Skip to content

Storage Account

This guide covers the creation and configuration of Azure Storage Accounts for use with Raikoo. Storage accounts provide the underlying file and blob storage for workspaces and documents.

Creation and Configuration in Azure Portal

From the Azure Portal "Create a resource" screen, click "Create" under "Storage Account".

Configure the following within each tab:

Basics

  • Subscription: Choose subscription
  • Resource Group: Choose resource group
  • Storage Account Name: Choose name
  • Region: Select region (ideally close to API service)
  • Preferred Storage Type: Azure Blob Storage/Azure Data Lake Storage Gen 2
  • Performance: Standard (HDD)
  • Redundancy: Choose redundancy (GZRS for prod)

Advanced

  • Secure REST: True
  • Anon Access: False
  • Enable Storage Account Key Access: True
  • Default Entra Auth: False
  • Min TLS Version: 1.2
  • Permitted Scope: Any storage
  • Hierarchical namespace: True
  • SFTP: False
  • NFSv3: False
  • X-Tenant Replication: False
  • Access tier: Hot

Networking

  • Public Access: Enable
  • Public Access Scope: Enable All
  • Routing Pref: Microsoft network

Data Protection

  • Enable point-in-time restore: False
  • Enable soft delete blobs: True, retain 7
  • Enable soft delete containers: True, retain 7
  • Enable soft delete for file shares: True, retain 7
  • Enable blob versioning: False
  • Enable blob change feed: False
  • Enable version-level immutability: False

Encryption

  • Encryption type: MMK
  • Enable customer-managed keys: Blob and files only
  • Enable infra-level encryption: True

Getting Connection String

Navigate to your Storage Account in the Azure Portal, then go to Security + Networking -> Access Keys. Copy one of the connection strings.

Note: Keep your connection string secure and never commit it to version control.

Data Migration

Blob Migration

Blob containers can be migrated directly, and do not require creating a host container first:

azcopy copy "[SOURCE_BLOB_SAS_URL]" \
            "[DESTINATION_BLOB_SAS_URL]" \
            --recursive

Files Migration

Files containers can not be migrated directly and require creating the share containers first before copying over their contents.

SHARE_NAMES=$(az storage share list \
  --account-name [SOURCE_ACCOUNT_NAME] \
  --query "[].name" \
  --output tsv)

# Create with reasonable quota (100 GB per share)
for share in $SHARE_NAMES; do
  echo "Creating: $share with 100GB quota"
  az storage share create \
    --account-name [DESTINATION_ACCOUNT_NAME] \
    --name "$share" \
    --quota 100 \
    --only-show-errors
done

azcopy copy "[SOURCE_FILE_SAS_URL]" \
            "[DESTINATION_FILE_SAS_URL]" \
            --recursive