How to specify Microsoft managed encryption scope name during blob container creation?

Pramit Bhaumik 1 Reputation point
2023-05-04T08:07:40.3866667+00:00

We are trying to achieve server side encryption at rest model with Microsoft managed encryption key.
Each blob container will be created with a unique encryption scope and key .
We are using Azure Java Client SDK ..

We tried with Below section of code and it is working but we are not able to set encryption scope on container level .
something like blobContainerClient.setEncryptionScope(..) .We dont want to set it on BlobServiceClient level as it is on account and we suppose to use single instance of it across the application.


	BlobContainerEncryptionScope encryptionScope = new BlobContainerEncryptionScope();
		encryptionScope.setDefaultEncryptionScope(ENCRYPTION_SCOPE_NAME);

		BlobServiceClient storageClient = new BlobServiceClientBuilder().endpoint(endPoint).credential(credential)
				.blobContainerEncryptionScope(encryptionScope).buildClient();

		
		BlobContainerClient blobContainerClient = storageClient.getBlobContainerClient(containerName);
      
		if (!blobContainerClient.exists()) {
			blobContainerClient.create();

		}

I am aware of using BlobContainerClientBuilder directly for each blob request and skipping BlobServiceClient creation , but not sure how many service client object will be created internally or it will be performance efficient.

		new BlobContainerClientBuilder().blobContainerEncryptionScope(encryptionScope)
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,659 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,409 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 43,321 Reputation points Microsoft Employee
    2023-05-08T15:42:35.9933333+00:00

    @Pramit Bhaumik Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused. 

    For the BlobContainerClient only getEncryptionScope() method is available. There is no setEncryptionScope()

    Refer here: https://github.com/Azure/azure-sdk-for-java/blob/989ec2a91dd223fbaa4f15f16e2a31cd1a7dad9b/sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/BlobContainerClient.java#L222

    Could you try to use the BlobServiceClient and set the encryption scope during the creation of the container ?

     

     

// Create a BlobServiceClient object
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .connectionString(connectionString)
    .buildClient();

 

// Set the encryption scope on the container during creation
BlobContainerClient containerClient = blobServiceClient.createBlobContainer(new BlobContainerCreateOptions(containerName)
    .setEncryptionScope("myEncryptionScope"));

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments