- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Storage accounts with activity log exports have the option to utilize Customer Managed Keys (CMKs) for encryption. By default, storage accounts use vendor managed keys for encryption. However, configuring the storage account to use CMKs enhances confidentiality controls on log data, requiring the user to have read permission on the storage account and decrypt permission by the CMK. It is important to note that setting up a key vault is necessary to use CMKs, as all Audit Logs are encrypted using a key provided by the user. The user is responsible for managing the lifecycle of the keys and replacing them at regular intervals to maintain data security.
az storage account update --name <name of the storage account> --resource- group <resource group for a storage account> --encryption-key- source=Microsoft.Keyvault --encryption-key-vault <Key Vault URI> -- encryption-key-name <KeyName> --encryption-key-version <Key Version>
Set-AzStorageAccount -ResourceGroupName <resource group name> -Name <storage account name> -KeyvaultEncryption -KeyVaultUri <key vault URI> -KeyName <key name>