Skip to content
This repository has been archived by the owner on Aug 2, 2024. It is now read-only.

Demo custom managed key encryption at rest (service side) in our bicep provisioning scripts #327

Open
jfomhover opened this issue Apr 5, 2023 · 0 comments
Open

Demo custom managed key encryption at rest (service side) in our bicep provisioning scripts #327

jfomhover opened this issue Apr 5, 2023 · 0 comments
Labels
auto-provisioning direct customer ask enhancement New feature or request

Comments

@jfomhover
Copy link
Contributor

Following https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview

TODO:

  • implement a keyvault for each orch/silo hosting an RSA key
  • set an identify for the storage to access this keyvault
  • set encryption service-side with custom keys from said keyvault

Bicep: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?pivots=deployment-language-bicep

Example bicep: https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk/main.bicep
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-provisioning direct customer ask enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jfomhover