This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Azure Files: Link

!!!! General restrictions: Azure Storage is not a traditional file system but an object storage service. What appears to be a folder is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To move a folder, you must copy all the objects to the new location and then delete them from the original one.

!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:
• file.core.windows.net or file.privatelink.core.windows.net
• blob.core.windows.net, blob.core.chinacloudapi.cn or blob.privatelink.core.windows.net
• dfs.core.windows.net,dfs.core.chinacloudapi.cn (This applies only to the delete action when working with Data Lake Storage 2)

1. Azure File Share
#

CrushFTP supports Microsoft Azure Shares as a VFS item, it requires a Storage Account: Storage account overview Link.
More Info: Azure File Share Link

The URL should follow this structure (replace the placeholders with your actual values):

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/

You can find the required details in the Azure Portal. Navigate to your Storage Account, then select Access keys from the left-hand menu to view the credentials.



Provide the Storage Account name as the Username, and the Access key as the Password in the VFS item’s Properties section.



When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly:

There is an input field specifically for the file service share, labeled Share Name.

2. Azure Blob Container
#

CrushFTP supports Azure Blobs (Introduction to Azure Blob Storage Link) as VFS item, it requires a Storage Account: Storage account overview Link.

The URL should follow this structure (replace the placeholders with your actual values):

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/

azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/

Data Lake storage Gen2: More info on the official website: Data Lake Storage Introduction Link.
Turn on the flag if the storage type is the data lake. It connects using the Azure Blob Storage REST API ( More info: Blob Service REST API Link), but does not support the Azure Data Lake Storage Gen2 REST API. (More info: Azure Data Lake Storage Gen2 REST API Link)

When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly:

To specify the Blob Container, use the Share Name input field.

You need to select the blob type (append blob or block blobs - page blobs are not supported) specified when creating the blob on Azure.

3. SAS token
#

Azure also can delegate access with a shared access signature (SAS) Storage SAS Overview Link.
In this case, the URL should look like:

azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/

Or

azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/

Please note that the URL does not include the password section.



The Password field should be left empty, and the SAS token should be entered in the Shared access signature token input field.

4. Authorize access to blobs using Microsoft Entra ID
#

Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory)

You will start at the Microsoft Azure portal:
https://azure.microsoft.com/en-us/features/azure-portal/

Application registration: Go to the App registrations and click on New registration:



Name it. Select the Microsoft account types. The redirect URL must end with "register_microsoft_graph_api/". Then click on register.

http://localhost:9090/register_microsoft_graph_api/

Under the redirect URL configuration enable the Access Token to be issued by the authorization endpoint:



Configure the API permissions:





On your Storage Account at Access Control (IAM) assign the role "Storage Account Contributor" and "Storage Blob Data Contributor" to the specified user.

Restriction: It only works with blob storage.



Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At User Delegation Settings click the "Get Refresh Token" button.




Client id : You can find it at Azure portal -> App Registration -> Overview:



Secret key: A new client secret also needs to be created. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret.





Sign in as the specified Microsoft user grant access, and obtain the refresh token.



!!!Provide the storage account name as the "User name" input field.

To get a newly created SAS token for your storage, you need to run the following job example: CrushTaskExample18