Renewing the SAS Token

by

Security Reminder

Keep your SAS URL secure! Avoid sharing it with unauthorised individuals, as anyone with the link can perform the permitted actions.

Impact of Expiry:

The SAS token will expire on the se date in the URL (e.g., se=2024-10-22T18:23:02Z).

If your SAS token expires before renewal:

  • You will lose access to the storage container.
  • Any automated processes depending on the token may fail.
  • You will need to contact Data Engineering to generate a new token.

To prevent disruptions, ensure you renew your token in advance.

If you don’t receive the renewal or lose access, contact the Data Engineering team for assistance.

Steps to Renew the SAS Token

To renew your SAS token, follow these steps:

  1. Check your existing SAS token – Locate the expiry date (se) in the URL.
  2. Request a new token – Contact the Data Engineering team if you need assistance generating a new one.
  3. Validate the new SAS token – Test the new token by attempting to access the storage container.
  4. Update dependent services – Ensure that any scripts, applications, or integrations using the old SAS token are updated.
  5. Securely store the new SAS URL – Avoid sharing it in emails or unsecured documents.

Outlook Invite for SAS Token Renewal

Data Engineering will send an Outlook invite reminder approximately 10 days before the SAS token expiry date to renew or refresh the token. This invite will also include a 3-day reminder prior to the token’s expiration.

The invite will contain:

  • Guidance on how the token was originally created.
  • Information on the use case at the time the token was issued.

Sample Outlook Reminder:

📢 Reminder: SAS Token Expiry (<myProject>)
🔔 Action Required: Review SAS Token before Wednesday, <date goes here>
Purpose: This was provided to give access for transfer of project files to a storage container
⚠️ Current SAS Token URL:
https://bmtdwhuksstrdev.blob.core.windows.net
🔑Token Permissions: Read, Write, Create, Add, List
🗓️ Action: This is an Early Reminder sent 72-hour before expiration.
🔄 Please ensure this token is reviewed and renewed as necessary before the expiry date.
🔗 Understanding the SAS URL

Security Best Practices

  • Consider using Azure Key Vault – If applicable, store and manage your SAS tokens securely.
  • Keep the SAS token confidential – Do not share it with unauthorised individuals.
  • Use the minimum necessary permissions – When generating a SAS token, limit access as much as possible.
  • Monitor token usage – Regularly review logs to ensure there are no unauthorised access attempts.

Leave a Comment