It’s been a query for most of customer, how to encrypt data of Azure storage accounts as azure storage is public cloud and not sure if my storage account data been compromised. Even more on this how we can get an audit complain for azure storage accounts data and many more query .
Now Azure storage encryption feature will help your keen our data encrypted and now can decrypt your data without your permission if you are using “your Own Key” to encrypt the data.
Key Feature of Storage Accounts Encryption.
- Azure Storage encryption services protects our data at rest.
- Azure Storage encrypts our data as it’s written in MS Azure data centers and automatically decrypts for customers based on there usages or Access to the data.
- Data is encrypted using Microsoft Managed Keys for Azure Blobs, Tables, Files and Queues.
- We can choose to bring our own key for encryption for Azure Blobs and Files.
- Encryption for Tables and Queues will always use Microsoft Managed Keys.
Step 1: Storage Accounts Encryption
- Select the Storage Accounts you want to get encrypted.
- Select Encryption Tab under Setting Pane.
- Click on the encryption.
- Here you will found Option
- Enter your Owner Key
- Select from key Vault.
I am selecting the second option as i don’t have key vault or Own Key.
Step-2: Azure Key Vault Creations
- Click on All services and Search Key Vault.
- Click on the Key Vault
- Provide the Name
- Pricing Tire
- Access Policy
- Virtual Network if you wan to allow key with in your networks or restrict from Internet.
Step-3: Azure Encryption Creations
- Select the Key Vault
- Select the Key under the Settings Pane.
- Click on Generate/Import Key.
- Provide the Name of the key
- Security Key Type
- RSA Key Size.
- Can set the Activation date and Expiration Data.
Step-4: Azure Storage Accounts Verification.
- Verify the key Vault
- Verify the encryption key and select the Correct key.
- Click on the Save
- It will take some time and save the settings.
- Storage Accounts encryption has been enabled.