You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-security-manage-encryption-keys.md
+18-4Lines changed: 18 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ author: HeidiSteen
8
8
ms.author: heidist
9
9
ms.service: cognitive-search
10
10
ms.topic: how-to
11
-
ms.date: 10/02/2024
11
+
ms.date: 10/07/2024
12
12
ms.custom:
13
13
- references_regions
14
14
- ignite-2023
@@ -69,8 +69,6 @@ Although double encryption is now available in all regions, support was rolled o
69
69
70
70
+ No support for Azure Key Vault Managed Hardware Security Model (HSM).
71
71
72
-
+ No support for adding encryption keys in the Azure portal.
73
-
74
72
+ No cross-subscription support. Azure Key Vault and Azure AI Search must be in the same subscription.
75
73
76
74
## Key Vault tips
@@ -234,7 +232,9 @@ Wait a few minutes for the role assignment to become operational.
234
232
235
233
## Step 4: Encrypt content
236
234
237
-
Encryption keys are added when you create an object. To add a customer-managed key on an index, synonym map, indexer, data source, or skillset, use the [Search REST API](/rest/api/searchservice/) or an Azure SDK to create an object that has encryption enabled. To add encryption using the Azure SDK, see the [Python example](#python-example-of-an-encryption-key-configuration) in this article.
235
+
Encryption keys are added when you create an object. To add a customer-managed key on an index, synonym map, indexer, data source, or skillset, use the Azure portal, a [Search REST API](/rest/api/searchservice/), or an Azure SDK to create an object that has encryption enabled. To add encryption using the Azure SDK, see the [Python example](#python-example-of-an-encryption-key-configuration) in this article.
236
+
237
+
### [**REST APIs**](#tab/rest)
238
238
239
239
1. Call the creation APIs to specify the **encryptionKey** property:
240
240
@@ -291,6 +291,20 @@ None of these key vault details are considered secret and could be easily retrie
291
291
> [!Important]
292
292
> Encrypted content in Azure AI Search is configured to use a specific Azure Key Vault key with a specific *version*. If you change the key or version, the object must be updated to use it **before** you delete the previous one. Failing to do so renders the object unusable. You won't be able to decrypt the content if the key is lost.
293
293
294
+
### [**Azure portal**](#tab/portal)
295
+
296
+
When you create a new object in the Azure portal, you can specify a predefined customer-managed key in a key vault. You can enable CMK-encryption for:
297
+
298
+
+ Indexes
299
+
+ Data sources
300
+
+ Indexers
301
+
302
+
In the Azure portal, skillsets are defined in JSON view. Use the JSON shown in the REST API examples to provide a customer-managed key on a skillset.
303
+
304
+
:::image type="content" source="media/search-manage-encryption-keys/assign-key-vault-portal.png" alt-text="Screenshot of the encryption key page in the Azure portal.":::
305
+
306
+
---
307
+
294
308
## Step 5: Test encryption
295
309
296
310
To verify encryption is working, revoke the encryption key, query the index (it should be unusable), and then reinstate the encryption key.
Copy file name to clipboardExpand all lines: articles/search/whats-new.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,6 +28,7 @@ ms.custom:
28
28
|[**Target filters in a hybrid search to just the vector queries**](hybrid-search-how-to-query.md#hybrid-search-with-filters-targeting-vector-subqueries-preview)| Feature | A filter on a hybrid query involves all subqueries on the request, regardless of type. You can override the global filter to scope the filter to a specific subquery. The new `filterOverride` parameter is available on hybrid queries using the [2024-09-01-preview](/rest/api/searchservice/documents/search-post?view=rest-searchservice-2024-09-01-preview&preserve-view=true). |
29
29
|[**Text Split skill (token chunking)**](cognitive-search-skill-textsplit.md)| Applied AI (skills) | This skill has new parameters that improve data chunking for embedding models. A new `unit` parameter lets you specify token chunking. You can now chunk by token length, setting the length to a value that makes sense for your embedding model. You can also specify the tokenizer and any tokens that shouldn't be split during data chunking. The new `unit` parameter and query subscore definitions are found in the [2024-09-01-preview](/rest/api/searchservice/skillsets/create-or-update?view=rest-searchservice-2024-09-01-preview&preserve-view=true). |
30
30
|[**2024-09-01-preview**](/rest/api/searchservice/search-service-api-versions?view=rest-searchservice-2024-09-01-preview&preserve-view=true)| API | Preview release of REST APIs for truncated dimensions in text-embedding-3 models, targeted vector filtering for hybrid queries, RRF subscore details for debugging, and token chunking for Text Split skill.|
31
+
|[**Portal support for customer-managed key encryption (CMK)**](search-security-manage-encryption-keys.md#step-4-encrypt-content)| Feature | When you create new objects in the Azure portal, you can now specify CMK-encryption and select an Azure Key Vault to provide the key. |
0 commit comments