Connectors and Connections > Data Ingestion and Replication connection properties > Microsoft Azure Blob Storage V3 connection properties

Microsoft Azure Blob Storage V3 connection properties

Create a Microsoft Azure Blob Storage V3 connection to securely read data from or write data to Microsoft Azure Blob Storage.

Prepare for authentication

You can use shared key authentication or shared access signature authentication in the Microsoft Azure Blob Storage V3 connection to connect to Microsoft Azure Blob Storage.

Before you configure authentication, create a storage account to use with Microsoft Azure Blob Storage and create a blob container in the storage account. For more information on how to create a storage account and a blob container, see the Prerequisites to create a Microsoft Azure Blob Storage V3 connection Informatica How-To Library article.

Before you configure the connection properties, you also need to keep the authentication details handy based on the authentication type that you want to use.

Shared key authentication

To connect to Microsoft Azure Blob Storage using shared key authentication, you need the storage account name and account key.

1Open the storage account.
2Under Security + Networking, click Access keys.

3Click Show keys. This image displays the storage account name and account key.

4Make a note of the storage account name and account key. You can use key1 or key2.

Shared access signature

To connect to Microsoft Azure Blob Storage using shared access signature, you need to configure the minimum permissions for shared access signature authentication and generate the SAS token in the Azure portal.

You can generate the SAS token for the storage account or for the container.

•To generate the SAS token for the storage account, on the Azure portal, go to Security + Networking, and click Shared access signature.

Select the minimum permissions required for shared access signature authentication, as shown in the following image:

The image shows the minimum permissions required for shared access signature authentication. Select read, write, delete, list, and create permissions.

•To generate the SAS token for the Blob container, go to Settings of the container, and click Shared access tokens. You can use either the Account key or User delegation key signing method. If you use the User delegation key signing method, ensure that you have the Storage Blob Data Owner role for the container or the storage account.

Select the minimum permissions required for shared access signature authentication, as shown in the following image:

The image shows the minimum permissions required for shared access signature authentication.

Connect to Microsoft Azure Blob Storage V3

Let's configure the Microsoft Azure Blob Storage V3 connection properties to connect to Microsoft Azure Blob Storage.

Before you begin

Connection details

The following table describes the basic connection properties:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	Microsoft Azure Blob Storage V3
Use Secret Vault	Stores sensitive credentials for this connection in the secrets manager that is configured for your organization. This property appears only if secrets manager is set up for your organization. This property is not supported by Data Ingestion and Replication. When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured. For information about how to configure and use a secrets manager, see Secrets manager configuration.
Runtime Environment	The name of the runtime environment where you want to run tasks. Select a Secure Agent.
Account Name	Microsoft Azure Blob Storage account name.

Authentication types

You can configure shared key authentication and shared access signature authentication types to access Microsoft Azure Blob Storage.

Select the required authentication method and then configure the authentication-specific parameters.

Shared key authentication

Shared key authentication uses the storage account name and account key to connect to Microsoft Azure Blob Storage.

The following table describes the connection properties for shared key authentication:

Property	Description
Account Key	The account key for the Microsoft Azure Blob Storage account.
Container Name	The name of the blob container in the Microsoft Azure Blob Storage account.
Endpoint Suffix	Types of Microsoft Azure endpoints. Select one of the following options: - core.windows.net. Connects to Azure endpoints. - core.usgovcloudapi.net. Connects to Azure Government endpoints. - core.chinacloudapi.cn. Not applicable. Default is core.windows.net.

Shared access signature authentication

Shared access signature authentication uses the SAS token to connect to Microsoft Azure Blob Storage. Use the SAS token to grant access to the resources in the storage account or container for a specific time range without sharing the account key.

The following table describes the connection properties for shared access signature authentication:

Property	Description
SAS Token	The shared access signature token generated in the Azure portal to authenticate successfully and gain access to the Microsoft Azure Blob Storage resources.
Container Name	The name of the blob container in the Microsoft Azure Blob Storage account.
Endpoint Suffix	Types of Microsoft Azure endpoints. Select one of the following options: - core.windows.net. Connects to Azure endpoints. - core.usgovcloudapi.net. Connects to Azure Government endpoints. - core.chinacloudapi.cn. Not applicable. Default is core.windows.net.

Proxy Server Settings

If your organization uses an outgoing proxy server to connect to the Internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server.

To configure proxy settings for the Secure Agent, use one of the following methods:

•Configure the Secure Agent through the Secure Agent Manager on Windows or shell command on Linux.

For instructions, see Configure the proxy settings on Windows or Configure the proxy settings on Linux.

•Configure proxy server through the JVM options. To do this, perform the following steps:

1Log in to Informatica Intelligent Cloud Services.
2Open Administrator and select Runtime Environments.
3Select the Secure Agent for which you want to configure the proxy server.
4On the upper-right corner of the page, click Edit.
5In the System Configuration Details section, select the Type as DTM for the Data Integration Service.
6Add the following parameters in any JVMOption field and specify appropriate values for each parameter:

Parameter	Description
-DproxyEnabled=	Required. Set the value to true to enable proxy server.
-Dhttp.proxyHost=	Required. Host name of the outgoing HTTP proxy server.
-Dhttp.proxyPort=	Required. Port number of the outgoing HTTP proxy server.

Example for HTTP:

JVMOption1=-DproxyEnabled=true

JVMOption2=-Dhttp.proxyHost=<proxy_server_hostname>

JVMOption3=-Dhttp.proxyPort=8081

7Click Save.

The Secure Agent restarts to apply the settings.