Azure Client Side Encryption

2
votes

I would like to know if Azure Storage's Client-Side encryption also applies to file blobs or just strings. I could find some documents on how to do client-side "data encryption" for Azure but they don't specify what data types are valid for client side encryption.

If for example, I have a JPEG file, can it be encrypted before upload and then decrypted before download, using the Azure Storage's Client Side Encryption?

1
azureencryptionstorage
Just an FYI, your encryption keys are managed by Microsoft which means they have the ability to decrypt all of your data. Might i suggest the use of a 3rd party tool that encrypts your data before uploading to the cloud. I use Synology Cloud Sync which does the job well.Kris
If you use Azure Key Vault, they are your private keys. docs.microsoft.com/en-us/azure/storage/…evilSnobu

1 Answers

0
votes

Short answer: Yes.

If you have a JPEG file (or for that matter any file) you will be able to encrypt that file and store it in encrypted format in Azure Storage. It doesn't just apply to strings only.

There are some caveats though for client side encryption to work and for that I suggest you read this article on Azure documentation site which explains the whole process very well: https://docs.microsoft.com/en-us/azure/storage/storage-client-side-encryption.