Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
All the data managed by an Azure HorizonDB instance is always encrypted at rest. That data includes all system and user databases, server logs, write-ahead log segments, and backups. Encryption is handled by the underlying storage through Server-side encryption of Azure Disk Storage.
Encryption at Rest with Service (SMK)
Azure HorizonDB supports data encryption at rest using: service managed keys (SMK) Data encryption with service managed keys is the default mode for Azure HorizonDB. In this mode, the service automatically manages the encryption keys used to encrypt your data. You don't need to take any action to enable or manage encryption in this mode.
To achieve the encryption of your data, Azure HorizonDB uses Azure Storage encryption for data at rest.
Benefits provided by each mode (SMK)
Data encryption with service managed keys for Azure HorizonDB provides the following benefits:
- The service automatically and fully controls data access.
- The service automatically and fully controls your key's life cycle, including rotation of the key.
- You don't need to worry about managing data encryption keys.
- Data encryption based on service managed keys doesn't negatively affect the performance of your workloads.
- It simplifies the management of encryption keys (including their regular rotation), and the management of the identities used to access those keys.