| type | docs | |
|---|---|---|
| title | Azure Blob Storage binding spec | |
| linkTitle | Azure Blob Storage | |
| description | Detailed documentation on the Azure Blob Storage binding component | |
| aliases |
|
To setup Azure Blob Storage binding create a component of type bindings.azure.blobstorage. See [this guide]({{% ref "howto-bindings.md#1-create-a-binding" %}}) on how to create and apply a binding configuration.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: <NAME>
spec:
type: bindings.azure.blobstorage
version: v1
metadata:
- name: accountName
value: myStorageAccountName
- name: accountKey
value: ***********
- name: containerName
value: container1
# - name: decodeBase64
# value: <bool>
# - name: getBlobRetryCount
# value: <integer>
# - name: publicAccessLevel
# value: <publicAccessLevel>
# - name: disableEntityManagement
# value: <bool>{{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{% ref component-secrets.md %}}). {{% /alert %}}
| Field | Required | Binding support | Details | Example |
|---|---|---|---|---|
accountName |
Y | Input/Output | The name of the Azure Storage account | "myexmapleaccount" |
accountKey |
Y* | Input/Output | The access key of the Azure Storage account. Only required when not using Microsoft Entra ID authentication. | "access-key" |
containerName |
Y | Output | The name of the Blob Storage container to write to | myexamplecontainer |
endpoint |
N | Input/Output | Optional custom endpoint URL. This is useful when using the Azurite emulator or when using custom domains for Azure Storage (although this is not officially supported). The endpoint must be the full base URL, including the protocol (http:// or https://), the IP or FQDN, and optional port. |
"http://127.0.0.1:10000" |
decodeBase64 |
N | Output | Configuration to decode base64 file content before saving to Blob Storage. (In case of saving a file with binary content). Defaults to false |
true, false |
getBlobRetryCount |
N | Output | Specifies the maximum number of HTTP GET requests that will be made while reading from a RetryReader Defaults to 10 |
1, 2 |
publicAccessLevel |
N | Output | Specifies whether data in the container may be accessed publicly and the level of access (only used if the container is created by Dapr). Defaults to none |
blob, container, none |
disableEntityManagement |
N | Output | Configuration to disable entity management. When set to true, the binding skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions. Defaults to false |
true, false |
The Azure Blob Storage binding component supports authentication using all Microsoft Entra ID mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of Microsoft Entra ID authentication mechanism, see the [docs for authenticating to Azure]({{% ref authenticating-azure.md %}}).
This component supports output binding with the following operations:
create: Create blobget: Get blobdelete: Delete bloblist: List blobspresign: Generate presigned SAS URL
The Blob storage component's input binding triggers and pushes events using [Azure Event Grid]({{% ref eventgrid.md %}}).
Refer to the Reacting to Blob storage events guide for more set up and more information.
To perform a create blob operation, invoke the Azure Blob Storage binding with a POST method and the following JSON body:
Note: by default, a random UUID is generated. See below for Metadata support to set the name
{
"operation": "create",
"data": "YOUR_CONTENT"
}{{< tabpane text=true >}} {{% tab "Windows" %}} On Windows, utilize cmd prompt (PowerShell has different escaping mechanism)
curl -d "{ \"operation\": \"create\", \"data\": \"Hello World\" }" http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "create", "data": "Hello World" }' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d "{ \"operation\": \"create\", \"data\": \"Hello World\", \"metadata\": { \"blobName\": \"my-test-file.txt\" } }" \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "create", "data": "Hello World", "metadata": { "blobName": "my-test-file.txt" } }' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
To upload a file, encode it as Base64 and let the Binding know to deserialize it:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: <NAME>
spec:
type: bindings.azure.blobstorage
version: v1
metadata:
- name: accountName
value: myStorageAccountName
- name: accountKey
value: ***********
- name: containerName
value: container1
- name: decodeBase64
value: trueThen you can upload it as you would normally:
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d "{ \"operation\": \"create\", \"data\": \"YOUR_BASE_64_CONTENT\", \"metadata\": { \"blobName\": \"my-test-file.jpg\" } }" http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "create", "data": "YOUR_BASE_64_CONTENT", "metadata": { "blobName": "my-test-file.jpg" } }' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
To generate a presigned SAS URL when creating a blob, include the signTTL metadata key on a create request. The SAS URL provides temporary read-only access to the blob.
Valid values for signTTL are Go duration strings (e.g. "15m", "1h", "24h").
