You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/energy-data-services/how-to-manage-data-security-and-encryption.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,15 +29,15 @@ In addition to TLS, when you interact with Azure Data Manager for Energy, all tr
29
29
30
30
## Set up Customer Managed Keys (CMK) for Azure Data Manager for Energy instance
31
31
> [!IMPORTANT]
32
-
> You can't edit CMK settings once the Azure Data Manager for Energy instance is created.
32
+
> The key vault and the user assigned identity must be in the same region as that of the Azure Data Manager for Energy instance. CMK can only be enabled only at the time of instance creation.
33
33
34
34
### Prerequisites
35
35
36
36
**Step 1: Configure the key vault**
37
37
38
38
1. You can use a new or existing key vault to store customer-managed keys. To learn more about Azure Key Vault, see [Azure Key Vault Overview](/azure/key-vault/general/overview) and [What is Azure Key Vault](/azure/key-vault/general/basic-concepts)?
39
39
2. Using customer-managed keys with Azure Data Manager for Energy requires that both soft delete and purge protection are enabled for the key vault. Soft delete is enabled by default when you create a new key vault and can't be disabled. You can enable purge protection when you create the key vault or afterwards.
40
-
3. To learn how to create a key vault with the Azure portal, see [Quickstart: Create a key vault using the Azure portal](/azure/key-vault/general/quick-create-portal). When you create the key vault, select Enable purge protection.
40
+
3. To learn how to create a key vault with the Azure portal, see [Quickstart: Create a key vault using the Azure portal](/azure/key-vault/general/quick-create-portal). The key vault must be in the same region as that of the Azure Data Manager for Energy instance. When you create the key vault, select Enable purge protection.
41
41
42
42
[](media/how-to-manage-data-security-and-encryption/customer-managed-key-1-create-key-vault.png#lightbox)
43
43
@@ -71,7 +71,7 @@ In addition to TLS, when you interact with Azure Data Manager for Energy, all tr
71
71
[](media/how-to-manage-data-security-and-encryption/customer-managed-key-3aa-enable-cmk.png#lightbox)
72
72
73
73
8. Next, select the user-assigned managed identity that is used to authorize access to the key vault that contains the key.
74
-
9. Select "**Select a user identity**" Select the user-assigned managed identity that you created in the prerequisites.
74
+
9. Select "**Select a user identity**" Select the user-assigned managed identity that you created in the prerequisites. The user-assigned managed identity must be created in the same region as the Azure Data Manager for Energy instance.
75
75
[](media/how-to-manage-data-security-and-encryption/customer-managed-key-3bb-select-managed-identity.png#lightbox)
76
76
77
77
10. This user assigned identity must have _get key_, _list key_, _wrap key_, and _unwrap key_ permissions on the key vault. For more information on assigning Azure Key Vault access policies, see [Assign a Key Vault Access Policy](/azure/key-vault/general/assign-access-policy).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments