Public preview: Infrastructure encryption using customer managed key for PostgreSQL – Flexible Server
Published date: October 12, 2022
Azure Database for PostgreSQL – Flexible Server uses storage encryption of data at-rest for data using service managed encryption keys. Data, including backups, are encrypted on disk and this encryption is always on and can't be disabled. The encryption uses FIPS 140-2 validated cryptographic module and an AES 256-bit cipher for the Azure storage encryption.
Infrastructure encryption with customer managed keys adds a second layer of protection by encrypting service-managed keys with customer managed key. It uses FIPS 140-2 validated cryptographic module, but with a different encryption algorithm. This provides an additional layer of protection for your data at rest. The key managed by the customer that is used to encrypt service supplied key is stored in Azure Key Vault service, which provides additional security, high availability, and disaster recovery features.