Azure Disk Encryption with Key Rotation

Inbal Silis 116 Reputation points Microsoft Employee
2022-07-12T05:34:14.727+00:00

Do we have product feature to allow Key rotation for Azure Disk Encryption?
Currently its not supported:
Azure Disk Encryption and auto-rotation
Although Azure Key Vault now has key auto-rotation, it is not currently compatible with Azure Disk Encryption. Specifically, Azure Disk Encryption will continue to use the original encryption key, even after it has been auto-rotated.

What is the alternative for now: manual trigger key rotation in Key Vault and in Azure Disk?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,453 questions
0 comments No comments
{count} votes

Accepted answer
  1. Mohammed Altamash Mohammed Suleman Khan 2,331 Reputation points
    2022-07-12T05:37:00.27+00:00

    Hi

    Azure managed disks provide end to end encryption of data with your keys stored in Azure Key Vault. Now, you can choose to enable automatic rotation of your keys. When you generate a new version of a key in your Key Vault, the system will automatically update all the managed disks, snapshots, and images using the key to use the new version within an hour. You don’t have to manually update your resources to use the new version of the key.

    For more detailed follow the link :

    https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption#automatic-key-rotation-of-customer-managed-keys

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.