Infrastructure double encryption for PostgreSQL Database Server should be enabled

azure.dbforpostgresql
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

It is recommended to enable ‘infrastructure encryption’ when creating Azure Database for PostgreSQL servers. This additional layer of encryption occurs at the hardware level, ensuring that data is encrypted even before it is accessed. This prevents interception of data in motion and protects data at rest in system resources. Enabling ‘infrastructure encryption’ also secures database backups. To achieve the highest level of security, it is advised to use a Customer Managed asymmetric RSA 2048 bit key stored in Azure Key Vault for key-based encryption.

Remediation

From the console

Note: It is not possible to enable ‘infrastructure encryption’ on an existing Azure Database for PostgreSQL server.

The remediation steps detail the creation of a new Azure Database for PostgreSQL server with ‘infrastructure double encryption’ enabled.

  1. Follow the normal process of database creation.
  2. Under Additional settings, ensure that infrastructure double encryption enabled is checked.
  3. Finish database creation as normal.