Share via

where can i find cosmsosdb encryption details

mohammedm834@ninjacart.com 0 Reputation points
2024-05-14T06:40:57.4233333+00:00

I need cosmosdb encryption details for audit

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,478 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. TP 79,331 Reputation points
    2024-05-14T07:07:17.9833333+00:00

    Hi,

    Please see documents below:

    Data encryption in Azure Cosmos DB

    https://learn.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest

    Overview of database security in Azure Cosmos DB

    https://learn.microsoft.com/en-us/azure/cosmos-db/database-security

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    0 comments
  2. ShaktiSingh-MSFT 14,081 Reputation points Microsoft Employee
    2024-05-14T14:13:15.85+00:00

    Hi mohammedm834@ninjacart.com •,

    Welcome to Micrsoft Q&A forum.

    As I understand, you want to know about Azure Cosmos DB encryption details.

    If your Cosmos DB is MongoDB Vcore, then refer https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/vcore/database-encryption-at-rest.

    If other APIs, Encryption at rest is implemented by using several security technologies, including secure key storage systems, encrypted networks, and cryptographic APIs. Systems that decrypt and process data have to communicate with systems that manage keys. The diagram shows how storage of encrypted data and the management of keys is separated.

    The basic flow of a user request is:

    • The user database account is made ready, and storage keys are retrieved via a request to the Management Service Resource Provider.
    • A user creates a connection to Azure Cosmos DB via HTTPS/secure transport. (The SDKs abstract the details.)
    • The user sends a JSON document to be stored over the previously created secure connection.
    • The JSON document is indexed unless the user has turned off indexing.
    • Both the JSON document and index data are written to secure storage.
    • Periodically, data is read from the secure storage and backed up to the Azure Encrypted Blob Store.

    Data stored in your Azure Cosmos DB account is automatically and seamlessly encrypted with keys managed by Microsoft by using service-managed keys. Optionally, you can choose to add a second layer of encryption with keys you manage by using customer-managed keys.

    Microsoft has a set of internal guidelines for encryption key rotation, which Azure Cosmos DB follows. The specific guidelines aren't published. Microsoft does publish the Security Development Lifecycle, which is seen as a subset of internal guidance and has useful best practices for developers.

    You can Configure customer-managed keys for your Azure Cosmos DB account with Azure Key Vault following https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-customer-managed-keys?source=recommendations&tabs=azure-portal

    You can refer to the Security section in the official documentation page:

    User's image

    https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-customer-managed-keys?source=recommendations&tabs=azure-portal

    Hope this helps. Let us know if further queries.

    Thanks.

    0 comments