@ Welcome to Microsoft Q&A, Thank you posting your query here!
When you accessing https the request will anyways be encrypted..
The complete SAS token will be in above format. So the complete request URl will be in https:
Azure Storage encryption helps you protect and safeguard your data by encrypting data at rest and by handling encryption and decryption. All data is encrypted using 256-bit AES encryption, one of the strongest block ciphers available.
You can choose to have Microsoft manage encryption keys, or you can bring your own keys with customer-managed keys stored in Azure Key Vault or Key Vault Managed Hardware Security Model (HSM) (preview). For more information, see Customer-managed keys for Azure Storage encryption.
Azure Storage encryption automatically encrypts data in all performance tiers (Standard and Premium), all deployment models (Azure Resource Manager and Classic), and all of the Azure Storage services (Blob, Queue, Table, and File).
Shared access signature tokens with Key Vault
Actually I am not understanding.. what script are you referring to?
If you want restrict access to blob storage, I would recommend, please refer to this link which provides you how RBAC and built-in roles works
Refer to this thread which will provide some idea for your scenario Restrict access to a specific container in a Azure Storage BLOB
Additional information : If a SAS is leaked, it can be used by anyone who obtains it, which can potentially compromise your storage account.
If a SAS provided to a client application expires and the application is unable to retrieve a new SAS from your service, then the application's functionality may be hindered.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
-------------------------------------------------------------------------------------------------------------------------------------
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.