What happened with azure services used encryption setting enabled customer-managed key in key vault if key has expired?

thanakrit.r 1 Reputation point
2023-11-21T12:16:25.01+00:00

Hi,

We settings on some azure services used encryption with customer-managed key use in azure key vaults. which effect to those services? in this case we use encryption customer-managed key in key vaults, whose key has expired.

such as service i used this setting on synapse workspace, disk on azure vm. will take effect to thos services when key has expired?

2023-11-21_18-28-51

2023-11-21_18-32-24

2023-11-21_18-33-22

BR,

Thanakrit

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,180 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
164 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,665 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,646 Reputation points Microsoft Employee
    2023-11-22T11:24:31.27+00:00

    @thanakrit.r

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are lloing for advisory on behavior of your environment when you are using a CMK for encryption of your managed disk and it gets expired.

    Please do correct me if this is not the case by responding in the comments section.

    When a key is either disabled, deleted, or expired, any VMs with either OS or data disks using that key will automatically shut down. After the automated shut down, VMs won't boot until the key is enabled again, or you assign a new key. Generally, disk I/O (read or write operations) start to fail one hour after a key is either disabled, deleted, or expired

    Thanks,

    Akshay Kaushik

    Please do accept the answer and rate your experience if the above-mentioned suggestion works as per your business need.

    0 comments No comments