# Export data to Azure Blob Storage

Automate recurring data exports from Stripe to your Azure Blob Storage container.

## Azure Blob Storage destination

The Azure Blob Storage destination delivers copies of all your Stripe data as Parquet files into your Azure Blob Storage account. It contains a directory of files for each table, delivered and updated every 3 hours.
[Watch on YouTube](https://www.youtube.com/watch?v=T9VI2aTKVIs)
## Prerequisites

Before starting the integration, make sure you have access to:

1. Create a new Azure App Registration.
1. Create a new Azure Storage account.
1. Create a new Azure Storage container.
1. Access the Stripe Dashboard as an admin.

## Create a new Azure App Registration

1. On the [App registrations](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade)&nbsp;page, click **+ New Registration**.
1. Enter a name for this application and click **Register**.
   > Don’t make any changes to either the **Supported account types** field or the **Redirect URI** field.
1. Make a note of the Application (client) ID and Directory (tenant) ID values from the Overview page of created app registration.
1. Click **Add a certificate or secret link** in the same section or click **Manage** > **Certificates & secrets**.
1. Click **+ New Client Secret** and enter a description and set `Expires` to 730 days (24 months).
1. Click the **Copy to clipboard** icon to copy the Value field (client secret value) and make a note of it.

## Create a new Azure Storage account

1. On the&nbsp;[Storage accounts](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Storage%2FStorageAccounts)&nbsp;page, click **+ Create**.
1. Choose a Subscription and Resource group.
1. Enter a Storage account name that’s unique across all Storage accounts in Azure (for example, “stripeuniquename” or “stripeasd5dwju8awkwe”).
1. Choose a Region. 
   > We don’t support data regions in India. Let us know if you have questions about support for your desired region.
1. Choose a&nbsp;**Performance**&nbsp;level and&nbsp;**Redundancy**&nbsp;option.
1. Click&nbsp;**Review + create**.
1. Review your settings and click&nbsp;**Create**.
1. After creating the account, click **Go to resource**. Resource creation typically completes within 15 seconds.
1. Make a note of Resource group value and Subscription ID values as shown in the Overview section.

## Create a new Azure Storage container

1. Click&nbsp;**Data storage** > **Containers** in the left pane.
1. Click&nbsp;**+ Container**.
1. Choose a name for your container (for example,&nbsp;“stripe-data”).
1. Set anonymous access level to **Private (no anonymous access)**.
1. Click **Create**.
1. Click the created container and go to **Settings** > **Properties** in the left pane.
1. Make a note of the container URL field.

## Grant permissions on Storage account

1. Navigate to your created Storage account page.
1. Click **Access Control (IAM)** in the left menu.
1. Click **Add** then **Add role assignment**
1. Search for the **Storage Blob Data Contributor** role and select it, then click next.
1. Click **+ Select members** and search with the application name created in step 2.2
1. Select the corresponding application shown in the dropdown and click select.
1. Click **Review + assign**.
1. Verify if the role and application name display correctly, and Click **Review + assign**. The role assignment completes after it processes.
1. Follow the same steps from 1-7 and search for and select the **Reader and Data Access** role in step 4 instead.
1. By following these instructions, you grant both the `Storage Blob Data Contributor` and `Reader and Data Access` roles to your registered application for the storage account.

## Optional: Generate encryption keys

Stripe offers the ability to encrypt data transfers from Stripe to your storage account using PGP encryption with a customer-owned key. This provides an additional layer of protection, ensuring your data remains secure in transit and at rest.

While you can disable PGP encryption, doing so increases the risk of data exposure if you misconfigure something or if unauthorized parties access your storage account. Keeping encryption enabled ensures your data has the highest level of protection.

1. Open the command line interface (terminal).
1. Execute the command&nbsp;`gpg --full-generate-key`&nbsp;to create a key pair.
1. When prompted, select your preferred type, size, and expiration of the key. We suggest:
   - **Kind**: (1) RSA and RSA (default)
   - **Bit Length**: 4096
   - **Key is valid for**: 0 (doesn’t expire)
1. Confirm this is correct by typing&nbsp;“y”&nbsp;and pressing **Enter**.
1. Find your account ID (`acct_1234`) at Settings > Business > Account Details and enter it as the real name. Leave the email and comments blank.
1. Type “O” and click **Enter** to confirm.
1. At the passphrase prompt, *don’t enter one*. Instead, press **Enter** and select “Yes, protection isn’t needed.” Repeat this step to confirm your choice.
1. In the output in your command line interface (terminal), locate the key you just generated and note the key ID (the long hexadecimal string at the end of the `pub` line).
1. To export the public key, enter the command `gpg --output acct_1234.key --armor --export your-key-id`, replacing `your-key-id` with the hexadecimal key ID you found in the previous step.
1. The public key file (acct_1234.key) is now saved in the current directory.

> Stripe encrypts your data with a key you provide, and you decrypt in Microsoft Azure.

## Establishing Your Azure Blob Storage Connection

1. Visit the [Data Pipeline Dashboard](https://dashboard.stripe.com/settings/stripe-data-pipeline).
1. Click **Get started**.
1. Select the Microsoft Azure warehouse.
1. Enter the Client ID, tenant ID and Client secret generated in step 2.
1. Enter the Subscription ID and Resource group values generated in step 3.
1. Enter the Container URL generated in step 4.
1. Select your data encryption option. If you chose to use a customer managed key, upload your public key.
1. Click **Next**. Clicking **Next** sends test data to the container on the storage account you provided, but not production data.
1. When you confirm test data delivery, go to your container on the Azure Storage account.
1. Open the container, go to the **penny\_test** directory, and open the **acct\_** or **org\_** prefixed sub-directory to locate the delivered `account_validation.csv` test file.
1. Click the **account\_validation.csv** file
1. Click **DOWNLOAD**.
1. Click **Upload file** in the Stripe Dashboard and upload the downloaded account_validation.csv file.
1. When the file shows as verified, click **Subscribe**. This subscribes you to the product and schedules the initial full load of data for delivery to your container on the Azure Storage account, a process that can take 6-12 hours.