Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for client side encryption #56

Open
mshiels opened this issue Nov 23, 2016 · 7 comments
Open

Support for client side encryption #56

mshiels opened this issue Nov 23, 2016 · 7 comments
Assignees
@EmmaZhu
Labels
feature request

Comments

@mshiels
Copy link

mshiels commented Nov 23, 2016

Not sure if it's possible, but it would sure be nice to support the client side encryption available in the normal Azure storage SDK. Since most of the encryption stuff has fixed size result blocks it should be mathematically doable just very unsure how you would hook it all together for parallel type operations.
@blueww
Copy link
Member

blueww commented Nov 25, 2016

Thanks for the suggestion!
DMlib currently don't support this feature, we have opened a task to track it.

@drocx
Copy link

drocx commented Oct 1, 2019

We need client side encryption for one of our products (Azure Key Vault).

Will BlobEncryptionPolicy and BlobRequestOptions be supported by the libary in the near feature?

@blueww
Copy link
Member

blueww commented Oct 8, 2019

As discussed with @EmmaZhu , she will help to follow up.

@EmmaZhu
Copy link
Collaborator

EmmaZhu commented Oct 9, 2019

Hi @drocx ,

We do want to support BlobRequestOptions, but don't have a valid solution for now. It's already in our backlog, only without definite plan for now,

Thanks
Emma

@EmmaZhu
Copy link
Collaborator

EmmaZhu commented Nov 25, 2019

Hi @drocx ,

Sorry for misleading before.

BlobEncryptionPolicy only works in interfaces to uploading/downloading a whole file/stream in Azure Storage Client Library, but DMLib leverages Azure Storage Client Library's interfaces to uploading/downloading chunks of blobs which BlobEncryptionPolicy does not apply to. So client side encryption in Azure Storage Client Library won't work in DMLib, even if DMLib exposes setting BlobRequestOptions.

Could you share some details on your scenarios? Would you want to upload/download single file with client side encryptions, or would you want to upload/download a directory with client side encryptions? If you only need to upload/download single files, maybe directly calling Azure Storage Client Library is a better solution. If you'd need to upload/download a directory, DMLib may need to consider to support client side encryption by itself.

Thanks
Emma

@drocx
Copy link

drocx commented Jul 22, 2020

@EmmaZhu
Hello and sorry for my late response.
Here is our scenario:
We upload large customer database backups to azure blob storage. All files are encrypted on the client using azure key vault because the database contains sensitive data.
After the upload is complete our support teams downloads and decryt the database to reproduce errors.

In performance testing with unencrypted data, this library had a significant performance boost and better visual feedback for our customer.

@vaibhavramdasi
Copy link

@EmmaZhu We are also in need of Client side support for enc/dec. We want to download several asymmetrically encrypted files using BlobEncryptionPolicy and create Zip Archive of those files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EmmaZhu EmmaZhu

Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@vaibhavramdasi @drocx @EmmaZhu @vinjiang @blueww @mshiels