Reputation: 1085
Is user data encryption required with CosmosDB?
I have private user data stored in CosmosDB, which has encryption at rest. Does this mean I still need to store encrypted data or is it already encrypted by Cosmos?
If not, what is the recommened npm package to encrypt data. I am looking for one that allows me to decrypt as well, and return the original value and not just true/false.
Upvotes: 0
Views: 572
Answers (1)
Reputation: 7190
It depends on your requirement and what you mean by "private user data".
As you said, CosmosDB encrypts data at rest and also in transit. At rest encryption means that if someone somehow gets access to the hard drive where the cosmosdb files are stored he cannot read them.
However that doesn't mean that if he gets the master key he cannot read the documents. At rest encryption is completely transparent to you. If you have a requirement to encrypt "private user data" (whatever that means to you) then you should encrypt it. However if you need to query on them things get way more complicated. If your question is driven by the GDPR regulations, then you don't really have to encrypt anything, as the at rest encryption covers that need.
Upvotes: 1
Related Questions
- End-to-end encryption with Azure CosmosDB vs Storage
- Database Encryption Basics: When using MongoDB Atlas, are data automatically encrypted?
- CosmosDB encryption at rest
- Row level security in Azure Cosmos DB
- MongoDB database encryption
- Why am I able to see data in Azure Document DB if it is encrypted?
- Azure data storage encryption?
- SQL Azure - What type of encryption to use?
- Best practice regarding Azure DocumentDB auth key?
- Does Azure SQL Database supports encryption?