question

AravindKannan-0207 avatar image
1 Vote"
AravindKannan-0207 asked ·

data encryption at rest in Azure Postgresql database

All managed dB services on azure have data encryption at rest by default. How to see the status on it for Azure postgresql.? Right now when I do "az postgres server show --name -g" of an existing postgresql server I can see Infrastructure Encryption : disabled..does it mean encrytion at rest if off?
How do I make sure that encryption is on always. Or at least get the right status of it.

azure-database-postgresql
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Please convey if there is a specific use case for looking for this value. or it is just for knowing it is configured right.

As this document explains - https://azure.microsoft.com/en-us/blog/securing-azure-database-for-mysql-and-azure-database-for-postgresql/
"All data stored by the service is secured via the Azure Storage Service through 256 bit AES encryption that is always on and cannot be turned off."
So the encryption at Rest is always on and data is secured.

0 Votes 0 · ·

I am aware of the official documentation . But am looking at options to test it either programatically or at least know that the encryption status is true in the system.

0 Votes 0 · ·

Hi Aravind

If this information helped you, please mark it as an answer.so that it can help others as well.

Thanks
Navtej S

0 Votes 0 · ·

1 Answer

NavtejSaini-MSFT avatar image
1 Vote"
NavtejSaini-MSFT answered ·

Hi Aravind

Thanks for the clarification. As I had mentioned before, Azure server encrypts the data at rest by default and you will not be able to check the status for the encryption.

Only way you can be sure of it is by going through the https://servicetrust.microsoft.com/ website to get information about security and compliance Microsoft Azure follows.

Now coming to the Infrastructure Encryption property that you are seeing. Our Product team has a feature in works where they are trying to provide an opt-in capability to double encrypt the servers with no effect on current default encryption. Once the work is complete, we will provide more guidance.

For now we will try to update API comments and description as soon as possible.

Hope this helps.

Thanks
Navtej S

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.