reqsign-azure-storage

Crates.io	reqsign-azure-storage
lib.rs	reqsign-azure-storage
version	1.0.0
created_at	2025-09-01 09:57:17.590998+00
updated_at	2025-09-01 09:57:17.590998+00
description	Signing API requests without effort.
homepage
repository	https://github.com/Xuanwo/reqsign
max_upload_size
id	1819375
size	200,981

Xuanwo (Xuanwo)

documentation

https://docs.rs/reqsign

README

reqsign-azure-storage

Azure Storage signing implementation for reqsign.

This crate provides comprehensive signing support for Azure Storage services including Blob Storage, File Storage, Queue Storage, and Table Storage.

Quick Start

use reqsign_azure_storage::{Builder, Config, DefaultLoader};
use reqsign_core::{Context, Signer};

// Create context and signer
let ctx = Context::default();
let config = Config::default()
    .account_name("mystorageaccount")
    .from_env();
let loader = DefaultLoader::new(config);
let builder = Builder::new();
let signer = Signer::new(ctx, loader, builder);

// Sign requests
let mut req = http::Request::get("https://mystorageaccount.blob.core.windows.net/container/blob")
    .body(())
    .unwrap()
    .into_parts()
    .0;

signer.sign(&mut req, None).await?;

Features

Multiple Auth Methods: Shared Key, SAS tokens, and Azure AD
All Storage Services: Blob, File, Queue, and Table storage
Managed Identity: Automatic authentication on Azure services
Flexible Configuration: Environment variables, config files, or code

Authentication Methods

1. Shared Key (Storage Account Key)

export AZURE_STORAGE_ACCOUNT_NAME=mystorageaccount
export AZURE_STORAGE_ACCOUNT_KEY=base64encodedkey==

let config = Config::default()
    .account_name("mystorageaccount")
    .account_key("base64encodedkey==");

2. SAS Token

export AZURE_STORAGE_SAS_TOKEN=sv=2021-06-08&ss=b&srt=sco&sp=rwdlacx&se=2024-12-31T23:59:59Z&...

let config = Config::default()
    .account_name("mystorageaccount")
    .sas_token("sv=2021-06-08&ss=b...");

3. Azure AD / OAuth

export AZURE_CLIENT_ID=your-client-id
export AZURE_CLIENT_SECRET=your-client-secret
export AZURE_TENANT_ID=your-tenant-id

let config = Config::default()
    .account_name("mystorageaccount")
    .client_id("client-id")
    .client_secret("client-secret")
    .tenant_id("tenant-id");

4. Managed Identity

Automatically used when running on Azure services:

// No explicit credentials needed
let config = Config::default()
    .account_name("mystorageaccount");

Storage Services

Blob Storage

// List containers
let req = http::Request::get("https://account.blob.core.windows.net/?comp=list")
    .header("x-ms-version", "2021-12-02")
    .body(())?;

// Get blob
let req = http::Request::get("https://account.blob.core.windows.net/container/blob.txt")
    .header("x-ms-version", "2021-12-02")
    .body(())?;

// Upload blob
let req = http::Request::put("https://account.blob.core.windows.net/container/blob.txt")
    .header("x-ms-version", "2021-12-02")
    .header("x-ms-blob-type", "BlockBlob")
    .body(content)?;

File Storage

// List shares
let req = http::Request::get("https://account.file.core.windows.net/?comp=list")
    .header("x-ms-version", "2021-12-02")
    .body(())?;

// Get file
let req = http::Request::get("https://account.file.core.windows.net/share/dir/file.txt")
    .header("x-ms-version", "2021-12-02")
    .body(())?;

Queue Storage

// List queues
let req = http::Request::get("https://account.queue.core.windows.net/?comp=list")
    .header("x-ms-version", "2021-12-02")
    .body(())?;

// Get messages
let req = http::Request::get("https://account.queue.core.windows.net/myqueue/messages")
    .header("x-ms-version", "2021-12-02")
    .body(())?;

Table Storage

// Query entities
let req = http::Request::get("https://account.table.core.windows.net/mytable()")
    .header("x-ms-version", "2021-12-02")
    .header("Accept", "application/json")
    .body(())?;

Examples

Check out the examples directory:

Blob storage operations - Complete blob storage examples

cargo run --example blob_storage

Credential Loading Order

The DefaultLoader tries credentials in this order:

SAS Token (if provided)
Shared Key (if provided)
Azure AD Client Credentials
Managed Identity (on Azure services)
Azure CLI credentials

Advanced Configuration

Custom Authority Host

let config = Config::default()
    .account_name("mystorageaccount")
    .authority_host("https://login.microsoftonline.com");

Specific Credential Type

// Force Shared Key only
use reqsign_azure_storage::ClientSecretLoader;

let loader = ClientSecretLoader::new(config);

License

Licensed under Apache License, Version 2.0.

Commit count: 416

reqsign-azure-storage

documentation

README

reqsign-azure-storage

Quick Start

Features

Authentication Methods

1. Shared Key (Storage Account Key)

2. SAS Token

3. Azure AD / OAuth

4. Managed Identity

Storage Services

Blob Storage

File Storage

Queue Storage

Table Storage

Examples

Credential Loading Order

Advanced Configuration

Custom Authority Host

Specific Credential Type

License

cargo fmt