Ontopic Docs

# Materialization to Azure Blob Storage

Starting from Ontopic Suite 2026.1.0

# Parameters to collect

The necessary Azure Blob Storage parameters are:

# AZURE_ACCOUNT_NAME

  • Obtain your Azure Storage account name from your Azure portal.
  • This name uniquely identifies your storage account.

# AZURE_ACCOUNT_KEY

  • Retrieve your Azure Storage account key from your Azure portal.
  • Keep this key confidential and secure. Can be used instead of SAS token.

# AZURE_SAS_TOKEN

  • Retrieve your Azure Storage account SAS token from your Azure portal.
  • Keep this token confidential and secure. Can be used instead of account key.

# AZURE_CONTAINER_NAME

  • Choose a unique name for your Azure Blob Storage container.
  • Containers are used to organize blobs within your storage account.

# Example

  • AZURE_ACCOUNT_NAME: myazurestorageaccount
  • AZURE_ACCOUNT_KEY: myAzureStorageAccountKey
  • AZURE_CONTAINER_NAME: my-materialization-container

For more detailed information, refer to the Azure Blob Storage documentation (opens new window).

# Docker-compose

You can enable materialization using the dedicated script.

WARNING

Only one storage backend (S3 or Azure Blob Storage) should be configured at a time. Configuring both will result in an error.

# Run the script

./enable-materialization.sh

When prompted, select Azure Blob Storage (option 2) and provide the Azure parameters when requested. The environment variables will be updated as explained in the next paragraphs.

# Secrets and Configuration Paths

  • It sets the secrets_folder to ./default-secrets or to the legacy folder ./secrets if the latter exists.
  • The following variables are initialized:
    • CONFIG_FILE: Path to the configuration file (./.env by default).
    • SECRETS_DIR: Root directory for secrets (default: ./secrets).
    • VOLUMES_DIR: Root directory for volumes (default: ./volumes).

# Materialization Prompt

  • Asks the user whether to enable materialization.
  • If the answer is "yes" (y), it sets ENABLE_MATERIALIZATION to true.
  • Otherwise, it sets it to false and exits the script.

# Storage Backend Selection

  • Prompts the user to select between S3 (option 1) or Azure Blob Storage (option 2).
  • Select option 2 for Azure Blob Storage.

# Azure Blob Storage Configuration

  • Enters the Azure Blob Storage section.
  • Prompts the user for the Azure Storage account name.
  • Prompts for the authentication method, either account key or SAS token (at least one is required).
  • Writes these secrets to the appropriate files.

# Azure Container Name

  • Prompts the user for the Azure Blob Storage container name.
  • Writes this configuration.

# Materialization Result and Configuration Directories

  • Sets the paths for materialization result and configuration directories in the default volumes directory.
  • Prints these paths.

The script sets the following environment variables:

  • ENABLE_MATERIALIZATION: Whether materialization is enabled.
  • AZURE_CONTAINER_NAME: The Azure Blob Storage container name.
  • MATERIALIZATION_RESULT_DIR: The directory for materialization results.
  • MATERIALIZATION_CONFIGURATION_DIR: The directory for materialization configuration.

The script creates the following secrets files:

  • azure-blob-storage/account-name: The Azure Storage account name.
  • azure-blob-storage/account-key: The Azure Storage account key (if provided).
  • azure-blob-storage/sas-token: The Azure Storage SAS token (if provided).

# Kubernetes

# Store credentials as files and create Kubernetes secrets

Create the secrets folder if it doesn't exist:

mkdir -p ./secrets

Store AZURE_ACCOUNT_NAME in a file and create a Kubernetes secret:

echo -n "<AZURE_ACCOUNT_NAME>" > ./secrets/azure-account-name
kubectl create secret generic azure-account-name \
  --from-file=azure-account-name=./secrets/azure-account-name

If using AZURE_ACCOUNT_KEY for authentication:

echo -n "<AZURE_ACCOUNT_KEY>" > ./secrets/azure-account-key
kubectl create secret generic azure-account-key \
  --from-file=azure-account-key=./secrets/azure-account-key

Alternatively, if using AZURE_SAS_TOKEN for authentication:

echo -n "<AZURE_SAS_TOKEN>" > ./secrets/azure-sas-token
kubectl create secret generic azure-sas-token \
  --from-file=azure-sas-token=./secrets/azure-sas-token

# Configure Helm values

Update your Helm values.yaml file with the Azure blob storage configuration:

ontopic-server:
  enableMaterialization: true
  objectStorage:
    azure:
      container: <AZURE_CONTAINER_NAME>
      endpoint: # Optional, default is https://<ACCOUNT_NAME>.blob.core.windows.net/

# Apply changes

To apply changes, stop and start Ontopic Suite again.

Local materialization