Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Azure Storage Service Encryption – Azure Resource Manager template

Enabling Storage Service Encryption for an Azure Storage account in the portal is only a one click show.

imageimage

As well with PowerShell it is very easy.

Set-AzureRmStorageAccount -ResourceGroupName "smt" -Name "azcdmdncloudwitness" -EnableEncryptionService Blob -Verbose

Currently there is no Azure Resource Manager QuickStart template available on GitHub for SSE. Therefore you have to dive into the ARM Storage schema with API version 2016-01-01.

-> https://github.com/Azure/azure-resource-manager-schemas/blob/master/schemas/2016-01-01/Microsoft.Storage.json

So you have to add the following lines into the properties section of your Storage account description.

image

First you have the overall encryption section. In this section you are defining the key source and currently Microsoft.Storage is the only option available here. Then you are defining the different services and the only option here right now is blob. Under your service, you just have to set enabled to true or false, regarding what you want to use.

"properties": {
    "encryption": {
        "keySource": "Microsoft.Storage",
        "services": {
            "blob": {
                "enabled": true
            }
        }
    }
}

For more information about SSE have a look at the Q&A in the Azure documentation.

-> Frequently asked questions about Storage Service Encryption for Data at Rest

WordPress Cookie Notice by Real Cookie Banner