Export data to Azure Blob Storage
Automate recurring data exports from Stripe to your Azure Blob Storage container.
Azure Blob Storage destination
The Azure Blob Storage destination delivers copies of all your Stripe data as Parquet files into your Azure Blob Storage account. It contains a directory of files for each table, delivered and updated every 3 hours.
Prerequisites
Before starting the integration, make sure you have access to:
- Create a new Azure App Registration.
- Create a new Azure Storage account.
- Create a new Azure Storage container.
- Access the Stripe Dashboard as an admin.
Create a new Azure App Registration
- On the App registrations page, click + New Registration.
- Enter a name for this application and click Register.
Note
Don’t make any changes to either the Supported account types field or the Redirect URI field.
- Make a note of the Application (client) ID and Directory (tenant) ID values from the Overview page of created app registration.
- Click Add a certificate or secret link in the same section or click Manage > Certificates & secrets.
- Click + New Client Secret and enter a description and set
Expires
to 730 days (24 months). - Click the Copy to clipboard icon to copy the Value field (client secret value) and make a note of it.
Create a new Azure Storage account
- On the Storage accounts page, click + Create.
- Choose a Subscription and Resource group.
- Enter a Storage account name that’s unique across all Storage accounts in Azure (for example, “stripeuniquename” or “stripeasd5dwju8awkwe”).
- Choose a Region.
Caution
We don’t support data regions in India. Let us know if you have questions about support for your desired region.
- Choose a Performance level and Redundancy option.
- Click Review + create.
- Review your settings and click Create.
- After creating the account, click Go to resource. Resource creation typically completes within 15 seconds.
- Make a note of Resource group value and Subscription ID values as shown in the Overview section.
Create a new Azure Storage container
- Click Data storage > Containers in the left pane.
- Click + Container.
- Choose a name for your container (for example, “stripe-data”).
- Set anonymous access level to Private (no anonymous access).
- Click Create.
- Click the created container and go to Settings > Properties in the left pane.
- Make a note of the container URL field.
Grant permissions on Storage account
- Navigate to your created Storage account page.
- Click Access Control (IAM) in the left menu.
- Click Add then Add role assignment
- Search for the Storage Blob Data Contributor role and select it, then click next.
- Click + Select members and search with the application name created in step 2.2
- Select the corresponding application shown in the dropdown and click select.
- Click Review + assign.
- Verify if the role and application name display correctly, and Click Review + assign. The role assignment completes after it processes.
- Follow the same steps from 1-7 and search for and select the Reader and Data Access role in step 4 instead.
- By following these instructions, you grant both the
Storage Blob Data Contributor
andReader and Data Access
roles to your registered application for the storage account.
OptionalGenerate encryption keys
Stripe offers the ability to encrypt data transfers from Stripe to your storage account using PGP encryption with a customer-owned key. This provides an additional layer of protection, ensuring your data remains secure in transit and at rest.
While you can disable PGP encryption, doing so increases the risk of data exposure if you misconfigure something or if unauthorized parties access your storage account. Keeping encryption enabled ensures your data has the highest level of protection.
- Open the command line interface (terminal).
- Execute the command
gpg --full-generate-key
to create a key pair. - When prompted, select your preferred type, size, and expiration of the key. We suggest:
- Kind: (1) RSA and RSA (default)
- Bit Length: 4096
- Key is valid for: 0 (doesn’t expire)
- Confirm this is correct by typing “y” and pressing Enter.
- The real name is your account ID
acct_
; leave the email and comments blank.1234 - When the prompts appear for a passphrase, don’t enter one.
- Locate the key you just generated and note the key ID (the long hexadecimal string at the end of the
pub
line). - To export the public key, enter the command
gpg --output acct_
, replacing1234. key --armor --export your-key-id your-key-id
with the hexadecimal key ID you found in the previous step. - The public key file (acct_1234.key) is now saved in the current directory.
Establishing Your Azure Blob Storage Connection
- Visit the Data Pipeline Dashboard.
- Click Get started.
- Select the Microsoft Azure warehouse.
- Enter the Client ID, tenant ID and Client secret generated in step 2.
- Enter the Subscription ID and Resource group values generated in step 3.
- Enter the Container URL generated in step 4.
- Select your data encryption option. If you chose to use a customer managed key, upload your public key.
- Click Next. Clicking Next sends test data to the container on the storage account you provided, but not production data.
- When you confirm test data delivery, go to your container on the Azure Storage account.
- Open the container, go to the penny_test directory, and open the acct_ or org_ prefixed sub-directory to locate the delivered
account_
test file.validation. csv - Click the account_validation.csv file
- Click DOWNLOAD.
- Click Upload file in the Stripe Dashboard and upload the downloaded account_validation.csv file.
- When the file shows as verified, click Subscribe. This subscribes you to the product and schedules the initial full load of data for delivery to your container on the Azure Storage account, a process that can take 6-12 hours.