Manage customer managed keys

Data security is a top priority in today’s digital landscape. Azure Key Vault provides a robust solution for managing encryption through customer-managed keys (CMK). In this guide, we will explore how Azure Storage Server-Side Encryption (SSE) works with CMK to give you enhanced control over your encryption process.

Overview

By default, Microsoft uses platform-managed keys (PMK) to handle encryption. However, organizations that require greater control over their sensitive data can opt for customer-managed keys. When you create an Azure Storage account, SSE is enabled by default with Microsoft-managed keys. By switching to SSE with customer-managed keys, you assume control over key management. This approach ensures that the encryption is performed using keys that you create, manage, and control. The diagram below visualizes the complete process:

The image illustrates the process of using Customer Managed Keys (CMK) in Azure, showing how a user creates a storage account, writes data into a blob, and manages encryption keys through Azure Storage Account and Key Vaults.

Advantages of Using Customer-Managed Keys

Switching to customer-managed keys offers several important benefits:

Enhanced Control: Manage the entire encryption key lifecycle, including setting key durations tailored to your security needs.
Flexible Key Rotation: Rotate keys promptly whenever required, bolstering overall security.
Compliance and Governance: Achieve greater confidence in meeting regulatory and internal compliance mandates by overseeing your key management processes.

Using customer-managed keys allows you to integrate your enterprise key management processes seamlessly with Azure services.

This article provides a concise overview of using customer-managed keys with Azure Storage. For more detailed insights, including advanced storage security topics and best practices, be sure to explore the additional resources in our documentation. For further reading:

Enhance your data security strategy today by leveraging the full potential of customer-managed keys in Azure.

Introduction

Secure Azure solution with Azure Active Directory

Hybrid Identity

Identity Protection

Azure AD Privileged Identity Management

Enterprise Governance

Perimeter Security

Network Security

Host Security

Container Security

Key Vault

App Security

Storage Security

Database Security

Azure Monitor

Microsoft Defender for Cloud

Microsoft Sentinel

Manage customer managed keys

Overview

Advantages of Using Customer-Managed Keys

Watch Video

Introduction

Secure Azure solution with Azure Active Directory

Hybrid Identity

Identity Protection

Azure AD Privileged Identity Management

Enterprise Governance

Perimeter Security

Network Security

Host Security

Container Security

Key Vault

App Security

Storage Security

Database Security

Azure Monitor

Microsoft Defender for Cloud

Microsoft Sentinel

​Overview

​Advantages of Using Customer-Managed Keys

Watch Video

Overview

Advantages of Using Customer-Managed Keys