[QUERY] Client side encryption using `azure-storage-blob-cryptography` library

Query/Question We are currently using client side encryption functionality provided in v8 SDK. I’m upgrading our application to use v12 and I have a few questions/issues:

• Passing a key to EncryptedBlobClient requires implementing AsyncKeyEncryptionKey interface. Are there any existing implementations I can use? With v8, we were using SymmetricKey class provided in com.microsoft.azure.keyvault.cryptography.

• EncryptedBlobClient does not support uploading a blob from a stream like in BlockBlobClient. It only supports uploading from a file. Is there a way to do it using a stream? I’d prefer not to create files on disk just to do this.

• EncryptedBlobClient cannot be created from BlobContainerClient like other clients (e.g., BlockBlobClient). In our application, we’d initialize BlobServiceClient once and derive other clients like container or blob depending on the access needs. Since EncryptedBlobClient requires full standalone construction, I either need to cache credentials (all supported types as any of them could be used) or always create EncryptedBlobClient when creating BlobServiceClient even if client side encryption is not going to be used.

• Client side encryption feature was seamlessly integrated in v8 compared to v12. Depending on whether a blob needs to be encrypted, I’d have to use two different clients in v12 whereas in v8 I just have to set BlobEncryptionPolicy in upload options.

Why is this not a Bug or a feature Request? NA

Setup (please complete the following information if applicable):

• OS: Linux
• IDE : IntelliJ
• Version of the Library used: 12.0.0

Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Query Added
• Setup information Added