How to correctly access blobs inside server-side encrypted scoped containers?

Question

I created 2 encryption scopes and applied each to a container. I uploaded a blob into each, but then I was able to connect via the account connection string and read the content without supplying anything. Is that expected and I'm just confused about how this should work? Any ideas what I might be doing wrong? The blobs clearly show ServerEncrypted=true.

using Azure.Storage.Blobs with Azure.Storage.Blobs (12.20.0)

var container = new BlobContainerClient(storageConn, containerName);
var blob = container.GetBlobClient(fileName);
if (blob.Exists())
{
    using var memoryStream = new MemoryStream();
    blob.DownloadTo(memoryStream);
    var text = System.Text.Encoding.UTF8.GetString(memoryStream.ToArray());
    List<string> result = text.Split('\n').ToList();
    Console.WriteLine("READ: " + result[0]);
    return true;
}

Answer 1

@Deanna Delapasse Yes, a container with an encryption scope in an Azure storage account can be accessed using a connection string. The encryption scope does not change the way you access the container; it only affects how the data within the container is encrypted and decrypted.

When you use a connection string to access the container, the encryption and decryption processes happen transparently. This means you can read and write data to the container as usual, and Azure handles the encryption and decryption behind the scenes.

-https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview

-https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-manage?tabs=portal