33 lines
1.8 KiB
Go
33 lines
1.8 KiB
Go
package azblob
|
||
|
||
// ClientProvidedKeyOptions contains headers which may be be specified from service version 2019-02-02
|
||
// or higher to encrypts the data on the service-side with the given key. Use of customer-provided keys
|
||
// must be done over HTTPS. As the encryption key itself is provided in the request, a secure connection
|
||
// must be established to transfer the key.
|
||
// Note: Azure Storage does not store or manage customer provided encryption keys. Keys are securely discarded
|
||
// as soon as possible after they’ve been used to encrypt or decrypt the blob data.
|
||
// https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
|
||
// https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview
|
||
type ClientProvidedKeyOptions struct {
|
||
// A Base64-encoded AES-256 encryption key value.
|
||
EncryptionKey *string
|
||
|
||
// The Base64-encoded SHA256 of the encryption key.
|
||
EncryptionKeySha256 *string
|
||
|
||
// Specifies the algorithm to use when encrypting data using the given key. Must be AES256.
|
||
EncryptionAlgorithm EncryptionAlgorithmType
|
||
|
||
// Specifies the name of the encryption scope to use to encrypt the data provided in the request
|
||
// https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview
|
||
// https://docs.microsoft.com/en-us/azure/key-vault/general/overview
|
||
EncryptionScope *string
|
||
}
|
||
|
||
// NewClientProvidedKeyOptions function.
|
||
// By default the value of encryption algorithm params is "AES256" for service version 2019-02-02 or higher.
|
||
func NewClientProvidedKeyOptions(ek *string, eksha256 *string, es *string) (cpk ClientProvidedKeyOptions) {
|
||
cpk = ClientProvidedKeyOptions{}
|
||
cpk.EncryptionKey, cpk.EncryptionKeySha256, cpk.EncryptionAlgorithm, cpk.EncryptionScope = ek, eksha256, EncryptionAlgorithmAES256, es
|
||
return cpk
|
||
}
|