You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/load-testing/how-to-configure-customer-managed-keys.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,14 +38,14 @@ Azure Load Testing uses the customer-managed key to encrypt the following data i
38
38
39
39
- Customer-managed keys are only available for new Azure Load Testing resources. You should configure the key during resource creation.
40
40
41
-
- Azure Load Testing cannot automatically rotate the customer-managed key to use the latest version of the encryption key. You should update the key URI in the resource after the key is rotated in the Azure Key Vault.
41
+
- Azure Load Testing can't automatically rotate the customer-managed key to use the latest version of the encryption key. You should update the key URI in the resource after the key is rotated in the Azure Key Vault.
42
42
43
-
- Once customer-managed key encryption is enabled on a resource, it cannot be disabled.
43
+
- Once customer-managed key encryption is enabled on a resource, it can't be disabled.
44
44
45
45
## Configure your Azure Key Vault
46
46
You can use a new or existing key vault to store customer-managed keys. The Azure Load Testing resource and key vault may be in different regions or subscriptions in the same tenant.
47
47
48
-
You have to set the **Soft Delete** and **Purge Protection** properties on your Azure Key Vault instance to use customer-managed keys with Azure Load Testing. Soft delete is enabled by default when you create a new key vault and cannot be disabled. You can enable purge protection at any time.
48
+
You have to set the **Soft Delete** and **Purge Protection** properties on your Azure Key Vault instance to use customer-managed keys with Azure Load Testing. Soft delete is enabled by default when you create a new key vault and can't be disabled. You can enable purge protection at any time.
49
49
50
50
# [Azure portal](#tab/portal)
51
51
@@ -122,7 +122,7 @@ az keyvault key create \
122
122
123
123
## Add an access policy to your Azure Key Vault
124
124
125
-
The user-assigned managed identity that you will use to configure customer-managed keys on Azure Load Testing resource must have appropriate permissions to access the key vault.
125
+
The user-assigned managed identity that you use to configure customer-managed keys on Azure Load Testing resource must have appropriate permissions to access the key vault.
126
126
127
127
1. From the Azure portal, go to the Azure Key Vault instance that you plan to use to host your encryption keys. Select **Access Policies** from the left menu:
128
128
@@ -136,7 +136,7 @@ The user-assigned managed identity that you will use to configure customer-manag
136
136
137
137
1. Under **Select principal**, select **None selected**.
138
138
139
-
1. Search for the user-assigned managed identity you created and select it.
139
+
1. Search for the user-assigned managed identity you created, and then select it from the list.
140
140
141
141
1. Choose **Select** at the bottom.
142
142
@@ -273,7 +273,7 @@ You can change the managed identity for customer-managed keys for an existing Az
273
273
274
274
To learn more about each type of managed identity, see [Managed identity types](../active-directory/managed-identities-azure-resources/overview.md#managed-identity-types).
275
275
276
-
- If you select System-assigned, the system-assigned managed identity needs to be enabled on the resource and granted access to the AKV before changing the identity for customer-managed keys.
276
+
- If you select **System-assigned**, the system-assigned managed identity needs to be enabled on the resource and granted access to the AKV before changing the identity for customer-managed keys.
277
277
- If you select **User-assigned**, you must select an existing user-assigned identity that has permissions to access the key vault. To learn how to create a user-assigned identity, see [Use managed identities for Azure Load Testing Preview](how-to-use-a-managed-identity.md).
278
278
279
279
1. Save your changes.
@@ -285,7 +285,7 @@ You can change the managed identity for customer-managed keys for an existing Az
285
285
286
286
## Change the key
287
287
288
-
You can change the key that you are using for Azure Load Testing encryption at any time. To change the key with the Azure portal, follow these steps:
288
+
You can change the key that you're using for Azure Load Testing encryption at any time. To change the key with the Azure portal, follow these steps:
289
289
290
290
1. Navigate to your Azure Load Testing resource.
291
291
@@ -319,7 +319,7 @@ This feature is currently only available for new Azure Load Testing resources.
319
319
320
320
You can revoke a key by disabling the latest version of the key in Azure Key Vault. Alternatively, to revoke all keys from an Azure Key Vault instance, you can delete the access policy granted to the managed identity of the Azure Load Testing resource.
321
321
322
-
When you revoke the encryption key you may be able to run tests for about 10 minutes, after which the only available operation is resource deletion. It is recommended to rotate the key instead of revoking it to manage resource security and retain your data.
322
+
When you revoke the encryption key you may be able to run tests for about 10 minutes, after which the only available operation is resource deletion. It's recommended to rotate the key instead of revoking it to manage resource security and retain your data.
0 commit comments