Use customer managed keys to encrypt data on Azure Data Explorer clusters

This post has been republished via RSS; it originally appeared at: Azure Data Explorer Blog articles.

Azure Storage encrypts all data in the storage account at REST and by default, data is encrypted with Microsoft-managed keys. CMK provides more customer control over key management and requires Key Vault for managing the keys. This new capability is also a critical piece in the JEDI cloud contract with the Department of Defense.

To enable Customer Managed Keys

  1. Create an Azure Data Explorer cluster with system assigned identity using C# or an ARM template (Azure Portal support coming soon).
  2. Add the cluster to the access policy of the Key Vault that contains your keys.
  3. Configure your Azure Data Explorer cluster with the Key Vault properties.

You are good to go!

If you delete or disable the key or delete the Key Vault, your cluster will block (within 1 hour) all access to the data and the cluster will be stopped.

For more information, read the following documents:

clipboard_image_0.png

Azure Data Explorer team

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.