From 9678807d39ed992093a9e830aeb71492b7558cb4 Mon Sep 17 00:00:00 2001 From: Jianjun Liao <36503113+Leavrth@users.noreply.github.com> Date: Wed, 21 Jun 2023 16:32:42 +0800 Subject: [PATCH] br: support access by azure sas token (#13896) --- br/backup-and-restore-storages.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/br/backup-and-restore-storages.md b/br/backup-and-restore-storages.md index 15fb125af75b1..f65a9fdea9989 100644 --- a/br/backup-and-restore-storages.md +++ b/br/backup-and-restore-storages.md @@ -76,7 +76,8 @@ This section describes the URI format of the storage services: - `account-name`: Specifies the account name of the storage. - `account-key`: Specifies the access key. - - `access-tier`: Specifies the access tier of the uploaded objects, for example, `Hot`, `Cool`, or `Archive`. The value is `Hot` by default. + - `sas-token`: Specifies the shared access signature (SAS) token. + - `access-tier`: Specifies the access tier of the uploaded objects, for example, `Hot`, `Cool`, or `Archive`. The default value is the default access tier of the storage account. @@ -185,11 +186,15 @@ You can configure the account used to access GCS by specifying the access key. I
-- Method 1: Specify the access key +- Method 1: Specify the shared access signature + + If you specify `account-name` and `sas-token` in the URI, the authentication is performed using the specified account name and shared access signature (SAS) token. Note that the SAS token contains the `&` character. You need to encode it as `%26` before appending it to the URI. You can also directly encode the entire `sas-token` using percent-encoding. + +- Method 2: Specify the access key - If you specify `account-name` and `account-key` in the URI, the authentication is performed using the specified access key and secret access key. Besides the method of specifying the key in the URI, BR can also read the key from the environment variable `$AZURE_STORAGE_KEY`. + If you specify `account-name` and `account-key` in the URI, the authentication is performed using the specified account name and account key. Besides the method of specifying the key in the URI, BR can also read the key from the environment variable `$AZURE_STORAGE_KEY`. -- Method 2: Use Azure AD for backup and restore +- Method 3: Use Azure AD for backup and restore Configure the environment variables `$AZURE_CLIENT_ID`, `$AZURE_TENANT_ID`, and `$AZURE_CLIENT_SECRET` on the node where BR is running.