Note: This feature requires the binding to be configured with an account key or connection string. Microsoft Entra ID authentication is not supported for SAS URL generation.
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d "{ \"operation\": \"create\", \"data\": \"Hello World\", \"metadata\": { \"blobName\": \"my-test-file.txt\", \"signTTL\": \"15m\" } }" \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "create", "data": "Hello World", "metadata": { "blobName": "my-test-file.txt", "signTTL": "15m" } }' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
The response body contains the following JSON:
{
"blobURL": "https://<your account name>.blob.core.windows.net/<your container name>/<filename>",
"presignURL": "https://<your account name>.blob.core.windows.net/<your container name>/<filename>?sv=2023-11-03&se=2024-01-01T00%3A15%3A00Z&sr=b&sp=r&sig=<signature>"
}The response body will contain the following JSON:
{
"blobURL": "https://<your account name>.blob.core.windows.net/<your container name>/<filename>"
}
To perform a get blob operation, invoke the Azure Blob Storage binding with a POST method and the following JSON body:
{
"operation": "get",
"metadata": {
"blobName": "myblob",
"includeMetadata": "true"
}
}The metadata parameters are:
blobName- the name of the blobincludeMetadata- (optional) defines if the user defined metadata should be returned or not, defaults to: false
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d '{ \"operation\": \"get\", \"metadata\": { \"blobName\": \"myblob\" }}' http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "get", "metadata": { "blobName": "myblob" }}' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
The response body contains the value stored in the blob object. If enabled, the user defined metadata will be returned as HTTP headers in the form:
Metadata.key1: value1
Metadata.key2: value2
To perform a delete blob operation, invoke the Azure Blob Storage binding with a POST method and the following JSON body:
{
"operation": "delete",
"metadata": {
"blobName": "myblob"
}
}The metadata parameters are:
blobName- the name of the blobdeleteSnapshots- (optional) required if the blob has associated snapshots. Specify one of the following two options:- include: Delete the base blob and all of its snapshots
- only: Delete only the blob's snapshots and not the blob itself
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d '{ \"operation\": \"delete\", \"metadata\": { \"blobName\": \"myblob\" }}' http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "delete", "metadata": { "blobName": "myblob" }}' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d '{ \"operation\": \"delete\", \"metadata\": { \"blobName\": \"myblob\", \"deleteSnapshots\": \"only\" }}' http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "delete", "metadata": { "blobName": "myblob", "deleteSnapshots": "only" }}' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d '{ \"operation\": \"delete\", \"metadata\": { \"blobName\": \"myblob\", \"deleteSnapshots\": \"include\" }}' http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "delete", "metadata": { "blobName": "myblob", "deleteSnapshots": "include" }}' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
An HTTP 204 (No Content) and empty body will be retuned if successful.
To perform a list blobs operation, invoke the Azure Blob Storage binding with a POST method and the following JSON body:
{
"operation": "list",
"data": {
"maxResults": 10,
"prefix": "file",
"marker": "2!108!MDAwMDM1IWZpbGUtMDgtMDctMjAyMS0wOS0zOC01NS03NzgtMjEudHh0ITAwMDAyOCE5OTk5LTEyLTMxVDIzOjU5OjU5Ljk5OTk5OTlaIQ--",
"include": {
"snapshots": false,
"metadata": true,
"uncommittedBlobs": false,
"copy": false,
"deleted": false
}
}
}The data parameters are:
maxResults- (optional) specifies the maximum number of blobs to return, including all BlobPrefix elements. If the request does not specify maxresults the server will return up to 5,000 items.prefix- (optional) filters the results to return only blobs whose names begin with the specified prefix.marker- (optional) a string value that identifies the portion of the list to be returned with the next list operation. The operation returns a marker value within the response body if the list returned was not complete. The marker value may then be used in a subsequent call to request the next set of list items.include- (optional) Specifies one or more datasets to include in the response:- snapshots: Specifies that snapshots should be included in the enumeration. Snapshots are listed from oldest to newest in the response. Defaults to: false
