In this project, we will explore RBAC and encryption with Cosmos DB.
We must write a tool to safely store user data and encrypt personally identifiable information (PII).
Each user document has three properties:
Email (ID, partition key)
Name (PII)
Phone (PII)
We’ll write a CLI that accepts two commands to perform the following operations:
Add or update a user
Get a user
The CLI logic is already done. We’ll need to implement the commands, interact with Cosmos DB, and provide feedback to users.
For educational purposes, we’ll use three different CosmosClient classes on the project:
One to create the encrypted container, authorized with the primary key.
One able to encrypt/decrypt properties and authorized with RBAC.
One unable to encrypt/decrypt properties and authorized with RBAC.
The two RBAC clients are useful to test if the encryption works as expected.