Home > OS >  Encryption of a Blob in Azure
Encryption of a Blob in Azure

Time:12-19

I am creating encrypting a Blob using a customer managed key in Azure as shown here. https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal#create-a-container-with-a-default-encryption-scope

When I upload a blob here, it inherits the encryption scope provided in the container and also has SERVER ENCRYPTED as true (as expected). However if the same blob is downloaded (using Azure Storage Explorer/ Azure Portal), it is in clear text.

Is this the expected behavior? I was under the assumption that the Blob must have encrypted content. How do I actually make sure that the data at rest is encrypted?

Regards,

Prabal

CodePudding user response:

I was under the assumption that the Blob must have encrypted content. How do I actually make sure that the data at rest is encrypted?

Server side encryption makes sure the data is automatically encrypted once it enters the cloud. So data at rest is encrypted. Once you get blobs out of Azure, down to the client the data is decrypted and then send to the client. Hence, when you inspect the blob content client-side it is plain text.

  • Related