This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 81%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
I am trying to enable customer-managed encryption keys in the Azure PostgreSQL single server. Based on this documentation, I have added Access Policy and selected all required Key permissions along with principal as described in this documentation. But I am getting error (Failed to save Data Encryption settings). Looking deeper into the activity log, I got this Json:
{
"authorization": {
"action": "Microsoft.DBforPostgreSQL/servers/keys/write",
"scope": "/subscriptions/XXX/resourceGroups/xxxx/providers/Microsoft.DBforPostgreSQL/servers/postgresql-000/keys/kb-vault-001_kb-key-001_4905720906494cf2ad2f18150d695adf"
},
"caller": "******@comapny.com",
"channels": "Operation",
"claims": {
"aud": "https://management.core.windows.net/",
"iss": "https://sts.windows.net/5ed27273-eeb1-4c9b-914a-2f414db0ff22/",
"iat": "1647857267",
"nbf": "1647857267",
"exp": "1647862078",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"aio": "AYQAe/8TAAAAVZtbknAkuTaCYtW6yZa+RWArEO8kEWjz0wYUO8hQQRM9xy0wb7eptcWEbBihhMpdttgwUIWqux8C99alpRXuRgGIN21IchlPfWifga8lej5FEqp6nZhYuv9efbOKwUfUwZjcfmyI3iuwz8+A3Tsmn1iyzax9+EVvaWCJUJBn4ak=",
"altsecid": "5::10032001969C229D",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd,mfa",
"appid": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
"appidacr": "2",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "******@company.com",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "XX",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "XXXX",
"http://schemas.microsoft.com/identity/claims/identityprovider": "https://sts.windows.net/XXX/",
"ipaddr": "something",
"name": "XXXXXX",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "XXXX",
"puid": "10032001D9806232",
"rh": "0.AUYAc3LSXrHum0yRSi9BTbD_IkZIf3kAutdPukPawfj2MBOAAGc.",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "exyAn0Yxp63Dy2vadW-JYi-MTExAkM3wfzieQMLWgiA",
"http://schemas.microsoft.com/identity/claims/tenantid": "XXXX",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "x******@company.com",
"uti": "egle1iAcbUOFR5bUMsV6AA",
"ver": "1.0",
"xms_tcdt": "1637641423"
},
"correlationId": "043bebc6-0f36-4e7c-b8e7-c7c4bdd8656a",
"description": "",
"eventDataId": "ea90d6fd-2385-46b8-9c1a-180f9f4b974e",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
},
"category": {
"value": "Administrative",
"localizedValue": "Administrative"
},
"eventTimestamp": "2022-03-21T10:38:33.2082687Z",
"id": "/subscriptions/xxxxresourceGroups/xxxx/providers/Microsoft.DBforPostgreSQL/servers/postgresql-000/keys/kb-vault-001_kb-key-001_4905720906494cf2ad2f18150d695adf/events/ea90d6fd-2385-46b8-9c1a-180f9f4b974e/ticks/637834559132082687",
"level": "Error",
"operationId": "4fb59b96-5c9d-4256-a364-5e177eeb5356",
"operationName": {
"value": "Microsoft.DBforPostgreSQL/servers/keys/write",
"localizedValue": "Create/Update Azure Database for PostgreSQL Server Keys"
},
"resourceGroupName": "xxxxx",
"resourceProviderName": {
"value": "Microsoft.DBforPostgreSQL",
"localizedValue": "Microsoft.DBforPostgreSQL"
},
"resourceType": {
"value": "Microsoft.DBforPostgreSQL/servers/keys",
"localizedValue": "Microsoft.DBforPostgreSQL/servers/keys"
},
"resourceId": "/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/Microsoft.DBforPostgreSQL/servers/postgresql-000/keys/kb-vault-001_kb-key-001_4905720906494cf2ad2f18150d695adf",
"status": {
"value": "Failed",
"localizedValue": "Failed"
},
"subStatus": {
"value": "",
"localizedValue": ""
},
"submissionTimestamp": "2022-03-21T10:39:47.1379879Z",
"subscriptionId": "XXX",
"tenantId": "XXX",
"properties": {
"statusMessage": "{\"status\":\"Failed\",\"error\":{\"code\":\"ResourceOperationFailure\",\"message\":\"The resource operation completed with terminal provisioning state 'Failed'.\",\"details\":[{\"code\":\"InternalServerError\",\"message\":\"An unexpected error occured while processing the request. Tracking ID: '8cef0162-f1b4-48f8-a8cd-3012b2209f5e'\"}]}}",
"eventCategory": "Administrative",
"entity": "/subscriptions/XXX/resourceGroups/xxxx/providers/Microsoft.DBforPostgreSQL/servers/postgresql-000/keys/kb-vault-001_kb-key-001_4905720906494cf2ad2f18150d695adf",
"message": "Microsoft.DBforPostgreSQL/servers/keys/write",
"hierarchy": "21cb192e-52db-4afb-9c30-26cef5d6702f"
},
"relatedEvents": []
}
Why I am getting internal server error in the response ?
An Azure managed PostgreSQL database service for app development and deployment.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi AbdulRafayKhan-9524,
There are some limitations for encrypting data with custom keys for posrgresql:
https://learn.microsoft.com/en-us/azure/postgresql/concepts-data-encryption-postgresql#limitations
Also, there is an email address in the link where you might get some help to troubleshoot the issue.
Hope this helps!
Hey @Cristian SPIRIDON , thanks for your reply. My PostgreSQL server is general purpose and in EASTUS region, so no issue there. I'll get help from the mentioned email.