检查 blob 的加密状态Check the encryption status of a blob

2017 年 10 月 20 日后写入 Azure 存储的每个块 Blob、追加 Blob 或页 Blob 均已通过 Azure 存储加密进行了加密。Every block blob, append blob, or page blob that was written to Azure Storage after October 20, 2017 is encrypted with Azure Storage encryption. 在此日期之前创建的 Blob 继续由后台进程加密。Blobs created prior to this date continue to be encrypted by a background process.

本文介绍如何确定某个给定的 blob 是否已加密。This article shows how to determine whether a given blob has been encrypted.

检查 blob 的加密状态Check a blob's encryption status

使用 Azure 门户、PowerShell 或 Azure CLI 来确定某个 blob 是否在不使用代码的情况下进行了加密。Use the Azure portal, PowerShell, or Azure CLI to determine whether a blob is encrypted without code.

若要使用 Azure 门户来检查 blob 是否已加密,请执行以下步骤:To use the Azure portal to check whether a blob has been encrypted, follow these steps:

  1. 在 Azure 门户中导航到存储帐户。In the Azure portal, navigate to your storage account.

  2. 选择“容器” ,转到帐户中的容器列表。Select Containers to navigate to a list of containers in the account.

  3. 找到 blob 并显示其“概述” 选项卡。Locate the blob and display its Overview tab.

  4. 查看“加密的服务器” 属性。View the Server Encrypted property. 如果为“True” (如下图所示),则表明 blob 已加密。If True, as shown in the following image, then the blob is encrypted. 请注意,blob 的属性还包括 blob 的创建日期和时间。Notice that the blob's properties also include the date and time that the blob was created.

    屏幕截图显示如何在 Azure 门户中查看“加密的服务器”属性

对 blob 进行强制加密Force encryption of a blob

如果 2017 年 10 月 20 日之前创建的某个 blob 尚未经过后台进程的加密,可以通过下载并重新上传 blob 来即时进行强制加密。If a blob that was created prior to October 20, 2017 has not yet been encrypted by the background process, you can force encryption to occur immediately by downloading and re-uploading the blob. 实现此目的的一个简单方法是使用 AzCopy。A simple way to do this is with AzCopy.

若要使用 AzCopy 将 blob 下载到本地文件系统,请使用以下语法:To download a blob to your local file system with AzCopy, use the following syntax:

azcopy copy 'https://<storage-account-name>.<blob or dfs>.core.chinacloudapi.cn/<container-name>/<blob-path>' '<local-file-path>'

Example:
azcopy copy 'https://storagesamples.blob.core.chinacloudapi.cn/sample-container/blob1.txt' 'C:\temp\blob1.txt'

若要使用 AzCopy 将 blob 重新上传到 Azure 存储,请使用以下语法:To re-upload the blob to Azure Storage with AzCopy, use the following syntax:

azcopy copy '<local-file-path>' 'https://<storage-account-name>.<blob or dfs>.core.chinacloudapi.cn/<container-name>/<blob-name>'

Example:
azcopy copy 'C:\temp\blob1.txt' 'https://storagesamples.blob.core.chinacloudapi.cn/sample-container/blob1.txt'

有关使用 AzCopy 复制 blob 数据的详细信息,请参阅使用 AzCopy 和 Blob 存储传输数据For more information about using AzCopy to copy blob data, see Transfer data with AzCopy and Blob storage.

后续步骤Next steps

静态数据的 Azure 存储加密Azure Storage encryption for data at rest