How to encrypt PartitionKey and RowKey in an azure table when storing data?

0
votes

I have an azure table with multiple columns and I am able to successfully encrypt the data in those columns. The only issue I have is that I am not able to encrypt the PartitionKey and RowKey.

I have used this document https://docs.microsoft.com/en-us/azure/storage/common/storage-client-side-encryption to set up the encryption. It works fine except for PartitionKey and RowKey.

[EncryptProperty]
public new string PartitionKey { get; set; }
[EncryptProperty]
public new string RowKey { get; set; }

Tried the above but it is not encrypting the Partition and Row keys.

Any help is appreciated.

1
azure-table-storage
Can anyone help?biki

1 Answers

0
votes

Encryption of the partition key or row key column isn't supported. If these were encrypted then it would not be possible to query without scanning the entire table (due to the unique IV in each row). Furthermore, batch requests depend on predictable partition keys and range queries depend on predictable ordering of these keys.

I recommend that you put the data you want to encrypt into regular columns and choose partition key and row key based on the querying/batch properties you desire. One approach is to construct a hash or signature of the data. This enables point queries, partition scans, and batches but it does not allow range queries within a partition.

EDIT: I should say that this question and answer apply to client-side encryption only. Server-side encryption applies seamlessly to all data at rest.