Skip to content
For Self-Managed AI Platform users running v11.1, see the on-premise platform documentation

Azure Blob Storage

Self-managed installation and maintenance > Installation and configuration guide > Azure Kubernetes Service (AKS) > Azure Blob Storage

Azure Blob Storage

You can configure DataRobot to use Azure Blob Storage for object storage, which is the recommended setup for DataRobot on AKS.

It is expected to provide a dedicated Azure Storage Account exclusively for use with the DataRobot platform.

Note

The container names must be all lower case letters. No hyphens, underscores, numbers, etc.

DataRobot supports four authentication methods for accessing an Azure Blob Storage container, but the recommended method is Workload Identity.

Using a storage account key

When you create a storage account, Azure generates two 512-bit storage account access keys. These keys can be used to authorize access to data in your storage account via Shared Key authorization or via SAS tokens signed with the shared key.

Storage account access keys provide full access to the configuration of a storage account, as well as the data. Make sure to protect your access keys.

Refer to the Manage storage account access keys Azure documentation for how to retrieve the AccountKey.

Using a connection string

A connection string includes the authorization information required for your application to access data in an Azure Storage account at runtime using Shared Key authorization.

Below is an example of a connection string: DefaultEndpointsProtocol=https;AccountName=AZ_BLOB_STORAGE_ACCOUNT_NAME;AccountKey=AZ_BLOB_STORAGE_ACCOUNT_KEY;EndpointSuffix=core.windows.net

For additional information, see Configure Azure Storage connection strings documentation.

Using an Azure service principal

Registering an application with Microsoft Entra ID (formerly Azure Active Directory) creates a service principal that you can use to provide access to Azure storage accounts.

For more information on setting up an application, see the Create a Microsoft Entra application and service principal documentation.

Workload identity for Azure

To use Microsoft Entra Workload ID with Azure Kubernetes Service (AKS), you must create a dedicated managed identity. The service account will need the "Storage Blob Data Contributor" role.

For additional information, see Use a workload identity with an application on Azure Kubernetes Service.

Azure Government configuration

Azure Government is a cloud services platform based on the foundational principles of security, privacy, and compliance. Customers eligible for Azure Government benefit from a physically isolated instance of Azure.

For additional information, see Azure Government documentation.