Encryption at Rest

Understand encryption at rest in Azure Cosmos DB, including default service-managed keys and how to implement customer-managed keys via Azure Key Vault. Learn key creation, access policies, account setup, and key rotation to enhance data security. Explore the impact of encryption on request unit consumption.

We'll cover the following...

Introduction
Default behaviour
Customer-managed keys

Introduction

Encryption is the process of encoding information, usually through a key. Encoding makes information unreadable by those who don’t possess the decryption key. Encryption at rest is securing the data when it’s resting in a storage device. In case attackers get access to the server storage, they cannot extract meaningful information from it.

Default behaviour

In Cosmos DB, there are two storage device types:

SSDs: These are used as the main storage.
HDD: These are used for backups.

On both types, encryption is enabled by default at no extra cost. The primary encryption keys are called services-managed keys (SMKs) and are managed internally by ...

1.Welcome To Cosmos DB

2.Cosmos DB Fundamentals

Mini Project

3.Data Modeling

Mini Project

4.A Distributed Database

5.Change Feed

6.Security and Infrastructure

Mini Project

7.Server-Side Programming

8.Final Words

9.Conclusion

Encryption at Rest

Introduction

Default behaviour