CloudBlob.RotateEncryptionKeyAsync Method (AccessCondition, BlobRequestOptions, OperationContext, CancellationToken)

  • Article

 

Initiates an asynchronous operation to rotate the encryption key on this blob. This method rotates only the KEK, not the CEK. For more information, visit https://azure.microsoft.com/en-us/documentation/articles/storage-client-side-encryption/

Namespace:   Microsoft.WindowsAzure.Storage.Blob
Assembly:  Microsoft.WindowsAzure.Storage (in Microsoft.WindowsAzure.Storage.dll)

Syntax

[DoesServiceRequestAttribute]
public virtual Task RotateEncryptionKeyAsync(
    AccessCondition accessCondition,
    BlobRequestOptions options,
    OperationContext operationContext,
    CancellationToken cancellationToken
)

<DoesServiceRequestAttribute>
Public Overridable Function RotateEncryptionKeyAsync (
    accessCondition As AccessCondition,
    options As BlobRequestOptions,
    operationContext As OperationContext,
    cancellationToken As CancellationToken
) As Task

Parameters

Return Value

Type: System.Threading.Tasks.Task

A Task object that represents the asynchronous operation.

Remarks

This method has a number of prerequisites: 1. The blob must be encrypted on the service using client-side encryption (not service-side encryption.) 2. The local object must have the latest attributes from the blob on the service. This can be done by calling FetchAttributes() on the blob, or by listing blobs in the container with metadata. 3. The Encryption Policy on the default BlobRequestOptions must contain an IKeyResolver capable of resolving the old encryption key. 4. The Encryption Policy on the default BlobRequestOptions must contain an IKey with the new encryption key.

See Also

RotateEncryptionKeyAsync Overload
CloudBlob Class
Microsoft.WindowsAzure.Storage.Blob Namespace

Return to top