![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 30%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVT%3C/text%3E%3C/svg%3E)
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,902 questions
@Vikas Tiwari Thank you for posting your query on Microsoft Q&A and for using Azure services.
My understanding is that you are trying to hide some fields with restrictive data in your Azure Cosmos DB account.
There is no row level security. However, we do have client-side encryption which can encrypt the values for specific properties.
Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure Cosmos DB. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the database.
The first step to get started with Always Encrypted is to create your CMKs in Azure Key Vault:
Create a new Azure Key Vault instance or browse to an existing one.
Create a new key in the Keys section.
Once the key is created, browse to its current version, and copy its full key identifier:
https://<my-key-vault>.vault.azure.net/keys/<key>/<version>. If you omit the key version at the end of the key identifier, the latest version of the key is used. You can find more details in the below article.
Use client -side encryption with aways encrypted for Azure Cosmos DB
Hope that helps.
Please let me know if you have further queries.
Regards,
Oury