Infrastructure double encryption for PostgreSQL Database Server should be enabled

azure.dbforpostgresql
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

It is recommended to enable ‘infrastructure encryption’ when creating Azure Database for PostgreSQL servers. This additional layer of encryption occurs at the hardware level, ensuring that data is encrypted even before it is accessed. This prevents interception of data in motion and protects data at rest in system resources. Enabling ‘infrastructure encryption’ also secures database backups. To achieve the highest level of security, it is advised to use a Customer Managed asymmetric RSA 2048 bit key stored in Azure Key Vault for key-based encryption.

Remediation

From the console

Note: It is not possible to enable ‘infrastructure encryption’ on an existing Azure Database for PostgreSQL server.

The remediation steps detail the creation of a new Azure Database for PostgreSQL server with ‘infrastructure double encryption’ enabled.

  1. Follow the normal process of database creation.
  2. Under Additional settings, ensure that infrastructure double encryption enabled is checked.
  3. Finish database creation as normal.
PREVIEWING: drodriguezhdez/add_public_docs_log_summarization