Expose StorageClientFactory or QueueProcessorFactory to enable triggering on client-side-encrypted queues
With WebJobs, a custom StorageClientFactory can set an EncryptionPolicy in the DefaultRequestOptions such that encrypted queue messages are transparently decrypted when triggering a WebJob.
Alternatively, the EncryptionPolicy can be set on a queue by queue basis using a custom QueueProcessorFactory.
If these, or a more general way to modify the JobHostConfiguration were provided, then we would be able to store the storage connection string in Azure KeyVault and use client side encryption with Azure Functions apps.
Marking to needs feedback per below:
Nothing planned but still curious on this one. I think the ask is that you could decrypt on trigger. I expect trigger would work today but you’d have to have decrypt in code per execution. Is hope to decrypt before execution? – Jeff