web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Is there an alternativ...
Power Automate
Suggested Answer

Is there an alternative to Azure File Storage Connector that uses the account key?

(1) ShareShare
ReportReport
Posted on by 2
The Azure File Storage connector requires the account key. The security team advises against sharing the key to use in Power Automate.
 
Do we have an alternative way to connect to the Azure file storage?
Categories:
I have the same question (0)
  • trice602 Profile Picture
    16,298 Super User 2026 Season 1 on at
    Hi there!
     
    Not really.  I cannot think of anything and wanted to share with you.
     

    ------------------------------------------------

     

     

    ⭐ If this was helpful, please like and check the box below "Does this answer your question" to help others find this too!

     

     

    Always glad to help! 💯💯💯💯💯

     

    Tom

     

    Follow me on LinkedIn - Thomas Rice, PMP | LinkedIn

  • Suggested answer
    Sunil Kumar Pashikanti Profile Picture
    2,318 Moderator on at
     
    Recommended Alternatives (No Account Key Exposure)
    1. Use Azure Blob Storage instead (AAD‑based auth supported)
    If you can change the storage type:
    • The Azure Blob Storage connector supports Azure AD authentication
    • Works with:
      • User identity
      • Service principal
      • Managed identity (indirectly via Logic Apps / Functions)
    • Fine‑grained RBAC (Storage Blob Data Contributor, etc.)
    Best option if design flexibility exists
    Many teams migrate file‑like workloads to Blob containers to avoid key‑based access altogether.

    2. Expose Azure Files via SFTP (Azure Storage SFTP)
    Azure Files can be accessed through Azure Storage SFTP and Power Automate can connect using the SFTP – SSH connector.
    How it works
    • Enable SFTP on the storage account
    • Create local SFTP users or integrate with identity
    • Connect using:
      • SSH key (preferred)
      • Credential vault / secret store
    Pros
    • No storage account key in Power Automate
    • Strong security controls
    • Supported, stable connector
    Cons
    • Requires SFTP setup
    • Slightly more operational overhead
    Very common security‑approved workaround
     
    3. Azure Function + Managed Identity (Proxy Pattern)
    This is the most secure and flexible pattern.
    Architecture
    Power Automate
       ↓ (HTTPS, OAuth)
    Azure Function (Managed Identity)
       ↓
    Azure Files (RBAC / REST API)
    Details
    • Function uses Managed Identity
    • Function calls Azure Storage REST API
    • Power Automate:
      • Calls the Function via OAuth / AAD
      • No storage secrets involved
    Pros
    • Zero keys or SAS in Flow
    • Centralized auditing
    • Fine‑grained control & throttling
    Cons
    • Requires small amount of Azure dev work
    Enterprise‑grade solution
     
    4. Logic Apps (instead of Power Automate)
    If this is a backend integration rather than citizen automation:
    • Logic Apps (Standard) can use:
    • Managed Identity
    • VNET integration
    • Can call Azure Storage REST APIs securely
    Logic Apps often pass security reviews where Power Automate does not.
     
    5. On‑premises Data Gateway (SMB Share Access)
    If the Azure File Share is mounted:
    • Mount Azure File Share to a VM
    • Use File System connector via On‑Prem Data Gateway
    Pros
    • No account key in Flow
    • Uses OS‑level security
    Cons
    • Requires VM
    • Not cloud‑native
    • Operational overhead

    What You Can’t Do (Yet)
    1. Use Azure AD / OAuth directly with the Azure File Storage connector
    2. Use Managed Identity directly in Power Automate for Azure Files
    3. Avoid secrets entirely without an intermediary (Function / SFTP / Blob)

    Security‑Friendly Recommendation Matrix
    Requirement Best Option
    Zero secrets in Power Automate Azure Function + Managed Identity
    Lowest effort Azure Blob Storage
    File share semantics required Azure Files via SFTP
    Backend integration Logic Apps
    Legacy SMB compatibility Gateway + VM
     
    Bottom Line
    Your security team is correct to block storage account keys in Power Automate.
    The cleanest long‑term options are:
    1. Blob Storage with Azure AD, or
    2. Azure Function + Managed Identity proxy
     
    ✅ If this answer helped resolve your issue, please mark it as Accepted so it can help others with the same problem.
    👍 Feel free to Like the post if you found it useful.

    Sunil Kumar Pashikanti, Moderator
    Blog: 
    https://sunilpashikanti.com/posts/

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Valantis Profile Picture

Valantis 377

#2
11manish Profile Picture

11manish 279

#3
David_MA Profile Picture

David_MA 234 Super User 2026 Season 1

Last 30 days Overall leaderboard