This section explains how to migrate the client-side encrypted content stored in Azure Blob Storage from the encryption version 1 to the encryption version 2 using BlobDataMigrationTool. To mitigate the security vulnerabilities discovered in client-side encryption version 1, it is recommended that you migrate your Azure Blob data to the client-side encryption version 2. For more information on the security vulnerability, see Microsoft documentation.

You can run this tool by providing site, vault, root folder, folder, and blob options. If any of these options are not provided in the command, the tool will run for the entire system.

Following is the list of valid arguments:

After you run the tool, it generates a report in CSV format at windchill/logs/BlobDataMigration. The report lists details such as the mount path, number of files successfully migrated, number of files ignored for migration, number of files failed to migrate, mount type, type of encryption, and total time in seconds to migrate a mount path.

All available mount paths are listed in the report. Files with fileBased mount type and files with server-side encryption will be ignored for migration as the security vulnerability is applicable only to the client-side encryption. The tool also generates a separate text report to list the details of files that failed to migrate. When you run the tool multiple times, the previously migrated files will be ignored.