Skip to main content

Azure Blob Storage

Type: state.azure.blobstorage

Status: stable

Reference: https://docs.dapr.io/reference/components-reference/supported-state-stores/setup-azure-blobstorage/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
name: <name>
spec:
type: state.azure.blobstorage
version: v2
metadata:
# Shared access policy connection string for Blob Storage.
- name: connectionString
value: "BlobEndpoint=https://storagesample.blob.core.windows.net;SharedAccessSignature={KeySig}"
# The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist.
- name: containerName
value: "container"
# Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions. (Optional)
#- name: disableEntityManagement
# value: "false"
# Optional custom endpoint URL. This is useful when using the Azurite emulator or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (http:// or https://), the IP or FQDN, and optional port. (Optional)
#- name: endpoint
# value: "http://127.0.0.1:10000"
# Prefix added to keys in the state store. (Optional)
#- name: keyPrefix
# value: "appid"
# Indicates whether data in the container may be accessed publicly and the level of access. (Optional)
#- name: publicAccessLevel
# value: "none"
# Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure. (Optional)
#- name: retryCount
# value: "3"

Authentication profiles

Available authentication profiles:

  • Connection string

  • Account Key

  • Azure AD: Client credentials

  • Azure AD: Client certificate

Connection string

Authenticate using a connection string.

connectionString

Required - Shared access policy connection string for Blob Storage.

Example value: BlobEndpoint=https://storagesample.blob.core.windows.net;SharedAccessSignature={KeySig}

Account Key

Authenticate using a pre-shared "account key".

accountKey

Required - The key to authenticate to the Storage Account.

Example value: my-secret-key

accountName

Required - The storage account name

Example value: mystorageaccount

Azure AD: Client credentials

Authenticate using Azure AD with client credentials, also known as "service principals".

accountName

Required - The storage account name

Example value: mystorageaccount

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureClientSecret

Required - Client secret (application password)

Example value: Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

Azure AD: Client certificate

Authenticate using Azure AD with a client certificate. "azureCertificate" is required.

accountName

Required - The storage account name

Example value: mystorageaccount

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

azureCertificate

Certificate and private key (in either a PEM file containing both the certificate and key, or in PFX/PKCS#12 format)

Example value:

-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY-----
\n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE----- \n

azureCertificatePassword

Password for the certificate if encrypted.

Example value: password

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

Metadata

containerName

Required - The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist.

Example value: container

disableEntityManagement (bool)

Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions.

Default value: false

Example value: true

endpoint (string)

Optional custom endpoint URL. This is useful when using the Azurite emulator or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (http:// or https://), the IP or FQDN, and optional port.

Example value: http://127.0.0.1:10000

keyPrefix (string)

Prefix added to keys in the state store.

Default value: appid

Example value: appid

Allowed values:

  • appid

  • name

  • none

Documentation: https://docs.dapr.io/developing-applications/building-blocks/state-management/howto-share-state/

publicAccessLevel (string)

Indicates whether data in the container may be accessed publicly and the level of access.

Default value: none

Example value: none

Allowed values:

  • none

  • blob

  • container

retryCount (number)

Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure.

Default value: 3

Example value: 3