We can use the Azure Premium Key Vault with Hardware Security Modules ( HSM ) backed keys.
The Key Vault has to be in the same region as the VM that will be encrypted.
Note: If you want to use a key encryption key ( KEK ) for an additional layer of security for encryption keys, add a KEK to your key vault. Use the Add-AzKeyVaultKey cmdlet for create a key encryption key in the key vault. You can also import a KEK from your on-premises key management HSM.
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss
No comments:
Post a Comment