Skip to main content

Connecting Microsoft Azure Files Storage

This guide walks you through connecting a Microsoft Azure Files Storage destination to Pluton.

Prerequisites

Before connecting Azure Files Storage, you need:

  1. A Microsoft Azure account - Sign up here
  2. A Storage Account created in the Azure Portal
  3. A File Share created within the Storage Account
  4. One of the following authentication methods:
    • Storage Account Key (simplest)
    • SAS URL for share-level access
    • Connection String from the Azure Portal

Getting Your Credentials

Step 1: Create a File Share

  1. Log into the Azure Portal
  2. Navigate to Storage accounts and select your storage account
  3. In the left menu, under Data storage, click File shares
  4. Click + File share
  5. Enter a name (e.g., "pluton-backups"), set a quota, and click Create
  6. Note the Share Name — you will need it in Pluton

Step 2: Get Your Storage Account Key

  1. In your Storage Account, go to Security + networkingAccess keys
  2. Click Show next to key1 or key2
  3. Copy the Storage account name and Key value

Alternative: Get a SAS URL or Connection String

SAS URL:

  1. Navigate to Security + networkingShared access signature
  2. Select File under allowed services, configure permissions and expiry
  3. Click Generate SAS and connection string
  4. Copy the File service SAS URL

Connection String:

  1. Navigate to Security + networkingAccess keys
  2. Copy the Connection string value shown under key1 or key2

Connecting to Pluton

Step 1: Add Storage

  1. In Pluton, navigate to Storages
  2. Click Add Storage button
  3. Select Microsoft Azure Files Storage from the provider list

Step 2: Configure Connection

Fill in the required fields:

  • Storage Name: A friendly name (e.g., "Azure Files Backups")
  • Storage Account Name: Your Azure Storage Account Name
  • Share Name: The name of the Azure Files share to access (e.g., "pluton-backups")
  • Storage Account Key: Your account's shared access key. Leave blank if using a SAS URL or Connection String instead

Optional alternative authentication:

  • SAS URL: SAS URL for share-level access. Leave blank if using account/key or connection string
  • Connection String: Azure Files connection string. Leave blank if using account/key or SAS URL

Step 3: Advanced Options (Optional)

Additional settings available:

  • Environment Auth: Read credentials from runtime environment variables, CLI, or MSI
  • Tenant ID: ID of the service principal's tenant (directory ID), for Azure AD authentication
  • Client ID: The application (client) ID for service principal authentication
  • Client Secret: One of the service principal's client secrets
  • Client Certificate Path: Path to a PEM or PKCS12 certificate file including the private key
  • Client Certificate Password: Password for the certificate file (optional)
  • Send Certificate Chain: Include an x5c header in authentication requests for subject name / issuer based authentication
  • Username / Password: User credentials for Azure AD authentication
  • Service Principal File: Path to a file containing service principal credentials
  • Use MSI: Use a Managed Service Identity to authenticate (only works in Azure)
    • MSI Object ID: Object ID of the user-assigned MSI
    • MSI Client ID: Client ID of the user-assigned MSI
    • MSI Resource ID: Azure resource ID of the user-assigned MSI
  • Endpoint: Custom endpoint for the service (leave blank normally)
  • Chunk Size: Upload chunk size (default: 4 MiB). Chunks are stored in memory during upload
  • Upload Concurrency: Number of chunks uploaded concurrently (default: 16)
  • Max Stream Size: Maximum size for streamed files when the file size is unknown (default: 10 GiB)

Step 4: Test and Save

  1. Click Test Connection to verify credentials
  2. If successful, click Save
  3. Your Azure Files Storage is now ready for backup plans

Common Issues

Share Not Found: Verify that the Share Name matches exactly the name of the file share in your Storage Account. Share names are case-sensitive.

Authentication Failed: Ensure the Storage Account Name and Key are correct. If using a SAS URL, verify it has not expired and includes sufficient permissions.

Connection String Errors: Make sure the connection string is copied in full from the Azure Portal. Partial strings will cause authentication failures.

Forbidden (403): Check that your credentials have the necessary permissions on the file share. For service principal authentication, ensure the appropriate RBAC role is assigned.

Best Practices

  • Use Storage Account Keys for simple setups; use Service Principals or SAS URLs for granular access control
  • Set a quota on your file share to prevent unexpected storage costs
  • Use the Storage Account Key method for most straightforward backup configurations
  • Store credentials securely — rotate Storage Account Keys periodically via the Azure Portal
  • Place the Pluton server in the same Azure region as the Storage Account for best performance
  • Use separate file shares for different backup plans to simplify management