PowerShell Basics: How to Upload Files to Azure Storage

Published 04-02-2020 12:01 AM 10.5K Views

In recent days there has been a push to move our team's in-person presentations online.  In some cases we've been asked to record our presentations.  Storage has quickly become an issue and so I have been investigating ways to transfer the recorded presentations to the cloud.  Now the transfer can take place via GUI however automating the transfer might be needed in future.  Luckily uploading files to Azure Storage via PowerShell is an option.  


Lets get started:


  1. Run PowerShell as Administrator
  2. Install the Azure PowerShell Module via the following command:
    Install-Module -Name Az -AllowClobber 
  4. Run the following script to transfer a specified file to Azure Storage:
    $StorageURL = "https://<storagename>.blob.core.windows.net/STORAGE_CONTINER/"
    $FileName = "<filename>"
    $SASToken = "st=2020-03-10T23%3A19%3A17Z&se=2020-03-11T23%3A19%3A17Z&sp=rl&sv=2018-03-28&sr=b&sig=RANDOMCHARS"
    $blobUploadParams = @{
        URI = "{0}/{1}?{2}" -f $StorageURL, $FileName, $SASToken
        Method = "PUT"
        Headers = @{
            'x-ms-blob-type' = "BlockBlob"
            'x-ms-blob-content-disposition' = "attachment; filename=`"{0}`"" -f $FileName
            'x-ms-meta-m1' = 'v1'
            'x-ms-meta-m2' = 'v2'
        Body = $Content
        Infile = $FileToUpload
    NOTE: Be sure to replace <storagename> found in line 1 and <filename> found in line 2.

As always, please share your comments below on bettering the above script or any questions you may have.

Senior Member

Nice. But don’t teach bud habits ;). Passing a secret ($SASToken) as an parameter in URI is insecure (URI is never encrypted). $SASToken should be provided as one of the headers. Headers are encrypted by TLS.


Excellent catch @Tomasz Olędzki. How would you modify the script to correct this?

Senior Member

@Anthony BartoloOuch, docs don't mention a way how to put SAS Token in the headers of the request. Only Shared Key can be sent in the "Authorization" header. I've asked is this really secure approach: https://github.com/MicrosoftDocs/azure-docs/issues/51600.


Ref: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview.

Senior Member

@Tomasz Olędzki, I don't believe it is a real concern.

The TLS connection is established first and at a lower layer than the HTTP protocol which is build on top. The only things that could be intercepted are IP and hostname via SNI I guess.

The only concerns are: URIs might be logged by the terminating endpoint (not the case as in this case it is the Azure Storage endpoint); URIs are kept in browser's history (not the case); and URIs can be shared (not the case).

Regular Visitor

This is an awesome write-up. I'm having issues getting it working, when I run this script it acts like it works, but when I check my Azure Storage Container, I don't see anything. Is there a way to get this to output what's happening to see what I am potentially doing wrong?

Occasional Visitor

It looks like last step is missed. $blobUploadParameters has been defined but have not used.

Version history
Last update:
‎Apr 02 2020 04:24 AM
Updated by: