Manage blob containers using PowerShell

2025-04-12

Azure blob storage allows you to store large amounts of unstructured object data. You can use blob storage to gather or expose media, content, or application data to users. Eftersom alla blobdata lagras i containrar måste du skapa en lagringscontainer innan du kan börja ladda upp data. To learn more about blob storage, read the Introduction to Azure Blob storage.

This how-to article explains how to work with both individual and multiple storage container objects.

Förutsättningar

Ett Azure-abonnemang. Se Hämta en kostnadsfri utvärderingsversion av Azure.
Azure PowerShell module Az, which is the recommended PowerShell module for interacting with Azure. Information om hur du kommer igång med Az PowerShell-modulen finns i Installera Azure PowerShell.

You'll need to obtain authorization to an Azure subscription before you can use the examples in this article. Authorization can occur by authenticating with a Microsoft Entra account or using a shared key. The examples in this article use Microsoft Entra authentication in conjunction with context objects. Context objects encapsulate your Microsoft Entra credentials and pass them on subsequent data operations, eliminating the need to reauthenticate.

Om du vill logga in på ditt Azure-konto med ett Microsoft Entra-konto öppnar du PowerShell och anropar cmdleten Connect-AzAccount .

# Connect to your Azure subscription
 Connect-AzAccount

After the connection has been established, create the storage account context by calling the New-AzStorageContext cmdlet. Include the -UseConnectedAccount parameter so that data operations will be performed using your Microsoft Entra credentials.

# Create a context object using Azure AD credentials
 $ctx = New-AzStorageContext -StorageAccountName <storage account name> -UseConnectedAccount

Kom ihåg att ersätta platshållarvärdena inom hakparenteser med dina egna värden. Mer information om hur du loggar in på Azure med PowerShell finns i Logga in med Azure PowerShell.

Skapa en container

To create containers with PowerShell, call the New-AzStorageContainer cmdlet. There are no limits to the number of blobs or containers that can be created within a storage account. Containers cannot be nested within other containers.

The following example illustrates three options for the creation of blob containers with the New-AzStorageContainer cmdlet. The first approach creates a single container, while the remaining two approaches leverage PowerShell operations to automate container creation.

To use this example, supply values for the variables and ensure that you've created a connection to your Azure subscription. Kom ihåg att ersätta platshållarvärdena inom hakparenteser med dina egna värden.

# Create variables
 $containerName  = "individual-container"
 $prefixName     = "loop"

# Approach 1: Create a container
 New-AzStorageContainer -Name $containerName -Context $ctx

# Approach 2: Create containers with a PowerShell loop
 for ($i = 1; $i -le 3; $i++) { 
     New-AzStorageContainer -Name (-join($prefixName, $i)) -Context $ctx
    } 

# Approach 3: Create containers using the PowerShell Split method
 "$($prefixName)4 $($prefixName)5 $($prefixName)6".split() | New-AzStorageContainer -Context $ctx

The result provides the name of the storage account and confirms the creation of the new container.

Storage Account Name: demostorageaccount

Name                   PublicAccess   LastModified
----                   ------------   ------------
individual-container   Off            11/2/2021 4:09:05 AM +00:00
loop-container1        Off            11/2/2021 4:09:05 AM +00:00
loop-container2        Off            11/2/2021 4:09:05 AM +00:00
loop-container3        Off            11/2/2021 4:09:05 AM +00:00           
loop-container4        Off            11/2/2021 4:09:05 AM +00:00           
loop-container5        Off            11/2/2021 4:09:05 AM +00:00           
loop-container6        Off            11/2/2021 4:09:05 AM +00:00

List containers

Use the Get-AzStorageContainer cmdlet to retrieve storage containers. To retrieve a single container, include the -Name parameter. To return a list of containers that begins with a given character string, specify a value for the -Prefix parameter.

The following example retrieves both an individual container and a list of container resources.

# Create variables
 $containerName  = "individual-container"
 $prefixName     = "loop-"

# Approach 1: Retrieve an individual container
 Get-AzStorageContainer -Name $containerName -Context $ctx
 Write-Host

# Approach 2: Retrieve a list of containers
 Get-AzStorageContainer -Prefix $prefixName -Context $ctx

The result provides the URI of the blob endpoint and lists the containers retrieved by name and prefix.

   Storage Account Name: demostorageaccount

Name                 PublicAccess         LastModified                   IsDeleted  VersionId        
----                 ------------         ------------                   ---------  ---------        
individual-container                      11/2/2021 5:52:08 PM +00:00                                

loop-container1                           11/2/2021 12:22:00 AM +00:00                               
loop-container2                           11/2/2021 12:22:00 AM +00:00                               

loop-container1                           11/2/2021 12:22:00 AM +00:00                               
loop-container2                           11/2/2021 12:22:00 AM +00:00
loop-container3                           11/2/2021 12:22:00 AM +00:00   True       01D7E7129FDBD7D4
loop-container4                           11/2/2021 12:22:00 AM +00:00   True       01D7E8A5EF01C787

Läsa egenskaper och metadata för container

En container exponerar både systemegenskaper och användardefinierade metadata. System properties exist on each blob storage resource. Vissa egenskaper är endast läsbara, medan andra kan läsas eller ställas in. Under täcket mappas vissa systemegenskaper till vissa standard-HTTP-huvuden.

User-defined metadata consists of one or more name-value pairs that you specify for a blob storage resource. Du kan använda metadata för att lagra ytterligare värden med resursen. Metadatavärden är endast för dina egna syften och påverkar inte hur resursen beter sig.

Containeregenskaper

The following example retrieves all containers with the demo prefix and iterates through them, listing their properties.

# Create variable
 $prefix = "loop"

# Get containers
 $containers = Get-AzStorageContainer -Prefix $prefix -Context $ctx

# Iterate containers, display properties
 Foreach ($container in $containers) 
 {
    $containerProperties = $container.BlobContainerClient.GetProperties()
    Write-Host $container.Name "properties:"
    $containerProperties.Value
 }

The results display all containers with the prefix loop and list their properties.

loop-container1 properties:

LastModified                      : 12/7/2021 7:47:17 PM +00:00
LeaseStatus                       : Unlocked
LeaseState                        : Available
LeaseDuration                     : Infinite
PublicAccess                      : 
HasImmutabilityPolicy             : False
HasLegalHold                      : False
DefaultEncryptionScope            : $account-encryption-key
PreventEncryptionScopeOverride    : False
DeletedOn                         : 
RemainingRetentionDays            : 
ETag                              : 0x8D9B9BA602806DA
Metadata                          : {}
HasImmutableStorageWithVersioning : False

loop-container2 properties:
LastModified                      : 12/7/2021 7:47:18 PM +00:00
LeaseStatus                       : Unlocked
LeaseState                        : Available
LeaseDuration                     : Infinite
PublicAccess                      : 
HasImmutabilityPolicy             : False
HasLegalHold                      : False
DefaultEncryptionScope            : $account-encryption-key
PreventEncryptionScopeOverride    : False
DeletedOn                         : 
RemainingRetentionDays            : 
ETag                              : 0x8D9B9BA605996AE
Metadata                          : {}
HasImmutableStorageWithVersioning : False

Read and write container metadata

Users that have many thousands of objects within their storage account can quickly locate specific containers based on their metadata. To access the metadata, you'll use the BlobContainerClient object. This object allows you to access and manipulate containers and their blobs. To update metadata, you'll need to call the SetMetadata() method. The method only accepts key-value pairs stored in a generic IDictionary object. For more information, see the BlobContainerClient class

The example below first updates a container's metadata and afterward retrieve a container's metadata. The example flushes the sample container from memory and retrieves it again to ensure that metadata isn't being read from the object in memory.

# Create variable
  $containerName = "individual-container"

# Retrieve container
 $container = Get-AzStorageContainer -Name $containerName -Context $ctx

# Create IDictionary, add key-value metadata pairs to IDictionary
 $metadata = New-Object System.Collections.Generic.Dictionary"[String,String]"
 $metadata.Add("CustomerName","Anthony Bennedetto")
 $metadata.Add("CustomerDOB","08/03/1926")
 $metadata.Add("CustomerBirthplace","Long Island City")

# Update metadata
  $container.BlobContainerClient.SetMetadata($metadata, $null)

# Flush container from memory, retrieve updated container
 $container = $null
 $container = Get-AzStorageContainer -Name $containerName -Context $ctx
 
# Display metadata
 $properties = $container.BlobContainerClient.GetProperties()
 Write-Host $container.Name "metadata:" 
 Write-Host $properties.Value.Metadata

The results display the complete metadata for a container.

individual-container metadata:

[CustomerName, Anthony Bennedetto] [CustomerDOB, 08/03/1926] [CustomerBirthplace, Long Island City]

Get a shared access signature for a container

A shared access signature (SAS) provides delegated access to Azure resources. En SAS ger dig detaljerad kontroll över hur en klient kan komma åt dina data. Du kan till exempel ange vilka resurser som är tillgängliga för klienten. You can also limit the types of operations that the client can perform, and specify the amount of time for which the actions can be taken.

