Add deprecation notice to storage-keys-sas-tokens-code.md

msmbaldwin · Copilot · msmbaldwin · commit 81de9045dfc2 · 2026-04-08T19:36:05.000-07:00
The underlying sharelink SDK sample was retired (azure-sdk-for-net
PR #57907) as KV-managed storage accounts are a legacy feature.
Added CAUTION banner directing users to Azure RBAC instead.
Removed dead ShareLink sample link.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/articles/key-vault/secrets/storage-keys-sas-tokens-code.md b/articles/key-vault/secrets/storage-keys-sas-tokens-code.md
@@ -6,20 +6,20 @@ ms.service: azure-key-vault
 ms.subservice: secrets
 author: msmbaldwin
 ms.author: mbaldwin
-ms.date: 01/30/2026
+ms.date: 04/09/2026
 
 ms.devlang: csharp
 ms.custom: devx-track-csharp, devx-track-dotnet
 # Customer intent: As a developer I want storage credentials and SAS tokens to be managed securely by Azure Key Vault.
 ---
 # Create SAS definition and fetch shared access signature tokens in code (legacy)
 
-You can manage your storage account with shared access signature (SAS) tokens stored in your key vault. For more information, see [Grant limited access to Azure Storage resources using SAS](/azure/storage/common/storage-sas-overview).
+> [!CAUTION]
+> Key Vault-managed storage account keys and SAS token generation is a **legacy feature that is deprecated**. The underlying SDK sample has been retired because this approach goes against current Microsoft security guidance. Instead, use [Azure role-based access control (Azure RBAC)](/azure/storage/blobs/authorize-access-azure-active-directory) to secure your storage account. For more information, see [Authorize access to data in Azure Storage](/azure/storage/common/authorize-data-access).
 
-> [!NOTE]
-> We recommend using [Azure role-based access control (Azure RBAC)](/azure/storage/blobs/authorize-access-azure-active-directory) to secure your storage account for superior security and ease of use over Shared Key authorization.
+You can manage your storage account with shared access signature (SAS) tokens stored in your key vault. For more information, see [Grant limited access to Azure Storage resources using SAS](/azure/storage/common/storage-sas-overview).
 
-This article provides samples of .NET code that creates a SAS definition and fetches SAS tokens. See our [ShareLink](/samples/azure/azure-sdk-for-net/share-link/) sample for full details including the generated client for Key Vault-managed storage accounts. For information on how to create and store SAS tokens, see [Manage storage account keys with Key Vault and the Azure CLI](overview-storage-keys.md) or [Manage storage account keys with Key Vault and Azure PowerShell](overview-storage-keys-powershell.md).
+This article provides samples of .NET code that creates a SAS definition and fetches SAS tokens. For information on how to create and store SAS tokens, see [Manage storage account keys with Key Vault and the Azure CLI](overview-storage-keys.md) or [Manage storage account keys with Key Vault and Azure PowerShell](overview-storage-keys-powershell.md).
 
 ## Code samples
 
