CloudBlob.RotateEncryptionKeyAsync Method (CancellationToken)
Initiates an asynchronous operation to rotate the encryption key on this blob. This method rotates only the KEK, not the CEK. For more information, visit https://azure.microsoft.com/en-us/documentation/articles/storage-client-side-encryption/
Namespace: Microsoft.WindowsAzure.Storage.Blob
Assembly: Microsoft.WindowsAzure.Storage (in Microsoft.WindowsAzure.Storage.dll)
Syntax
[DoesServiceRequestAttribute]
public virtual Task RotateEncryptionKeyAsync(
CancellationToken cancellationToken
)
<DoesServiceRequestAttribute>
Public Overridable Function RotateEncryptionKeyAsync (
cancellationToken As CancellationToken
) As Task
Parameters
cancellationToken
Type: System.Threading.CancellationTokenA CancellationToken to observe while waiting for a task to complete.
Return Value
Type: System.Threading.Tasks.Task
A Task object that represents the asynchronous operation.
Remarks
This method has a number of prerequisites: 1. The blob must be encrypted on the service using client-side encryption (not service-side encryption.) 2. The local object must have the latest attributes from the blob on the service. This can be done by calling FetchAttributes() on the blob, or by listing blobs in the container with metadata. 3. The Encryption Policy on the default BlobRequestOptions must contain an IKeyResolver capable of resolving the old encryption key. 4. The Encryption Policy on the default BlobRequestOptions must contain an IKey with the new encryption key.
See Also
RotateEncryptionKeyAsync Overload
CloudBlob Class
Microsoft.WindowsAzure.Storage.Blob Namespace
Return to top