Is "Encryption at Rest" always on for Azure Cache for Redis, or does it have to be configured RRS feed

  • Question

  • The product overview page for Azure Cache for Redis states:

    > Azure Cache for Redis supports industry-standard SSL to secure your data in transit and Azure Storage disk encryption at rest.

    However, there is no mention of how this is configured, or what tiers support it, in the documentation pages.  Is this always on, or is there a way to configure it?


    Wednesday, February 6, 2019 9:00 PM

All replies

  • Hi Dennis,

    This is a great question, and is not well documented so this forum post can serve as a great resource regarding this topic. 

    With regard to SSL connectivity for your Azure Cache for Redis, SSL is disabled by default. Navigate to the Advanced Properties page where you will find a means to enable SSL as well as setting the min TLS version.

    Since Redis is an in-memory data store, you shouldn't really need to worry about data at rest as it is not being persisted anywhere. You will however need to if you have enabled persistence. Encryption on disk is part of the infrastructure  Redis is deployed and not something Redis has direct control over. I am reaching out to the product team to get more information about this item.

    Thanks for your great question.


    Thursday, February 7, 2019 5:33 PM
  • Okay, with regard to encryption at rest. When you select the premium service tier, you are able to enable and configure data persistence.

    This is what you see if you don't have a premium service tier for an existing deployment, when you browse to Redis data persistence blade.

    This is what you see when you are deploying a new Redis Cache instance at the premium service tier:

    To encrypt the storage location, browse to the select storage account (in another browser session) and ensure the storage account is encrypted.

    There are two data persistence options: What is data persistence?

    I think I have everything covered but please ask any additional questions.



    Thursday, February 7, 2019 6:01 PM
  • When data persistence is enabled for Azure Cache for Redis and encryption is enabled on the Storage Account, what type of storage is utilized (Blob, etc.)?  I am trying to determine a customer-managed key can be used (which seems to be the case if either an Azure Blob or an Azure File is leveraged to store the data.
    Monday, December 9, 2019 7:56 PM
  • The state is persisted on a Blob container.

    You will have to reconfigure the RDB if the key is regenerated.

    Tuesday, December 10, 2019 11:23 AM