All managed dB services on azure have data encryption at rest turned on by default( as per azure docs). How to see the status on it for Azure postgresql.? Right now when I do "az postgres server show --name -g" of an existing postgresql server I can see Infrastructure Encryption : disabled..does it mean encrytion at rest if off? How do I make sure that encryption is on always. Or at least get the right status of it.
Asked
Active
Viewed 435 times
0
-
Please convey if there is a specific use case for looking for this value. or it is just for knowing it is configured right. As this document explains - https://azure.microsoft.com/en-us/blog/securing-azure-database-for-mysql-and-azure-database-for-postgresql/ "All data stored by the service is secured via the Azure Storage Service through 256 bit AES encryption that is always on and cannot be turned off." So the encryption at Rest is always on and data is secured. – NavtejSaini-MSFT May 07 '20 at 01:59
-
The use case is more of providing a sign off/approval on a product feature asked by the customer which says all data in the database is encrypted at rest. This needs to provided with a test case which successfully passes this case. or an artefact that justifies this. And also when I see "InfrastructureEncryption : disabled" it does not sound right. – Aravind May 07 '20 at 09:30
1 Answers
2
Thanks for the clarification. As I had mentioned before, Azure server encrypts the data at rest by default and you will not be able to check the status for the encryption.
Only way you can be sure of it is by going through the https://servicetrust.microsoft.com/ website to get information about security and compliance Microsoft Azure follows.
Now coming to the Infrastructure Encryption property that you are seeing. Our Product team has a feature in works where they are trying to provide an opt-in capability to double encrypt the servers with no effect on current default encryption. Once the work is complete, we will provide more guidance.
For now we will try to update API comments and description as soon as possible.
Hope this helps.
Thanks Navtej S
NavtejSaini-MSFT
- 121
- 1