Class ClientEncryptionPolicy

Namespace

Microsoft.Azure.Cosmos

Assembly

Microsoft.Azure.Cosmos.Client.dll

The ClientEncryptionPolicy should be initialized with policyFormatVersion 2 and "Deterministic" encryption type, if "id" property or properties which are part of partition key need to be encrypted. All partition key property values have to be JSON strings.

public sealed class ClientEncryptionPolicy

Inheritance

object

ClientEncryptionPolicy

Inherited Members

object.GetType()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Extension Methods

CosmosLinqExtensions.DocumentId(object)

CosmosLinqExtensions.IsArray(object)

CosmosLinqExtensions.IsBool(object)

CosmosLinqExtensions.IsDefined(object)

CosmosLinqExtensions.IsNull(object)

CosmosLinqExtensions.IsNumber(object)

CosmosLinqExtensions.IsObject(object)

CosmosLinqExtensions.IsPrimitive(object)

CosmosLinqExtensions.IsString(object)

CosmosLinqExtensions.RegexMatch(object, string, string)

CosmosLinqExtensions.RegexMatch(object, string)

Examples

This example shows how to create a ClientEncryptionPolicy.

Collection<ClientEncryptionIncludedPath> paths = new Collection<ClientEncryptionIncludedPath>()
{
   new ClientEncryptionIncludedPath()
   {
       Path = partitionKeyPath,
       ClientEncryptionKeyId = "key1",
       EncryptionAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA256",
       EncryptionType = "Deterministic"
   },
   new ClientEncryptionIncludedPath()
   {
       Path = "/id",
       ClientEncryptionKeyId = "key2",
       EncryptionAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA256",
       EncryptionType = "Deterministic"
   },
};

ContainerProperties setting = new ContainerProperties()
{
   Id = containerName,
   PartitionKeyPath = partitionKeyPath,
   ClientEncryptionPolicy = new ClientEncryptionPolicy(includedPaths:paths, policyFormatVersion:2)
};

Constructors

ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath>)

Initializes a new instance of the ClientEncryptionPolicy class. The PolicyFormatVersion will be set to 1. Note: If you need to include partition key or id field paths as part of ClientEncryptionPolicy, please set PolicyFormatVersion to 2.

public ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath> includedPaths)

Parameters

includedPaths IEnumerable<ClientEncryptionIncludedPath>

List of paths to include in the policy definition.

ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath>, int)

Initializes a new instance of the ClientEncryptionPolicy class. Note: If you need to include partition key or id field paths as part of ClientEncryptionPolicy, please set PolicyFormatVersion to 2.

public ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath> includedPaths, int policyFormatVersion)

Parameters

includedPaths IEnumerable<ClientEncryptionIncludedPath>

List of paths to include in the policy definition.

policyFormatVersion int

Version of the client encryption policy definition. Current supported versions are 1 and 2.

Properties

IncludedPaths

Paths of the item that need encryption along with path-specific settings.

public IEnumerable<ClientEncryptionIncludedPath> IncludedPaths { get; }

Property Value

IEnumerable<ClientEncryptionIncludedPath>

PolicyFormatVersion

Version of the client encryption policy definition.

public int PolicyFormatVersion { get; }

Property Value

int