In today’s cloud-driven world, data accessibility and security go hand in hand.
Organizations need to share files easily — but without compromising security.
In this guide, I’ll walk you through how I:
Created an Azure storage container
Created a file share
Uploaded files to both locations
Generated a Shared Access Signature (SAS) token for secure, time-bound file access
Rotated access keys to revoke file access instantly
Each step is paired with a screenshot for easy follow-along.
Scenario
An Azure Admin asked me to:
Set up storage resources for** file sharing**.
Provide secure, limited-time access to files.
Ensure there’s a way to revoke access instantly when needed.
This is critical for security compliance and operational efficiency in any organization.
tep 1: Create a Storage Container
Log in to the Azure Portal.
Search for Storage accounts and open your storage account *storagethatbringpeace *(linked to the resource group guided-project-rg).
Under Data storage, select Containers.
Click + Add container.
Name it storage-container and click Create.
Step 2: Upload a File to the Storage Container
Open the storage-container you created.
Click **Upload **and select a **file **from your local machine.
Click **Upload **again to confirm.
Step 3: Change the File’s Access Tier
Click the **uploaded **file name.
Select** Change tier.**
Choose **Cold **and click Save.
Step 4: Create a File Share
In storagethatbringpeace, go to File shares.
Click + File share.
Name it** file-share.**
Under the Backup tab, uncheck Enable backup.
Click Review + create and then Create.
Once created, click Upload and choose your file.
Step 5: Generate a Shared Access Signature (SAS) Token
In your storage account, select Storage browser.
Expand Blob containers and open storage-container.
Click the** three dots** next to your file and select Generate SAS.
Set:
Signing method: Account key
Signing key: Key 1
Permissions: Read
Allowed protocols: HTTPS only
Click *Generate SAS token and URI.
*
Copy the Blob SAS URL and open it in a new browser tab — your file should display.
Step 6: Rotate Access Keys to Revoke Access
In your storage account, go to Access keys under Security + networking.
For Key 1, select Rotate **key and **confirm.
Refresh the browser tab with your SAS link — you should now see an Authentication failed error.
Final Outcome
By completing these steps, I:
Set up secure file storage in Azure
Controlled access with SAS tokens
Revoked access instantly using key rotation
Why This Matters
In real-world scenarios:
Storage containers and file shares allow flexible file distribution.
SAS tokens give temporary, controlled access to files without exposing full storage credentials.
Key rotation is a fast, effective way to revoke access when a link is compromised or no longer needed.
For organizations, this approach balances usability and security — ensuring data remains accessible to the right people for the right amount of time.
]azure storage container tutorial, azure file share, azure sas token, azure key rotation, secure file sharing in azure, azure blob storage, azure storage account security, azure storage guide, azure storage best practices