In a previous article I showed how I connected to Azure Storage for static files and uploads, but this example used the main account key. This means any app using the key can connect to all containers, create containers etc. A better practice is to use Shared Access Signatures. You can create one in the Azure portal against a container, setting various permissions and time expiry, or you can write code that generates one for a short period of time for the app to use in subsequent requests.
I recently switched to using a SAS token for a new production Wagtail instance, the first one that we’ve used Azure Storage, and that we’ve put on Azure using Kubernetes. (AKS)
With Wagtail I’ve used django-storages and the Azure sdk, however django-storages is not that maintained, and doesn’t seem to work with the latest versions of the Azure SDK (https://github.com/jschneier/django-storages/issues/476)
django-storages has very minimal docs too which is a shame.
Changing the code to use SAS token resulted in a The specified resource does not exist. error , if you experience this make sure you provide the parameter names, rather just the comma delimited values.