2020-11-19 16:47:18 +02:00
# Serving files from Azure Blob Storage
imgproxy can process images from Azure Blob Storage containers. To use this feature, do the following:
2022-02-01 11:43:36 +02:00
1. Set `IMGPROXY_USE_ABS` environment variable to `true`
2022-12-15 16:46:07 +02:00
2. Set `IMGPROXY_ABS_NAME` to your Azure account name
3. [Set up the necessary credentials ](#set-up-credentials )
2022-02-01 11:43:36 +02:00
4. _(optional)_ Specify the Azure Blob Storage endpoint with `IMGPROXY_ABS_ENDPOINT`
2022-12-15 16:46:07 +02:00
5. Use `abs://%bucket_name/%file_key` as the source image URL
## Set up credentials
2022-12-15 14:51:07 +02:00
### Leverage Azure Managed Identity or Service Principal
Microsoft encourages the use of a Managed Identity or Service Principal when accessing resources on an Azure Storage Account.
2022-12-15 16:46:07 +02:00
Both of these authentication pathways are supported out of the box.
2022-12-15 14:51:07 +02:00
#### Managed Identity
There is no additional configuration required so long as the resource that imgproxy is running on has a Managed Identity assigned to it.
#### Service Principal
2022-12-15 16:46:07 +02:00
Please, refer to the [following documentation ](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal ) on the creation of a service principal before proceeding.
2022-12-15 14:51:07 +02:00
Once that step is completed, the following environment variables must be configured depending on which option was chosen.
2022-12-15 16:46:07 +02:00
For secret authentication:
* `AZURE_CLIENT_ID` : the client ID for your application registration
* `AZURE_TENANT_ID` : the tenant ID for your application registration
* `AZURE_CLIENT_SECRET` : the client secret for your application registration
For certificate authentication:
2022-12-15 14:51:07 +02:00
2022-12-15 16:46:07 +02:00
* `AZURE_CLIENT_ID` : the client ID for your application registration
* `AZURE_TENANT_ID` : the tenant ID for your application registration
* `AZURE_CLIENT_CERTIFICATE_PATH` : the path to a PFX or PEM-encoded certificate including private key
* `AZURE_CLIENT_CERTIFICATE_PASSWORD` : _(optional)_ the password protecting the certificate file (PFX (PKCS12))
* `AZURE_CLIENT_CERTIFICATE_CHAIN` : _(optional)_ send certificate chain in x5c header to support subject name / issuer-based authentication
2022-12-15 14:51:07 +02:00
2022-12-15 16:46:07 +02:00
### Using Storage Account Key
2022-12-15 14:51:07 +02:00
2022-12-15 16:46:07 +02:00
Alternatively, you can set `IMGPROXY_ABS_KEY` to your Azure Blob Storage account key. See the [Manage storage account access keys ](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage ) guide for more info.
