az-storage-blob

Download a blob to a file path specifying a source container

$ az storage blob download --account-name [storage_account_name] --account-key [storage_account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [path/to/blob] [[-f|--file]] [path/to/local_file]

$ az storage blob download-batch --account-name [storage_account_name] --account-key [storage_account_key] [[-s|--source]] [container_name] [[-d|--destination]] [path/to/remote] --pattern [filename_regex] [[-d|--destination]] [path/to/destination]

$ az storage blob upload --account-name [storage_account_name] --account-key [storage_account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [path/to/blob] [[-f|--file]] [path/to/local_file]

$ az storage blob delete --account-name [storage_account_name] --account-key [storage_account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [path/to/blob]

$ az storage blob generate-sas --account-name [storage_account_name] --account-key [storage_account_key] [[-c|--container-name]] [container_name] [[-n|--name]] [path/to/blob] --permissions [permission_set] --expiry [Y-m-d'T'H:M'Z'] --https-only

az storage blob <SUBCOMMAND> [OPTIONS]
For example: az storage blob upload --container-name <container> --name <blob-name> --file <local-path>
Use az storage blob <SUBCOMMAND> --help for specific subcommand options.

--account-name
    Name of the storage account. Required if not provided via connection string or environment variables.

--account-key
    Shared access key for the storage account. Required if not provided via connection string, environment variables, or AAD.

--connection-string
    Connection string for the storage account. Provides all necessary authentication details.

--sas-token
    Shared Access Signature (SAS) token for authentication. Can be used instead of account key or connection string for fine-grained access.

--container-name
    Name of the blob container to operate on. This is a common required parameter for many blob subcommands.

--output {json, jsonc, table, tsv, yaml, yamlc, none}
    Output format for command results. Global Azure CLI parameter.

--query
    JMESPath query string. Use to filter and format the output of the command. Global Azure CLI parameter.

--verbose
    Increase logging verbosity to show debug logs. Global Azure CLI parameter.

--debug
    Increase logging verbosity to show all debug logs. Global Azure CLI parameter.

--help -h
    Show help message and exit for the command group or specific subcommand.

The az storage blob command is a powerful sub-group within the Azure Command-Line Interface (Azure CLI) that provides a comprehensive suite of tools for managing Azure Blob storage. It is not a standalone Linux command but rather a set of operations invoked via the az CLI tool.

Azure Blob storage is Microsoft's object storage solution for the cloud, optimized for storing massive amounts of unstructured data, such as text or binary data. The az storage blob command group allows users to interact with containers and blobs programmatically, enabling tasks such as uploading and downloading blobs, listing container contents, managing blob properties and metadata, creating snapshots, copying blobs, and deleting blobs or containers.

It supports various authentication methods, including connection strings, shared access signatures (SAS), and Azure Active Directory (AAD) integration, making it versatile for different operational scenarios. This command group is essential for DevOps practices, scripting automation, and general administration of data stored in Azure Blob Storage.

The az storage blob command group requires the Azure CLI to be installed and configured. It is not a native Linux utility. Authentication to Azure is typically handled globally by az login, but specific storage account credentials (keys, SAS tokens, connection strings) can override or be specified per command. Options vary significantly between subcommands (e.g., upload, download, delete), and users should consult the specific subcommand's help (e.g., az storage blob upload --help) for detailed parameter information.

While az storage blob itself is a group, it encompasses many crucial subcommands for interacting with blobs:
az storage blob upload: Uploads a local file to a blob.
az storage blob download: Downloads a blob to a local file.
az storage blob list: Lists blobs in a container.
az storage blob show: Gets the properties of a specific blob.
az storage blob delete: Deletes a blob.
az storage blob copy start: Initiates an asynchronous copy operation from one blob to another.
az storage blob url: Generates a URL for a blob.
az storage blob generate-sas: Generates a shared access signature for a blob.

Authentication for az storage blob commands can be handled in several ways:
Azure Active Directory (AAD): Recommended for most scenarios, using the logged-in user's credentials (via az login). Requires assigning appropriate RBAC roles (e.g., Storage Blob Data Contributor).
Storage Account Key: Provided directly using --account-key. Grants full access to the storage account.
Connection String: Provided directly using --connection-string. Contains all necessary authentication details (account name, key, endpoint).
Shared Access Signature (SAS): Provided using --sas-token. Grants time-limited, restricted permissions to specific resources.

The Azure CLI and its storage commands have continuously evolved since their initial release, with significant updates and new features being added regularly to support new Azure Storage capabilities and improve user experience. The `az storage blob` command group specifically matured from earlier versions of the CLI, which might have had different syntax or fewer features (e.g., the legacy Azure PowerShell cmdlets or older Xplat CLI). It represents the modern, cross-platform interface for Azure Blob Storage management, designed for automation and integration into CI/CD pipelines.

az(1), az storage container(1), az storage(1)