PowerShell Basics: How to Upload Files to Azure Storage
Published Apr 02 2020 12:01 AM 28.4K Views
Microsoft

In recent days there has been a push to move our team's in-person presentations online.  In some cases we've been asked to record our presentations.  Storage has quickly become an issue and so I have been investigating ways to transfer the recorded presentations to the cloud.  Now the transfer can take place via GUI however automating the transfer might be needed in future.  Luckily uploading files to Azure Storage via PowerShell is an option.  

 

Lets get started:

 

  1. Run PowerShell as Administrator
     
  2. Install the Azure PowerShell Module via the following command:
    Install-Module -Name Az -AllowClobber 
  3.  
  4. Run the following script to transfer a specified file to Azure Storage:
    $StorageURL = "https://<storagename>.blob.core.windows.net/STORAGE_CONTINER/"
    $FileName = "<filename>"
    $SASToken = "st=2020-03-10T23%3A19%3A17Z&se=2020-03-11T23%3A19%3A17Z&sp=rl&sv=2018-03-28&sr=b&sig=RANDOMCHARS"
    
    $blobUploadParams = @{
        URI = "{0}/{1}?{2}" -f $StorageURL, $FileName, $SASToken
        Method = "PUT"
        Headers = @{
            'x-ms-blob-type' = "BlockBlob"
            'x-ms-blob-content-disposition' = "attachment; filename=`"{0}`"" -f $FileName
            'x-ms-meta-m1' = 'v1'
            'x-ms-meta-m2' = 'v2'
        }
        Body = $Content
        Infile = $FileToUpload
    }
    NOTE: Be sure to replace <storagename> found in line 1 and <filename> found in line 2.

As always, please share your comments below on bettering the above script or any questions you may have.

7 Comments
Copper Contributor

Nice. But don’t teach bud habits ;). Passing a secret ($SASToken) as an parameter in URI is insecure (URI is never encrypted). $SASToken should be provided as one of the headers. Headers are encrypted by TLS.

Microsoft

Excellent catch @Tomasz Olędzki. How would you modify the script to correct this?

Copper Contributor

@Anthony BartoloOuch, docs don't mention a way how to put SAS Token in the headers of the request. Only Shared Key can be sent in the "Authorization" header. I've asked is this really secure approach: https://github.com/MicrosoftDocs/azure-docs/issues/51600.

 

Ref: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview.

Copper Contributor

@Tomasz Olędzki, I don't believe it is a real concern.

The TLS connection is established first and at a lower layer than the HTTP protocol which is build on top. The only things that could be intercepted are IP and hostname via SNI I guess.

The only concerns are: URIs might be logged by the terminating endpoint (not the case as in this case it is the Azure Storage endpoint); URIs are kept in browser's history (not the case); and URIs can be shared (not the case).

Copper Contributor

This is an awesome write-up. I'm having issues getting it working, when I run this script it acts like it works, but when I check my Azure Storage Container, I don't see anything. Is there a way to get this to output what's happening to see what I am potentially doing wrong?

Copper Contributor

It looks like last step is missed. $blobUploadParameters has been defined but have not used.

Copper Contributor

How could you tweak this for an AppendBlob? wanting to append to a file in the blob.

Also commenting on Vladrom, how do you add to this script to execute the $blobUploadParameters variable?

Thanks.

Version history
Last update:
‎Apr 02 2020 04:24 AM
Updated by: