SAS and access keys

By using an SAS, you can provide a way to grant limited access to objects and data that are stored inside your storage account to the clients that connect to it. Using an SAS, you don't have to expose your access keys to the clients.

When you create a storage account, primary and secondary access keys are created. Both of these keys can grant administrative access to your account and all the resources within it. Exposing those keys can also open your storage account to negligent or malicious use. SAS provides a safe alternative to this that will allow clients to read, write, and delete data in your storage account according to the permissions you've explicitly granted, and without the need for an account key.

In the next section, we're going to look at how to manage our access keys and how to generate an SAS for our storage account.