Share via

Does azure blob support customer-provided encryption key in urls?

Aliaksandr Ivanou 21 Reputation points
2022-06-01T01:03:16.237+00:00

Hello! I have a question about azure blob functionality:

As far as I understand, I can submit READ and WRITE responses with with SAS token and customer provided key in the following manner: 

POST:  https://$ACCOUNT.blob.core.windows.net/$CONTAINER/PATH?$SAS_TOKEN

Headers:

x-ms-encryption-key: $KEY
x-ms-encryption-key-sha256: $SHA256
x-ms-encryption-algorithm:  AES256.

Can I somehow incorporate these headers in url, so url will be self-sufficient to query data with customer provided key WITHOUT specifying headers, e.g. something like: 

POST:  https://$ACCOUNT.blob.core.windows.net/$CONTAINER/PATH?$SAS_TOKEN&key=$KEY&key-sha256=$SHA256&alg=AES256
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,141 questions
Accepted answer
  1. Sumarigo-MSFT 47,526 Reputation points Microsoft Employee
    2022-06-16T05:36:32.51+00:00

    @Aliaksandr Ivanou Thanks for reaching out. Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    For customer-provided, encryption keys in URL is not supported.

    If you wish you may leave your feedback here All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 211829-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.