Restrict Shared Access Signatures with Azure Stored Access Policy

Security is not a product but a process ~Bruce Schneier

What is a stored access policy?

Let’s start with, why do need a stored access policy in the first place. We can give access to storage accounts by sharing keys directly. But this gives full access to all the services in that storage account.

We can try to provision a more granular level of access on a service level and specific permissions with shared access signatures or SAS. These SAS keys are signed by storage