Azure Metadata Reader
The Azure Metadata Reader component retrieves and outputs metadata from Azure Blob Storage resources. It supports multiple authentication methods, enabling secure access to container, directory, or blob-level metadata.
Configuration Sections
The Azure Metadata Reader component configurations are organized into the following sections:
Basic Information
Meta Information
Resource Configuration
Connection Validation
Prerequisites
Before configuring the component, obtain valid Azure credentials using one of the following methods from the Azure Portal:
Shared Access Signature (SAS)
Storage Account Secret Key
Service Principal (Client Secret)
Best Practice: Use SAS tokens where possible, as they are temporary and revocable. Avoid embedding Secret Keys or Principal Secrets directly in scripts; store them securely in Azure Key Vault.
Authentication Methods
1. Shared Access Signature (SAS)
Shared Access Signature
SAS URI granting restricted access to resources.
?sv=2025-01-01&ss=b&srt=...
Account Name
Name of the Azure storage account.
myazureaccount
Container
Container containing the blobs.
logs
Path Type
Options: Null, Directory Path, Blob Name.
Directory Path
Directory Path
Path to filter blobs (optional).
employee/joining_year=2010/department=BI/
Blob Name
Specific blob name to fetch metadata for (optional).
report.csv
2. Secret Key (Shared Key Authorization)
Account Key
Full access key for the storage account.
xxxx12345...
Account Name
Name of the Azure storage account.
myazureaccount
Container
Container containing the blobs.
finance-data
Path Type
Options: Null, Directory Path, Blob Name.
Blob Name
Directory Path
Path to filter blobs (optional).
finance/2025/
Blob Name
Specific blob to fetch metadata for.
q1_results.json
3. Principal Secret (Service Principal)
Client ID
Application (client) ID assigned by Azure AD.
2c76b0a9-xxxx-xxxx-xxxx-abcdef
Tenant ID
Directory (tenant) ID of your Azure AD instance.
72f988bf-xxxx-xxxx-xxxx-abcdef
Client Secret
Password/secret of the service principal.
********
Account Name
Name of the Azure storage account.
myazureaccount
Container
Container containing the blobs.
backups
Path Type
Options: Null, Directory Path, Blob Name.
Null
Directory Path
Path to filter blobs (optional).
archive/2024/
Blob Name
Specific blob to fetch metadata for.
daily.zip
Path Type Options
Null: Reads metadata of all blobs within the container.
Directory Path: Reads metadata of blobs within a specific directory.
Blob Name: Reads metadata of a single specified blob.
Output Metadata
When executed successfully, the component outputs metadata for each blob that matches the configuration.
Container
Name of the container.
finance-data
Blob
Name of the blob.
transactions.csv
blobLastModifiedDateAndTime
Date and time the blob was last modified.
2025-09-20T14:45:12Z
blobLength
Size of the blob (in bytes).
2048
Example Configurations
Example 1: Using SAS to Read All Metadata
Authentication: SAS
Shared Access Signature: ?sv=2025-01-01&ss=b&srt=...
Account Name: myazureaccount
Container: logs
Path Type: NullReads metadata for all blobs in the logs container.
Example 2: Using Secret Key for a Specific Blob
Authentication: Secret Key
Account Name: myazureaccount
Account Key: ********
Container: finance-data
Path Type: Blob Name
Blob Name: 2025_report.csvReads metadata for 2025_report.csv only.
Example 3: Using Principal Secret for Directory Metadata
Authentication: Principal Secret
Client ID: 2c76b0a9-xxxx-xxxx-xxxx-abcdef
Tenant ID: 72f988bf-xxxx-xxxx-xxxx-abcdef
Client Secret: ********
Account Name: myazureaccount
Container: archive
Path Type: Directory Path
Directory Path: 2024/quarter1/Reads metadata for all blobs in the archive/2024/quarter1/ directory.
Notes
Prefer SAS tokens for temporary, granular access control.
Use Secret Keys only in secure environments and avoid embedding them in pipelines.
For enterprise applications, configure Principal Secret authentication via Azure AD.