Hi, at the moment pkgcloud supports using access keys, which is a bit of risk depending on how you use it.

Using SAS (shared access signatures) is a more recommended way to go about this, obviously depending on use case. One example is ours, where we have an archiving service that uploads to azure storage, and we have a few outliers in on-premise installations where we need to also enable the service, but exposing the access key is a major risk (enter GDPR nightmares).

I had a look at the current implementation, and I don't think ti will be difficult to add. Heck I can even do it if need be (my only concern is automatic renewal).

Azure SAS Reference