CloudBlob.RotateEncryptionKeyAsync Method (AccessCondition, BlobRequestOptions, OperationContext, CancellationToken)
Initiates an asynchronous operation to rotate the encryption key on this blob. This method rotates only the KEK, not the CEK. For more information, visit https://azure.microsoft.com/en-us/documentation/articles/storage-client-side-encryption/
Namespace: Microsoft.WindowsAzure.Storage.Blob
Assembly: Microsoft.WindowsAzure.Storage (in Microsoft.WindowsAzure.Storage.dll)
Syntax
[DoesServiceRequestAttribute]
public virtual Task RotateEncryptionKeyAsync(
AccessCondition accessCondition,
BlobRequestOptions options,
OperationContext operationContext,
CancellationToken cancellationToken
)
<DoesServiceRequestAttribute>
Public Overridable Function RotateEncryptionKeyAsync (
accessCondition As AccessCondition,
options As BlobRequestOptions,
operationContext As OperationContext,
cancellationToken As CancellationToken
) As Task
Parameters
accessCondition
Type: Microsoft.WindowsAzure.Storage.AccessConditionAn AccessCondition object that represents the condition that must be met in order for the request to proceed. For this operation, there must not be an IfMatchETag, IfNoneMatchETag, IfModifiedSinceTime, or IfNotModifiedSinceTime condition. An IfMatchETag condition will be added internally.
options
Type: Microsoft.WindowsAzure.Storage.Blob.BlobRequestOptionsA BlobRequestOptions object that specifies additional options for the request.
operationContext
Type: Microsoft.WindowsAzure.Storage.OperationContextAn OperationContext object that represents the context for the current operation.
cancellationToken
Type: System.Threading.CancellationTokenA CancellationToken to observe while waiting for a task to complete.
Return Value
Type: System.Threading.Tasks.Task
A Task object that represents the asynchronous operation.
Remarks
This method has a number of prerequisites: 1. The blob must be encrypted on the service using client-side encryption (not service-side encryption.) 2. The local object must have the latest attributes from the blob on the service. This can be done by calling FetchAttributes() on the blob, or by listing blobs in the container with metadata. 3. The Encryption Policy on the default BlobRequestOptions must contain an IKeyResolver capable of resolving the old encryption key. 4. The Encryption Policy on the default BlobRequestOptions must contain an IKey with the new encryption key.
See Also
RotateEncryptionKeyAsync Overload
CloudBlob Class
Microsoft.WindowsAzure.Storage.Blob Namespace
Return to top