Update concepts-data-encryption.md

GennadNY · GennadNY · commit 01e2caa7f98f · 2022-11-15T16:15:24.000-08:00
diff --git a/articles/postgresql/flexible-server/concepts-data-encryption.md b/articles/postgresql/flexible-server/concepts-data-encryption.md
@@ -10,10 +10,13 @@ ms.reviewer: maghan
 ms.date: 10/12/2022
 ---
 
-# Azure Database for PostgreSQL - Flexible Server Data Encryption with a Customer-managed Key Preview
+# Azure Database for PostgreSQL - Flexible Server Data Encryption with a Customer-managed Key 
 
 [!INCLUDE [applies-to-postgresql-flexible-server](../includes/applies-to-postgresql-flexible-server.md)]
 
+> [!NOTE]
+> Azure Database for PostgreSQL - Flexible Server Data Encryption with a Customer-managed Key is currently in preview.
+
 Azure PostgreSQL uses [Azure Storage encryption](../../storage/common/storage-service-encryption.md) to encrypt data at-rest by default using Microsoft-managed keys. For Azure PostgreSQL users, it's similar to Transparent Data Encryption (TDE) in other databases such as SQL Server. Many organizations require full control of access to the data using a customer-managed key. Data encryption with customer-managed keys for Azure Database for PostgreSQL Flexible server - Preview enables you to bring your key (BYOK) for data protection at rest. It also allows organizations to implement separation of duties in the management of keys and data. With customer-managed encryption, you're responsible for, and in full control of, a key's lifecycle, key usage permissions, and auditing of operations on keys.
 
 Data encryption with customer-managed keys for Azure Database for PostgreSQL Flexible server - Preview is set at the server level. For a given server, a customer-managed key, called the key encryption key (KEK), is used to encrypt the service's data encryption key (DEK). The KEK is an asymmetric key stored in a customer-owned and customer-managed [Azure Key Vault](https://azure.microsoft.com/services/key-vault/)) instance. The Key Encryption Key (KEK) and Data Encryption Key (DEK) are described in more detail later in this article.
@@ -60,7 +63,7 @@ The key vault administrator can also [enable logging of Key Vault audit events](
 
 When the server is configured to use the customer-managed key stored in the key Vault, the server sends the DEK to the key Vault for encryptions. Key Vault returns the encrypted DEK stored in the user database. Similarly, when needed, the server sends the protected DEK to the key Vault for decryption. Auditors can use Azure Monitor to review Key Vault audit event logs, if logging is enabled.
 
-## Requirements for configuring data encryption in preview for Azure Database for PostgreSQL Flexible server
+## Requirements for configuring data encryption for Azure Database for PostgreSQL Flexible server
 
 The following are requirements for configuring Key Vault:
 
