Azure Blob Storage
Type: state.azure.blobstorage
Status: stable
Reference: https://docs.dapr.io/reference/components-reference/supported-state-stores/setup-azure-blobstorage/
Example
apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
name: <name>
spec:
type: state.azure.blobstorage
version: v2
metadata:
# Shared access policy connection string for Blob Storage.
- name: connectionString
value: "BlobEndpoint=https://storagesample.blob.core.windows.net;SharedAccessSignature={KeySig}"
# The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist.
- name: containerName
value: "container"
# Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions. (Optional)
#- name: disableEntityManagement
# value: "false"
# Optional custom endpoint URL. This is useful when using the Azurite emulator or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (http:// or https://), the IP or FQDN, and optional port. (Optional)
#- name: endpoint
# value: "http://127.0.0.1:10000"
# Prefix added to keys in the state store. (Optional)
#- name: keyPrefix
# value: "appid"
# Indicates whether data in the container may be accessed publicly and the level of access. (Optional)
#- name: publicAccessLevel
# value: "none"
# Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure. (Optional)
#- name: retryCount
# value: "3"
Authentication profiles
Available authentication profiles:
-
Connection string
-
Account Key
-
Azure AD: Client credentials
-
Azure AD: Client certificate
Connection string
Authenticate using a connection string.
connectionString
Required - Shared access policy connection string for Blob Storage.
Example value: BlobEndpoint=https://storagesample.blob.core.windows.net;SharedAccessSignature={KeySig}
Account Key
Authenticate using a pre-shared "account key".
accountKey
Required - The key to authenticate to the Storage Account.
Example value: my-secret-key
accountName
Required - The storage account name
Example value: mystorageaccount
Azure AD: Client credentials
Authenticate using Azure AD with client credentials, also known as "service principals".
accountName
Required - The storage account name
Example value: mystorageaccount
azureClientId
Required - Client ID (application ID)
Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b
azureClientSecret
Required - Client secret (application password)
Example value: Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E
azureTenantId
Required - ID of the Azure AD tenant
Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a
azureEnvironment
Optional name for the Azure environment if using a different Azure cloud
Default value: AzurePublicCloud
Example value: AzurePublicCloud
Allowed values:
-
AzurePublicCloud
-
AzureChinaCloud
-
AzureUSGovernmentCloud
Azure AD: Client certificate
Authenticate using Azure AD with a client certificate. "azureCertificate" is required.
accountName
Required - The storage account name
Example value: mystorageaccount
azureClientId
Required - Client ID (application ID)
Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b
azureTenantId
Required - ID of the Azure AD tenant
Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a
azureCertificate
Certificate and private key (in either a PEM file containing both the certificate and key, or in PFX/PKCS#12 format)
Example value:
-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY-----
\n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE----- \n
azureCertificatePassword
Password for the certificate if encrypted.
Example value: password
azureEnvironment
Optional name for the Azure environment if using a different Azure cloud
Default value: AzurePublicCloud
Example value: AzurePublicCloud
Allowed values:
-
AzurePublicCloud
-
AzureChinaCloud
-
AzureUSGovernmentCloud
Metadata
containerName
Required - The name of the container to be used for Dapr state. The container will be created for you if it doesn't exist.
Example value: container
disableEntityManagement
(bool)
Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions.
Default value: false
Example value: true
endpoint
(string)
Optional custom endpoint URL. This is useful when using the Azurite emulator or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (http:// or https://), the IP or FQDN, and optional port.
Example value: http://127.0.0.1:10000
keyPrefix
(string)
Prefix added to keys in the state store.
Default value: appid
Example value: appid
Allowed values:
-
appid
-
name
-
none
Documentation: https://docs.dapr.io/developing-applications/building-blocks/state-management/howto-share-state/
publicAccessLevel
(string)
Indicates whether data in the container may be accessed publicly and the level of access.
Default value: none
Example value: none
Allowed values:
-
none
-
blob
-
container
retryCount
(number)
Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure.
Default value: 3
Example value: 3