I want to know what customer managed keys (CMK) mean in the Azure documentation "Configure encryption key rotation in Azure Key Vault"

nanakushi 20 Reputation points
2024-08-19T05:15:09.8433333+00:00

In "Configure encryption key rotation in Azure Key Vault" in the Azure documentation https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation

"This feature enables end-to-end zero-touch rotation of encryption at rest for Azure services whose customer managed keys (CMKs) are stored in Azure Key Vault" under Integration with Azure Services. ”.

In this article, "customer managed key" means:

Do you mean data encryption key (DEK) or

Do you mean Key Encryption Key (KEK)?

We believe that Keyvault automatically rotates data encryption keys provided by users.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,456 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 28,676 Reputation points MVP Volunteer Moderator
    2024-08-19T05:47:46.7133333+00:00

    Hi,

    Many of the Azure services support customer managed keys which basically is encryption of the data stored by those services using keys from Azure Key Vault. By default many of those services encryption is done by Azure. They manage the encryption and the rotation of the keys without that being visible to the end user. In case you want encrypt those services with your own keys you can use keys on Key Vault to do that. It is up to you to manage those keys and the encryption (CMKs). Key rotation policies is a feature in Key Vault that allows new key versions to be issued automatically on schedule. If those keys for which you are renewing automatically are used for encryption using customer managed keys you need to check if that services supports automatically picking the new version of the key or you need to change the configuration of the encryption manually with pointing to the new key version.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.