A SAS is commonly used to provide temporary and secure access to a client who wouldn't normally have permissions. An example of this scenario would be a service that allows users read and write their own data to your storage account.

Azure Storage supports three types of shared access signatures: user delegation, service, and account SAS. For more information on shared access signatures, see the Create a service SAS for a container or blob article.

Försiktighet

Varje klient som har en giltig SAS kan komma åt data i ditt lagringskonto, enligt vad SAS:et tillåter. Det är viktigt att skydda en SAS från skadlig eller oavsiktlig användning. Använd diskretion när du distribuerar en SAS och ha en plan för att återkalla en komprometterad SAS.

The following example illustrates the process of configuring a service SAS for a specific container using the New-AzStorageContainerSASToken cmdlet. The example will configure the SAS with start and expiry times and a protocol. It will also specify the read, write, and list permissions in the SAS using the -Permission parameter. You can reference the full table of permissions in the Create a service SAS article.

# Create variables
 $accountName   = "<storage-account>"
 $containerName = "individual-container"
 $startTime     = Get-Date
 $expiryTime    = $startTime.AddDays(7)
 $permissions   = "rwl"
 $protocol      = "HttpsOnly"

# Create a context object using Azure AD credentials, retrieve container
 $ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
 
# Approach 1: Generate SAS token for a specific container
 $sas = New-AzStorageContainerSASToken `
 -Context $ctx `
 -Name $containerName `
 -StartTime $startTime `
 -ExpiryTime $expiryTime `
 -Permission $permissions `
 -Protocol $protocol

# Approach 2: Generate SAS tokens for a container list using pipeline
  Get-AzStorageContainer -Container $filterName -Context $ctx | New-AzStorageContainerSASToken `
 -Context $ctx `
 -StartTime $startTime `
 -ExpiryTime $expiryTime `
 -Permission $permissions `
 -Protocol $protocol | Write-Output

Anmärkning

The SAS token returned by Blob Storage doesn't include the delimiter character ('?') for the URL query string. Om du lägger till SAS-token till en resurs-URL, kom ihåg att även lägga till avgränsartecknet.

Ta bort containrar

Depending on your use case, you can delete a container or list of containers with the Remove-AzStorageContainer cmdlet. When deleting a list of containers, you can leverage conditional operations, loops, or the PowerShell pipeline as shown in the examples below.

# Create variables
 $accountName    = "<storage-account>"
 $containerName  = "individual-container"
 $prefixName     = "loop-"

# Delete a single named container
 Remove-AzStorageContainer -Name $containerName -Context $ctx

# Iterate a loop, deleting containers
 for ($i = 1; $i -le 2; $i++) { 
     Remove-AzStorageContainer -Name (-join($containerPrefix, $i)) -Context $ctx
    } 

# Retrieve container list, delete using a pipeline
 Get-AzStorageContainer -Prefix $prefixName -Context $ctx | Remove-AzStorageContainer

I vissa fall är det möjligt att hämta containrar som har tagits bort. If your storage account's soft delete data protection option is enabled, the -IncludeDeleted parameter will return containers deleted within the associated retention period. The -IncludeDeleted parameter can only be used in conjunction with the -Prefix parameter when returning a list of containers. Mer information om mjuk borttagning finns i artikeln Mjuk borttagning för containrar .

Use the following example to retrieve a list of containers deleted within the storage account's associated retention period.

# Retrieve a list of containers including those recently deleted
 Get-AzStorageContainer -Prefix $prefixName -Context $ctx -IncludeDeleted

Restore a soft-deleted container

As mentioned in the List containers section, you can configure the soft delete data protection option on your storage account. När det är aktiverat går det att återställa containrar som tagits bort inom den associerade kvarhållningsperioden.

The following example explains how to restore a soft-deleted container with the Restore-AzStorageContainer cmdlet. Before you can follow this example, you'll need to enable soft delete and configure it on at least one of your storage accounts.

To learn more about the soft delete data protection option, refer to the Soft delete for containers article.

# Create variables
 $accountName = "<storage-account>"
 $prefixName  = "loop-"

# Create a context object using Azure AD credentials
 $ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount

# Retrieve all containers, filter deleted containers, restore deleted containers
 Get-AzStorageContainer -Prefix $prefixName -IncludeDeleted `
    -Context $ctx | ? { $_.IsDeleted } | Restore-AzStorageContainer

The results display all containers with the prefix demo which have been restored.

    Storage Account Name: demostorageaccount

Name                 PublicAccess         LastModified                   IsDeleted  VersionId        
----                 ------------         ------------                   ---------  ---------        
loop-container3                                                                                       
loop-container4

Se även

Feedback

Var den här sidan till hjälp?