You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-fluid-relay/concepts/customer-managed-keys.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ When you configure the Fluid Relay resource with CMK, the Azure Fluid Relay serv
24
24
25
25
To verify a Fluid Relay resource is using CMK, you can check the property of the resource by sending GET and see if it has valid, non-empty property of encryption.customerManagedKeyEncryption.
26
26
27
-
## Prerequisites:
27
+
## Prerequisites
28
28
29
29
Before configuring CMK on your Azure Fluid Relay resource, the following prerequisites must be met:
30
30
- Keys must be stored in an Azure Key Vault.
@@ -111,7 +111,7 @@ For more information about the command, see [New-AzFluidRelayServer](/powershell
111
111
### [Azure CLI](#tab/azure-cli)
112
112
To create Fluid Relay with CMK enabled using Azure CLI, you need to install [fluid-relay](/cli/azure/fluid-relay) extension first. See [instructions](/cli/azure/azure-cli-extensions-overview).
113
113
114
-
And make sure you complete all the prerequsite steps.
114
+
And make sure you complete all the [prerequsite](#prerequisites) steps.
115
115
116
116
Example of creating a Fluid Relay Service with CMK enabled:
117
117
```azurecli
@@ -122,7 +122,8 @@ For more information about the command, see [az fluid-relay server create](/cli/
122
122
123
123
**Notes:**
124
124
125
-
- Some arguments must be provided in **stringified JSON** format.
125
+
- These arguments must be provided in **stringified JSON** format.
126
+
-`identity`, `key-identity`
126
127
- The `type` field under `identity`**must be**`UserAssigned`. It specifies the identity type of the managed identity assigned to the Fluid Relay resource.
127
128
- The `identity-type` field under `key-identity`**must also be**`UserAssigned`. It indicates the identity type to be used for Customer-Managed Key (CMK) encryption.
128
129
- While multiple identities can be specified in the `identity` argument, **only** the identity defined in `key-identity` is used to access the Key Vault for CMK encryption.
@@ -146,7 +147,7 @@ Before updating the key encryption key (by identifier or version), ensure that *
146
147
147
148
When using the update command, you may specify only the parameters that have changed—unchanged arguments can be omitted.
148
149
149
-
All updates must satisfy the prerequisites described in this page.
150
+
All updates must satisfy the [prerequisites](#prerequisites) described in this page.
150
151
151
152
### [REST API](#tab/rest)
152
153
Request URL:
@@ -211,7 +212,7 @@ For more information about the command, see [az fluid-relay server update](/cli/
211
212
## Troubleshooting
212
213
213
214
### Error: Unexpected error happened when configuring CMK
214
-
- Ensure your configuration meets **all the requirements** listed in the prerequisites section.
215
+
- Ensure your configuration meets **all the requirements** listed in the [prerequisites](#prerequisites) section.
215
216
216
217
- Check if you have firewall rules enabled in your Azure Key Vault. If so, turn on "Allow trusted Microsoft services to bypass this firewall" option. See [Key Vault firewall-enabled trusted services only](/azure/key-vault/general/network-security?WT.mc_id=Portal-Microsoft_Azure_KeyVault#key-vault-firewall-enabled-trusted-services-only)
0 commit comments