How to set up Azure Storage for Gravity Azure Database Destinations
This is not a comprehensive guide to Azure Storage. Please refer to Microsoft's official documentation for that
Gravity relies on Azure Storage for all of it's Azure Database Destinations and uses Shared Access Signatures (SAS) for authentication. We also recommend creating a separate Container in your Azure Storage account for Gravity to use.
Remember though, shared access signatures do expire. It's your responsibility to refresh the expired signatures in your Azure Storage account. That includes updating any Azure Database Destinations you set up in Gravity that use it, and other dependencies like database scoped credentials.
Gravity Azure Destinations (including Microsoft SQL Server) do not currently support Azure Data Lake Storage Gen2, partly due to known limitations
- 2.From the left portal menu, select Storage accounts to display a list of your storage accounts
- 3.On the Storage accounts page, select Create
- The important options for Gravity to access the storage account are in the Advanced tab:
- Enable storage account key access: enable
- Enable hierarchical namespace: disable
- 4.From the left menu, select Containers under the Data storage heading and click + Container from the top menu
- 5.Enter a name for the Container and click Create
- 6.Click the 3 dots next to the newly created Container and then click Generate SAS
- The important options for Gravity are:
- Signing method: Account key
- Permissions: Read, Create, Write, List
- 7.Set a Start and expiry date/time
- 9.Click Generate SAS token and URL
The Shared Access Signature and Storage account URL should now be displayed. Copy and save them both to a safe place.
No. User delegated SAS tokens have a very short lifespan (7 days maximum) that require an Azure AD user with additional, higher level security roles and permissions to create. That means any Gravity Azure Destinations you have set up would need to be updated with a new SAS token more often, as well any dependencies like database scoped credentials.
That does not mean other SAS token types are insecure though. To find out more, please read through Microsoft's official documentation.