Share via

What happens to a customer managed key in a secondary Azure region ?

MrFlinstone 686 Reputation points
2024-02-01T23:35:56.2133333+00:00

I have got a storage account created in primary region A, and a similar storage account created in region B to server as a disaster recovery solution. I am unsure what happens with the customer managed key used within the storage account, does that need to be created on a secondary key vault located in the secondary zone ? what happens in the event that the primary site is lost ?

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,542 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,831 Reputation points Volunteer Moderator
    2024-02-02T00:25:53.17+00:00

    Hello,

    I would recommend reading up on the failover solution:

    Failover across regions

    https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance#failover-across-regions

    If you're in a region that automatically replicates your key vault to a secondary region, then in the rare event that an entire Azure region is unavailable, the requests that you make of Azure Key Vault in that region are automatically routed (failed over) to a secondary region. When the primary region is available again, requests are routed back (failed back) to the primary region. Again, you don't need to take any action because this happens automatically.

    Also I would take note (since I don't know what regions you are using):

    User's image

    If this is helpful please accept answer.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.