How to monitor data lake sas token expired?

zmsoft 200 Reputation points
2024-12-10T07:42:01.56+00:00

Hi there,

I have store sas token value in key vault, but I can't know when token expires. So I will find this issue after the token expires. Is there any way to monitor when the token expires?

Thanks

zmsoft

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,342 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,397 questions
Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,511 questions
{count} votes

Accepted answer
  1. Hari Babu Vattepally 1,195 Reputation points Microsoft Vendor
    2024-12-10T14:42:50.4533333+00:00

    Hi @zmsoft

    Welcome to Microsoft Q&A Forum. Thanks for posting your query here!

    In addition to above recommended solution from Amrinder Singh, we suggest you follow the below and give a try.

    Storage doesn't provide any inbuilt mechanism to notify for SAS expiry as storage doesn't stores any SAS it's end. This is because SAS is confidential data and as part of compliance, need to be maintained on the customer side only. So, you need to maintain or track the expiry from your side only or setting up monitoring through logs and alerts is essential.

    Additionally, you can track the token's expiration times manually or through automated scripts that check the expiration dates stored in your Key Vault. Which can be tracked through the scheduled tasks such as Azure Logic Apps, Azure Monitor Alerts.

    Hope the above solution helps in addressing your query.

    Please let us know if there are any further queries or issue still persists, we will be glad to assist you closer.

    Please do consider to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Amrinder Singh 5,555 Reputation points Microsoft Employee
    2024-12-10T09:27:30.7033333+00:00

    Hi zmsoft - Thanks for reaching out over Q&A Forum.

    Storage doesn't track the number of shared access signatures that have been generated for a storage account, and no API can provide this detail hence, Storage doesn't even have visibility to all the expiry dates and can alert for them.

    There is a SE (SAS Expiry) parameter in the SAS URI which points to the Expiry date. While generating SAS, you can keep track of that from your side along with the SE parameter which shall point to the expiry date.

    However, since you are using Key Vault, you can leverage that for rotation as well.

    Hope that helps!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.