Reputation: 869
CosmosDB encryption at rest
We have documentDB database with encrypted data. All encryption and decryption are handled on client side. This database was created when there was no support of rest encryption in documentDB. I saw that new rest encryption support in documentDB is HIPAA compliant. It is mentioned in document that it is by default on and there is no user control on that. How can I use this feature in my existing database? Will it help me to get rid of my client side encryption?
Upvotes: 2
Views: 1965
Answers (1)
Reputation: 71066
Cosmos DB's encryption-at-rest is not accessible from your application; it's done transparently to you. If you use client-side encryption, you don't need to change it; data will still be encrypted from Cosmos DB's standpoint during writes, and decrypted when read.
Only you can decide whether you need to encrypt client-side, based on your corp policies, customer agreeements, etc. Also keep in mind: all traffic is SSL-based; there's no option for in-the-clear data transport.
Upvotes: 4
Related Questions
- SQL Always Encrypted in Azure
- End-to-end encryption with Azure CosmosDB vs Storage
- Azure postgresql data encryption at rest
- Row level security in Azure Cosmos DB
- Is user data encryption required with CosmosDB?
- How to use Azure's Encryption at Rest via REST API
- Why am I able to see data in Azure Document DB if it is encrypted?
- Azure data storage encryption?
- How to encrypt data in SQL Azure?
- Does Azure SQL Database supports encryption?