Azure Storage Server-Side Encryption

This topic will show you how to enable Server-Side Encryption for the Azure Storage Account associated with your installation. Server-side encryption provides another level of security for the at rest data stored in Azure for your Akumina Solution. See the data flow in the Akumina Security and Infrastructure Overview topic.

Configuration Steps

Note: The “Storage Container”/Resource Group, should have an associated “Key Vault” – if it does not then Generate the “Key Vault”.

1. Search for the appropriate “Key Vault”
2. Select the appropriate “Key Vault” > Keys> “+Generate/Import”
3. On the “Create a key” page, enter a key Name, leave all other values as defaults. Click on “Create”
4. On the Keys page select the newly generated Key and the “Current Version”, copy the “Key Identifier”
5. Access your Storage Account > Encryption
6. Check box “Use your own Key”
7. Click on “Enter key URI”
8. Paste the “Key Identifier” obtained from the “Key Vault” above into the Key URI and SAVE

Important: If you are encrypting your Azure Storage account that is already in use, the current aadusers.xml file (if using PeopleSync) will need to be deleted and regenerated for it to be encrypted correctly after enabling encryption