az-storage-blob

Download a blob to a file path specifying a source container

$ az storage blob download --account-name [account_name] --account-key [account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [blob_name] [[-f|--file]] [path/to/file]

$ az storage blob download-batch --account-name [account_name] --account-key [account_key] [[-s|--source]] [container_name] --pattern [filename_regex] [[-d|--destination]] [path/to/destination]

$ az storage blob upload --account-name [account_name] --account-key [account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [blob_name] [[-f|--file]] [path/to/file]

$ az storage blob delete --account-name [account_name] --account-key [account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [blob_name]

$ az storage blob generate-sas --account-name [account_name] --account-key [account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [blob_name] --permissions [permission_set] --expiry [Y-m-d'T'H:M'Z'] --https-only

az storage blob [SUBCOMMAND] [options]

--account-key
    Storage account access key from Azure Portal.

--account-name
    Name of the storage account.

--auth-mode
    Auth mode: key, login (AAD), cli. Default: login.

--blob-endpoint
    Custom blob service endpoint.

--connection-string
    Account connection string.

--container-name
    Name of the blob container.

--debug
    Show all debug logs.

--file
    Local file path (subcommand-specific).

--help -h
    Show help and exit.

--lease-id
    Lease ID for blob operations.

--name
    Name of the blob.

--only-show-errors
    Suppress non-error output.

--output -o
    Output format: json, table, tsv, none.

--query
    JMESPath query string for output.

--sas-token
    Shared access signature token.

--subscription
    Azure subscription ID or name.

--verbose
    Increase logging verbosity.

The az storage blob command is a key component of the Azure CLI, enabling management of blobs in Azure Blob Storage—Microsoft's scalable object storage for unstructured data like files, images, backups, and media.

It supports essential operations: upload local files to blobs, download blobs to disk, list blobs in containers, delete or copy blobs (intra-account or cross-account), set metadata, acquire leases, generate SAS URLs, and more. Authentication options include storage account keys, connection strings, SAS tokens, or Azure AD (via login mode).

Ideal for automation, CI/CD pipelines, data migration, and scripting. Supports block, append, and page blobs across general-purpose v1/v2, premium block, and Data Lake Gen2 accounts. Use with --dryrun for testing. Requires Azure CLI v2.0+ installed.

Requires Azure CLI 2.0+ and storage account permissions (e.g., Blob Contributor role). Large files need --chunk-size or --max-concurrency. SAS tokens expire; use managed identities for production.

upload: Upload file to blob.
download: Download blob to file.
list: List blobs in container.
delete: Delete blob.
copy start: Async copy blob.
exists: Check blob existence.

Prefer --auth-mode login for security over keys; requires az login.

Introduced in Azure CLI 2.0 (2017); enhanced in 2.10+ for Data Lake Gen2, parallel uploads, and AAD auth integration. Actively maintained with Azure Storage API updates.

az storage account(1), az storage container(1), az storage fs blob(1)