diff --git a/cmd/gateway/azure/gateway-azure.go b/cmd/gateway/azure/gateway-azure.go index eeee5ef4c..035d2b53d 100644 --- a/cmd/gateway/azure/gateway-azure.go +++ b/cmd/gateway/azure/gateway-azure.go @@ -173,6 +173,16 @@ func (g *Azure) Name() string { // NewGatewayLayer initializes azure blob storage client and returns AzureObjects. func (g *Azure) NewGatewayLayer(creds auth.Credentials) (minio.ObjectLayer, error) { + var err error + + // Override credentials from the Azure storage environment variables if specified + if acc, key := env.Get("AZURE_STORAGE_ACCOUNT", creds.AccessKey), env.Get("AZURE_STORAGE_KEY", creds.SecretKey); acc != "" && key != "" { + creds, err = auth.CreateCredentials(acc, key) + if err != nil { + return nil, err + } + } + endpointURL, err := parseStorageEndpoint(g.host, creds.AccessKey) if err != nil { return nil, err diff --git a/docs/gateway/azure.md b/docs/gateway/azure.md index 060969962..cd0b90ef9 100644 --- a/docs/gateway/azure.md +++ b/docs/gateway/azure.md @@ -36,6 +36,10 @@ mc ls myazure [2017-02-26 22:10:11 PST] 0B test-container1/ ``` +### Use custom access/secret keys + +If you do not want to share the credentials of the Azure blob storage with your users/applications, you can set the original credentials in the shell environment using `AZURE_STORAGE_ACCOUNT` and `AZURE_STORAGE_KEY` variables and assign different access/secret keys to `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY`. + ### Known limitations Gateway inherits the following Azure limitations: