I run a few of my workloads on VMs in Azure. Some of them deal with data and content that changes over time, and accordingly I like to have the data backed up periodically. Microsoft provides the AzCopy tool for uploading files to Azure blob storage alright, and it works very well with managed identities assigned to VMs (and other services in Azure).

But some of the same properties that apply to data also apply to the backups of that data: their value diminishes over time, so keeping backups for an extended amount of time is pointless. Accordingly, I always want to delete old backups after some time.

The above mentioned AzCopy tool does allow to list blobs and remove them, but these commands are in no way suited for easy automation through scripts. For example, even though the tool has flags --machine-readable and --output-type=json that can be used for this, that flag causes the tool to produce JSON encoded output of human readable messages. In fact, using these flags produces output like this:

{"TimeStamp":"2024-07-14T09:15:59.897062902Z","MessageType":"ListObject","MessageContent":"{\"Path\":\"backup-2024-07-10_00.00.01.sql.gz\",\"ContentLength\":\"48.41 KiB\"}","PromptDetails":{"PromptType":"","ResponseOptions":null,"PromptTarget":""}}

As you can see, the actual relevant information of blob names is double encoded in JSON. It’s possible to decode that from scripts, but it’s silly to do things this way.

Enter Azure Blob Commands (abc)

That’s why a short while back, I’ve decided that a CLI that follows some of the same rules as your every day ls and rm tools was needed. So I’ve created abc, the Azure Blob Commands tool that addresses some of these issues and basically puts one item (a blob container or a blob) per line.

This effectively allows to easily combine outputs of abc with other tools, and even use the results as input for abc again. For example, if we have a blob container where daily backups of some data or content are uploaded to, all we need to do to clean up backups older than 30 days is to run the following.

abc blobs rm -n mystorageaccount -c mybackups \
    $(abc blobs ls -n mystorageaccount -c mybackups | head -n-30)

Please note that abc uses the default way of acquiring an access token for authentication (see Azure golang SDK):

  1. Try environment variables
  2. Try workload identity (for Kubernetes)
  3. Try managed identity (for Azure services)
  4. Try AzCLI credentials
  5. Try Azure Developer Credentials

So when using abc from your workstation, if you’re signed in to AzCLI you’re good to go. If you’re running abc on your VM in Azure itself, and the VM has a managed identity assigned to it, you’re also good to go.

The tool and its code are open source, and you can find it all on GitHub. Issues and feature requests are welcome. Have fun.