AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

PostgreSQL flexible servers should use customer-managed keys to encrypt data at rest

Azure BuiltIn Policy definition

Source Azure Portal
Display name PostgreSQL flexible servers should use customer-managed keys to encrypt data at rest
Id 12c74c95-0efd-48da-b8d9-2a7d68470c92
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 2
1.0.0
1.1.0
Built-in Versioning [Preview]
Category PostgreSQL
Microsoft Learn
Description Use customer-managed keys to manage the encryption at rest of your PostgreSQL flexible servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DBforPostgreSQL/flexibleServers/dataEncryption.primaryKeyURI Microsoft.DBforPostgreSQL flexibleServers properties.dataEncryption.primaryKeyURI True False
Microsoft.DBforPostgreSQL/flexibleServers/dataEncryption.type Microsoft.DBforPostgreSQL flexibleServers properties.dataEncryption.type True False
Rule resource types IF (1)
Microsoft.DBforPostgreSQL/flexibleServers
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-07-30 18:18:24 change Minor (1.0.0 > 1.1.0)
2024-06-14 18:20:16 add 12c74c95-0efd-48da-b8d9-2a7d68470c92
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC