Public Preview : Azure Cosmos DB for PostgreSQL Data Encryption with Customer Managed Keys
Published date: 26 April, 2023
Data stored in your Azure Cosmos DB for PostgreSQL cluster is automatically and seamlessly encrypted with keys managed by Microsoft (service-managed keys). Optionally, you can now choose to add an additional layer of security by enabling encryption with customer-managed keys.
Many organizations require full control of access to the data using a customer-managed key. Data encryption with customer-managed keys for Azure Cosmos DB for PostgreSQL enables you to bring your own key to protect data at rest. It also allows organizations to implement separation of duties in the management of keys and data.
With customer-managed encryption, you're responsible for, and in full control of, a key's lifecycle, key usage permissions, and auditing of operations on keys. Data encryption with customer-managed keys for Azure Cosmos DB for PostgreSQL is set at the server level. Data, including backups, is encrypted on disk, including the temporary files created while running queries.