ClientEncryptionPolicyDefinition Class

Definition

ClientEncryptionPolicy fluent definition. The ClientEncryptionPolicy should be initialized with policyFormatVersion 2 and "Deterministic" encryption type, if "id" property or properties which are part of partition key need to be encrypted. All partition key property values included as part of ClientEncryptionIncludedPath have to be JSON strings.

public sealed class ClientEncryptionPolicyDefinition
type ClientEncryptionPolicyDefinition = class
Public NotInheritable Class ClientEncryptionPolicyDefinition
Inheritance
ClientEncryptionPolicyDefinition

Examples

This example shows how to create a ClientEncryptionPolicy using ClientEncryptionPolicyDefinition.

ClientEncryptionIncludedPath path1 = new ClientEncryptionIncludedPath()
{
    Path = partitionKeyPath,
    ClientEncryptionKeyId = "key1",
    EncryptionAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA256",
    EncryptionType = "Deterministic"
};

ClientEncryptionIncludedPath path2 = new ClientEncryptionIncludedPath()
{
    Path = "/id",
    ClientEncryptionKeyId = "key2",
    EncryptionAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA256",
    EncryptionType = "Deterministic"
};

ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
   .WithClientEncryptionPolicy(policyFormatVersion:2)
   .WithIncludedPath(path1)
   .WithIncludedPath(path2)
   .Attach()
   .CreateAsync()
};

Methods

Attach()

Applies the current definition to the parent.

WithIncludedPath(ClientEncryptionIncludedPath)

Adds a ClientEncryptionIncludedPath to the current ClientEncryptionPolicyDefinition.

Applies to