- metadata: Specifies that blob metadata be returned in the response. Defaults to: false
- uncommittedBlobs: Specifies that blobs for which blocks have been uploaded, but which have not been committed using Put Block List, be included in the response. Defaults to: false
- copy: Version 2012-02-12 and newer. Specifies that metadata related to any current or previous Copy Blob operation should be included in the response. Defaults to: false
- deleted: Version 2017-07-29 and newer. Specifies that soft deleted blobs should be included in the response. Defaults to: false
The response body contains the list of found blocks as also the following HTTP headers:
Metadata.marker: 2!108!MDAwMDM1IWZpbGUtMDgtMDctMjAyMS0wOS0zOC0zNC04NjctMTEudHh0ITAwMDAyOCE5OTk5LTEyLTMxVDIzOjU5OjU5Ljk5OTk5OTlaIQ--
Metadata.number: 10
marker- the next marker which can be used in a subsequent call to request the next set of list items. See the marker description on the data property of the binding input.number- the number of found blobs
The list of blobs will be returned as JSON array in the following form:
[
{
"XMLName": {
"Space": "",
"Local": "Blob"
},
"Name": "file-08-07-2021-09-38-13-776-1.txt",
"Deleted": false,
"Snapshot": "",
"Properties": {
"XMLName": {
"Space": "",
"Local": "Properties"
},
"CreationTime": "2021-07-08T07:38:16Z",
"LastModified": "2021-07-08T07:38:16Z",
"Etag": "0x8D941E3593C6573",
"ContentLength": 1,
"ContentType": "application/octet-stream",
"ContentEncoding": "",
"ContentLanguage": "",
"ContentMD5": "xMpCOKC5I4INzFCab3WEmw==",
"ContentDisposition": "",
"CacheControl": "",
"BlobSequenceNumber": null,
"BlobType": "BlockBlob",
"LeaseStatus": "unlocked",
"LeaseState": "available",
"LeaseDuration": "",
"CopyID": null,
"CopyStatus": "",
"CopySource": null,
"CopyProgress": null,
"CopyCompletionTime": null,
"CopyStatusDescription": null,
"ServerEncrypted": true,
"IncrementalCopy": null,
"DestinationSnapshot": null,
"DeletedTime": null,
"RemainingRetentionDays": null,
"AccessTier": "Hot",
"AccessTierInferred": true,
"ArchiveStatus": "",
"CustomerProvidedKeySha256": null,
"AccessTierChangeTime": null
},
"Metadata": null
}
]To generate a presigned SAS URL for an existing blob, invoke the Azure Blob Storage binding with a POST method and the following JSON body. The SAS URL provides temporary read-only access to the blob without requiring authentication.
Note: This operation requires the binding to be configured with an account key or connection string. Microsoft Entra ID authentication is not supported for SAS URL generation.
{
"operation": "presign",
"metadata": {
"blobName": "my-test-file.txt",
"signTTL": "15m"
}
}The metadata parameters are:
blobName- the name of the blob to generate a SAS URL forsignTTL- the time-to-live for the SAS URL. Valid values are Go duration strings (e.g."15m","1h","24h")
{{< tabpane text=true >}}
{{% tab "Windows" %}}
curl -d "{ \"operation\": \"presign\", \"metadata\": { \"blobName\": \"my-test-file.txt\", \"signTTL\": \"15m\" } }" \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{% tab "Linux" %}}
curl -d '{ "operation": "presign", "metadata": { "blobName": "my-test-file.txt", "signTTL": "15m" } }' \
http://localhost:<dapr-port>/v1.0/bindings/<binding-name>{{% /tab %}}
{{< /tabpane >}}
The response body contains the following JSON:
{
"presignURL": "https://<your account name>.blob.core.windows.net/<your container name>/my-test-file.txt?sv=2023-11-03&se=2024-01-01T00%3A15%3A00Z&sr=b&sp=r&sig=<signature>"
}By default the Azure Blob Storage output binding auto generates a UUID as the blob filename and is not assigned any system or custom metadata to it. It is configurable in the metadata property of the message (all optional).
Applications publishing to an Azure Blob Storage output binding should send a message with the following format:
{
"data": "file content",
"metadata": {
"blobName" : "filename.txt",
"contentType" : "text/plain",
"contentMD5" : "vZGKbMRDAnMs4BIwlXaRvQ==",
"contentEncoding" : "UTF-8",
"contentLanguage" : "en-us",
"contentDisposition" : "attachment",
"cacheControl" : "no-cache",
"custom" : "hello-world"
},
"operation": "create"
}- [Basic schema for a Dapr component]({{% ref component-schema %}})
- [Bindings building block]({{% ref bindings %}})
- [How-To: Trigger application with input binding]({{% ref howto-triggers.md %}})
- [How-To: Use bindings to interface with external resources]({{% ref howto-bindings.md %}})
- [Bindings API reference]({{% ref bindings_api.md %}})