Skip to content

Commit

Permalink
Added encryption scopes to Blob Storage (#7929)
Browse files Browse the repository at this point in the history
  • Loading branch information
@seanmcc-msft
seanmcc-msft authored Dec 10, 2019
1 parent 7e1b820 commit ec5b478
Showing 1 changed file with 152 additions and 9 deletions.
161 changes: 152 additions & 9 deletions specification/storage/data-plane/Microsoft.BlobStorage/preview/2019-07-07/blob.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -620,6 +620,12 @@
},
{
"$ref": "#/parameters/ClientRequestId"
},
{
"$ref": "#/parameters/DefaultEncryptionScope"
},
{
"$ref": "#/parameters/DenyEncryptionScopeOverride"
}
],
"responses": {
Expand Down Expand Up @@ -3993,6 +3999,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfModifiedSince"
},
Expand Down Expand Up @@ -4066,6 +4075,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the blob. This header is only returned when the blob was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -4152,6 +4166,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfModifiedSince"
},
Expand Down Expand Up @@ -4219,6 +4236,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the blob. This header is only returned when the blob was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -4311,6 +4333,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/AccessTierOptional"
},
Expand Down Expand Up @@ -4381,6 +4406,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the blob. This header is only returned when the blob was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -4632,6 +4662,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfModifiedSince"
},
Expand Down Expand Up @@ -4694,6 +4727,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the metadata. This header is only returned when the metadata was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -5327,6 +5365,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfModifiedSince"
},
Expand Down Expand Up @@ -6021,6 +6062,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
Expand Down Expand Up @@ -6071,6 +6115,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the block. This header is only returned when the block was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -6138,6 +6187,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/LeaseIdOptional"
},
Expand Down Expand Up @@ -6203,6 +6255,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the block. This header is only returned when the block was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -6282,6 +6339,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/AccessTierOptional"
},
Expand Down Expand Up @@ -6365,6 +6425,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the blob. This header is only returned when the blob was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -6524,6 +6589,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfSequenceNumberLessThanOrEqualTo"
},
Expand Down Expand Up @@ -6611,6 +6679,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the pages. This header is only returned when the pages were encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -6688,6 +6761,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfSequenceNumberLessThanOrEqualTo"
},
Expand Down Expand Up @@ -6851,6 +6927,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/LeaseIdOptional"
},
Expand Down Expand Up @@ -6948,6 +7027,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the blob. This header is only returned when the blob was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -7239,6 +7323,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfModifiedSince"
},
Expand Down Expand Up @@ -7595,6 +7682,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/IfModifiedSince"
},
Expand Down Expand Up @@ -7677,6 +7767,11 @@
"x-ms-client-name": "EncryptionKeySha256",
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the block. This header is only returned when the block was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
}
}
},
Expand Down Expand Up @@ -7744,6 +7839,9 @@
{
"$ref": "#/parameters/EncryptionAlgorithm"
},
{
"$ref": "#/parameters/EncryptionScope"
},
{
"$ref": "#/parameters/LeaseIdOptional"
},
Expand Down Expand Up @@ -7838,6 +7936,11 @@
"type": "string",
"description": "The SHA-256 hash of the encryption key used to encrypt the block. This header is only returned when the block was encrypted with a customer-provided key."
},
"x-ms-encryption-scope": {
"x-ms-client-name": "EncryptionScope",
"type": "string",
"description": "Returns the name of the encryption scope used to encrypt the blob contents and application metadata. Note that the absence of this header implies use of the default account encryption scope."
},
"x-ms-request-server-encrypted": {
"x-ms-client-name": "IsServerEncrypted",
"type": "boolean",
Expand Down Expand Up @@ -8231,6 +8334,10 @@
"CustomerProvidedKeySha256": {
"type": "string"
},
"EncryptionScope": {
"type": "string",
"description": "The name of the encryption scope under which the blob is encrypted."
},
"AccessTierChangeTime": {
"type": "string",
"format": "date-time-rfc1123"
Expand Down Expand Up @@ -9490,6 +9597,42 @@
},
"description": "The algorithm used to produce the encryption key hash. Currently, the only accepted value is \"AES256\". Must be provided if the x-ms-encryption-key header is provided."
},
"EncryptionScope": {
"name": "x-ms-encryption-scope",
"x-ms-client-name": "encryptionScope",
"type": "string",
"in": "header",
"required": false,
"x-ms-parameter-location": "method",
"x-ms-parameter-grouping": {
"name": "cpk-scope-info"
},
"description": "Optional. Version 2019-02-02 and later. Specifies the name of the encryption scope to use to encrypt the data provided in the request. If not specified, encryption is performed with the default account encryption scope. For more information, see Encryption at Rest for Azure Storage Services."
},
"DefaultEncryptionScope": {
"name": "x-ms-default-encryption-scope",
"x-ms-client-name": "DefaultEncryptionScope",
"type": "string",
"in": "header",
"required": false,
"x-ms-parameter-location": "method",
"x-ms-parameter-grouping": {
"name": "container-cpk-scope-info"
},
"description": "Optional. Version 2019-02-02 and later. Specifies the default encryption scope to set on the container and use for all future writes."
},
"DenyEncryptionScopeOverride": {
"name": "x-ms-deny-encryption-scope-override",
"x-ms-client-name": "DenyEncryptionScopeOverride",
"type": "boolean",
"in": "header",
"required": false,
"x-ms-parameter-location": "method",
"x-ms-parameter-grouping": {
"name": "container-cpk-scope-info"
},
"description": "Optional. Version 2019-02-02 and newer. If true, prevents any request from specifying a different encryption scope than the scope set on the container."
},
"FileRenameSource": {
"name": "x-ms-rename-source",
"x-ms-client-name": "renameSource",
Expand Down Expand Up @@ -9977,15 +10120,15 @@
},
"description": "Specify this header value to operate only on a blob if it has not been modified since the specified date/time."
},
"SourceLeaseId": {
"name": "x-ms-source-lease-id",
"x-ms-client-name": "sourceLeaseId",
"in": "header",
"required": false,
"type": "string",
"x-ms-parameter-location": "method",
"description": "A lease ID for the source path. If specified, the source path must have an active lease and the leaase ID must match."
},
"SourceLeaseId": {
"name": "x-ms-source-lease-id",
"x-ms-client-name": "sourceLeaseId",
"in": "header",
"required": false,
"type": "string",
"x-ms-parameter-location": "method",
"description": "A lease ID for the source path. If specified, the source path must have an active lease and the leaase ID must match."
},
"SourceUrl": {
"name": "x-ms-copy-source",
"x-ms-client-name": "sourceUrl",
Expand Down

0 comments on commit ec5b478

Please sign in to comment.