Sign inTry Free

Connect to Azure Blob Storage from SingleStore

On this page

Overview

To securely access data stored in Azure Blob Storage from SingleStore Helios, you can configure a private endpoint that enables outbound connectivity from your Helios workspace to your Azure storage account. This setup ensures that all traffic stays within the Azure network and does not traverse the public internet.

For more information on loading data from Azure Blob Storage using pipelines, refer to Load Data from Azure Blob Storage Using a Pipeline.

How It Works

Helios can connect directly to a customer-managed Azure Blob Storage account using a private endpoint over the Azure network. A private DNS zone is configured to route storage access to the private endpoint. Once configured, all access to Azure Blob Storage from SingleStore automatically uses this private connection.

Requirements

Before configuring the setup, ensure the following:

  • The Azure resource ID of your storage account.

  • Authorization to whitelist a third-party subscription ID in your Azure environment.

Enable Outbound Connectivity

To configure outbound access to your Azure Blob Storage account:

  1. Submit a Support request. Open a Support ticket with SingleStore and include your Azure Blob Storage account's resource ID, in the following format:

    /subscriptions/<subscription id>/resourceGroups/<resource group name>/Microsoft.Storage/storageAccounts/<storage account name>

  2. Wait for SingleStore to configure the endpoint. After receiving the resource ID, SingleStore creates a private endpoint to your Azure Blob Storage account. A private DNS zone is also created to route storage access through the endpoint.

  3. Whitelist the SingleStore subscription. SingleStore will provide its Azure subscription ID. You must whitelist this subscription to grant SingleStore access to your storage account

Once the endpoint and DNS configuration are complete, all connections from your Helios workspace to the specified Azure Blob Storage account will route through the private endpoint.

Last modified: July 14, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK