You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/configure-customer-managed-keys-hardware.md
+3-4Lines changed: 3 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ Azure NetApp Files volume encryption with customer-managed keys with the managed
24
24
25
25
26
26
* Customer-managed keys with managed HSM is supported using the 2022.11 or later API version.
27
-
* Customer-managed keys with managed HSM is only supported for Azure NetApp Files accounts that do not have existing encryption.
27
+
* Customer-managed keys with managed HSM is only supported for Azure NetApp Files accounts that don't have existing encryption.
28
28
* Before creating a volume using customer-managed key with managed HSM volume, you must have:
29
29
* created an [Azure Key Vault](../key-vault/general/overview.md), containing at least one key.
30
30
* The key vault must have soft delete and purge protection enabled.
@@ -162,7 +162,7 @@ To use a system-assigned identity, the Azure Key Vault must be configured to use
162
162
1. In the Azure portal, navigate to Azure NetApp Files then select **Encryption**.
163
163
1. In the **Encryption** menu, provide the following values:
164
164
* For **Encryption key source**, select **Customer Managed Key**.
165
-
* For **Key URI**, select **Enter Key URI** the provide the URI for the managed HSM.
165
+
* For **Key URI**, select **Enter Key URI** then provide the URI for the managed HSM.
166
166
* Select the NetApp **Subscription**.
167
167
* For **Identity type**, select **User-assigned**.
168
168
1. When you select **User-assigned**, a context pane opens to select the identity.
@@ -171,11 +171,10 @@ To use a system-assigned identity, the Azure Key Vault must be configured to use
171
171
* "Microsoft.KeyVault/vaults/keys/read"
172
172
* "Microsoft.KeyVault/vaults/keys/encrypt/action"
173
173
* "Microsoft.KeyVault/vaults/keys/decrypt/action"
174
-
The user-assigned identity you select is added to your NetApp account. Due to RBAC being customizable, the Azure portal does not configure access to the key vault. For more information, see [Using Azure RBAC secret, key, and certificate permissions with Key Vault](../key-vault/general/rbac-guide.md#using-azure-rbac-secret-key-and-certificate-permissions-with-key-vault)
174
+
The user-assigned identity you select is added to your NetApp account. Due to RBAC being customizable, the Azure portal doesn't configure access to the key vault. For more information, see [Using Azure RBAC secret, key, and certificate permissions with Key Vault](../key-vault/general/rbac-guide.md#using-azure-rbac-secret-key-and-certificate-permissions-with-key-vault)
175
175
176
176
:::image type="content" source="../media/azure-netapp-files/encryption-user-assigned.png" alt-text="Screenshot of user-assigned submenu." lightbox="../media/azure-netapp-files/encryption-user-assigned.png":::
0 commit comments