Azure Managed Disks - mechanism for the storage and management of Microsoft keys RRS feed

  • Question

  • Hello

    We use a Microsoft Azure instance which specifically is Azure managed disks. I understand the disk is encrypted with AES-256 bit algorithm. However, currently Azure managed disks doesn’t support any mechanism to rotate the key/change the ownership of the key. The current model is having Azure in possession of the key and its management.

    Please can you advise

    • What is Microsoft Azure’s mechanism for the storage and management of keys ( for Azure managed disk).
      • Is this managed through any key management console like Azure key vault?
      • If not, what is the exact mechanism and how many people will have access to the key?
      • As part of Azure’s key management, do you rotate the key at any intervals?
    • Additionally, can you please share any independent third-party security reports that discusses about the Azure managed disks?

    Thank you for your help and support

    Tuesday, June 11, 2019 1:53 PM

All replies