For compliance-sensitive workloads (PII, financial data), Cosmos DB supports client-side encryption (Always Encrypted). Developers often store sensitive data in plaintext without realizing this option exists.
We need a rule covering:
- When to use: PII, healthcare, finance, regulatory compliance
- Client-side encryption setup with Azure Key Vault
- Performance considerations (encrypted fields can't be indexed/queried)
- Difference from encryption-at-rest (which is always on)
Category: \security-\ Security
Impact: Medium
Suggested file: \skills/cosmosdb-best-practices/rules/security-client-encryption.md\
References:
This is a good first issue! Follow the Contributing Guide and use the rule template to get started.
For compliance-sensitive workloads (PII, financial data), Cosmos DB supports client-side encryption (Always Encrypted). Developers often store sensitive data in plaintext without realizing this option exists.
We need a rule covering:
Category: \security-\ Security
Impact: Medium
Suggested file: \skills/cosmosdb-best-practices/rules/security-client-encryption.md\
References:
This is a good first issue! Follow the Contributing Guide and use the rule template to get started.