

CrushFTP supports Microsoft Azure Shares as a VFS item, it requires a Storage Account: Storage account overview Link. More Info: Azure File Share Link

The URL should follow this structure (replace the placeholders with your actual values):

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/

You can find the required details in the Azure Portal. Navigate to your Storage Account, then select Access keys from the left-hand menu to view the credentials.



Provide the Storage Account name as the Username, and the Access key as the Password in the VFS item’s Properties section.



When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:

There is an input field for the file service share: Share Name

2. Azure Blob Container
#

CrushFTP supports Azure Blobs(https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction) as VFS item, it requires a Storage Account: https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview.
Azure Blob Storage is not like a normal filesystem with folders and deeper levels you can go into.  It's more like S3 where a file’s name contains slashes, which simulate a folder structure but with many limitations when it comes to renaming and truly simulating a normal file system. Folder rename is not supported.

The URL should look like this (Replace the URL with your corresponding data!):

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/

Data Lake storage Gen2: More info on the official website: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction.
Turn on the flag if the storage type is the data lake. It connects through Azure Blob Storage REST API https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api.
(This is not Azure Data Lake Storage Gen2 REST API: https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2)

When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:

To specify the blob container use the input field: Share Name

You need to select the blob type (append blob or block blobs - page blobs are not supported) specified when creating the blob on Azure.

3. SAS token
#

Azure also can delegate access with a shared access signature (SAS) https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview.
In this case, the URL should look like:

azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/

Or

azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/

The password field should be empty and put the SAS token to the "Shared access signature token" input field.

4. Authorize access to blobs using Microsoft Entra ID
#

Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory)

You will start at the Microsoft Azure portal:
https://azure.microsoft.com/en-us/features/azure-portal/

Application registration: Go to the App registrations and click on New registration:



Name it. Select the Microsoft account types. The redirect URL must end with "register_microsoft_graph_api/". Then click on register.

http://localhost:9090/register_microsoft_graph_api/

Under the redirect URL configuration enable the Access Token to be issued by the authorization endpoint:



Configure the API permissions:





On your Storage Account at Access Control (IAM) assign the role "Storage Account Contributor" and "Storage Blob Data Contributor" to the specified user.

Restriction: It only works with blob storage.



Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At User Delegation Settings click the "Get Refresh Token" button.




Client id : You can find it at Azure portal -> App Registration -> Overview:



Secret key: A new client secret also needs to be created. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret.





Sign in as the specified Microsoft user grant access, and obtain the refresh token.



!!!Provide the storage account name as the "User name" input field.

To get a newly created SAS token for your storage, you need to run the following job example: CrushTaskExample18