How to create an Azure Function for encrypting blobs

Question

My requirement is to encrypt newly added files in data lake storage container. For this I am creating an event grid that will trigger when a new file is added to a specified container. On the end side, I want to create a function that will encrypt the file that was added.

How to write code to create that function? or is there any alternate way?

Answer 1

Azure Storage automatically encrypts all data in a storage account at the service level using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Customers who require higher levels of assurance that their data is secure can also enable 256-bit AES encryption at the Azure Storage infrastructure level for double encryption. Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised. In this scenario, the additional layer of encryption continues to protect your data.

Infrastructure encryption can be enabled for the entire storage account, or for an encryption scope within an account. When infrastructure encryption is enabled for a storage account or an encryption scope, data is encrypted twice — once at the service level and once at the infrastructure level — with two different encryption algorithms and two different keys.

Service-level encryption supports the use of either Microsoft-managed keys or customer-managed keys with Azure Key Vault or Key Vault Managed Hardware Security Model (HSM) (preview). Infrastructure-level encryption relies on Microsoft-managed keys and always uses a separate key.

https://docs.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal