0

I have an azure table with multiple columns and I am able to successfully encrypt the data in those columns. The only issue I have is that I am not able to encrypt the PartitionKey and RowKey.

I have used this document https://learn.microsoft.com/en-us/azure/storage/common/storage-client-side-encryption to set up the encryption. It works fine except for PartitionKey and RowKey.

[EncryptProperty]
public new string PartitionKey { get; set; }
[EncryptProperty]
public new string RowKey { get; set; }

Tried the above but it is not encrypting the Partition and Row keys.

Any help is appreciated.

Improve this question
0

2 Answers 2

Reset to default
0

Encryption of the partition key or row key column isn't supported. If these were encrypted then it would not be possible to query without scanning the entire table (due to the unique IV in each row). Furthermore, batch requests depend on predictable partition keys and range queries depend on predictable ordering of these keys.

I recommend that you put the data you want to encrypt into regular columns and choose partition key and row key based on the querying/batch properties you desire. One approach is to construct a hash or signature of the data. This enables point queries, partition scans, and batches but it does not allow range queries within a partition.

EDIT: I should say that this question and answer apply to client-side encryption only. Server-side encryption applies seamlessly to all data at rest.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Actually data that uniquely identifies each row, is user data, so we have to encrypt those before saving. If we put those data in normal columns then our only option is to query by table scan or partition scan without partition or row keys, which will not be very performant.
0

Not sure why this answer got accepted as the correct one. You can encrypt your Rowkey in c# code and send it to the Table storage. Something like:

BitConverter.ToString(MD5.Create().ComputeHash(Encoding.ASCII.GetBytes(RowKeyData)))
            .Replace("-", string.Empty)
            .ToLower();

Then you can InsertOrReplace the entity with your Rowkey encrypted.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.