You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/mysql/howto-data-encryption-troubleshoot.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,36 +1,36 @@
1
1
---
2
-
title: Troubleshoot data encryption on Azure Database for MySQL
3
-
description: Learn how to troubleshoot data encryption for your Azure Database for MySQL
2
+
title: Troubleshoot data encryption in Azure Database for MySQL
3
+
description: Learn how to troubleshoot data encryption in Azure Database for MySQL
4
4
author: kummanish
5
5
ms.author: manishku
6
6
ms.service: mysql
7
7
ms.topic: conceptual
8
8
ms.date: 02/13/2020
9
9
---
10
10
11
-
# Troubleshoot data encryption with customer-managed keys in Azure Database for MySQL
11
+
# Troubleshoot data encryption in Azure Database for MySQL
12
12
13
-
This article describes how to identify and resolve common issues that can occur on an Azure Database for MySQL configured with data encryption using a customer-managed key.
13
+
This article describes how to identify and resolve common issues that can occur in Azure Database for MySQL when configured with data encryption using a customer-managed key.
14
14
15
15
## Introduction
16
16
17
17
When you configure data encryption to use a customer-managed key in Azure Key Vault, servers require continuous access to the key. If the server loses access to the customer-managed key in Azure Key Vault, it will deny all connections, return the appropriate error message, and change its state to ***Inaccessible*** in the Azure portal.
18
18
19
-
If you no longer need an inaccessible Azure Database for MySQL server, you can delete it to stop incurring costs. No other actions on the server are permitted until access to the Azure Key Vault has been restored and the server is available. It's also not possible to change the data encryption option from `Yes`(customer-managed) to `No` (service-managed) on an inaccessible server when it's encrypted with a customer-managed key. You'll have to revalidate the key manually before the server is accessible again. This action is necessary to protect the data from unauthorized access while permissions to the customer-managed key are revoked.
19
+
If you no longer need an inaccessible Azure Database for MySQL server, you can delete it to stop incurring costs. No other actions on the server are permitted until access to the key vault has been restored and the server is available. It's also not possible to change the data encryption option from `Yes`(customer-managed) to `No` (service-managed) on an inaccessible server when it's encrypted with a customer-managed key. You'll have to revalidate the key manually before the server is accessible again. This action is necessary to protect the data from unauthorized access while permissions to the customer-managed key are revoked.
20
20
21
21
## Common errors that cause the server to become inaccessible
22
22
23
-
Most issues that occur when you use data encryption with Azure Key Vault are caused by one of the following misconfigurations:
23
+
The following misconfigurations cause most issues with data encryption that use Azure Key Vault keys:
24
24
25
25
- The key vault is unavailable or doesn't exist:
26
26
- The key vault was accidentally deleted.
27
27
- An intermittent network error causes the key vault to be unavailable.
28
28
29
29
- You don't have permissions to access the key vault or the key doesn't exist:
30
30
- The key expired or was accidentally deleted or disabled.
31
-
- The Azure Database for MySQL instance-managed identity was accidentally deleted.
32
-
-Permissions granted to the Azure Database for MySQL server-managed identity for the keys aren't sufficient. For example, the permissions don't include Get, Wrap, and Unwrap.
33
-
-Permissions for the Azure Database for MySQL server instance-managed identity were revoked.
31
+
- The managed identity of the Azure Database for MySQL instance was accidentally deleted.
32
+
-Insufficient key permissions are granted to the managed identity of Azure Database for MySQL instance. For example, the permissions don't include Get, Wrap, and Unwrap.
33
+
-The managed identity permissions to the Azure Database for MySQL instancewere revoked or deleted.
34
34
35
35
## Identify and resolve common errors
36
36
@@ -44,13 +44,13 @@ Most issues that occur when you use data encryption with Azure Key Vault are cau
44
44
#### Missing key vault permissions
45
45
46
46
-`AzureKeyVaultMissingPermissionsMessage`
47
-
- The server doesn't have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault permissions. Grant any missing permissions to the service principal with ID.
47
+
-**Explanation**: The server doesn't have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault. Grant any missing permissions to the service principal with ID.
48
48
49
49
### Mitigation
50
50
51
-
- Confirm that the customer-managed key is present in Key Vault.
51
+
- Confirm that the customer-managed key is present in the key vault.
52
52
- Identify the key vault, then go to the key vault in the Azure portal.
53
-
- Ensure that the key identified by the key URI is present.
53
+
- Ensure that the key URI identifies a key that is present.
Copy file name to clipboardExpand all lines: articles/postgresql/howto-data-encryption-troubleshoot.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,36 +1,36 @@
1
1
---
2
-
title: Troubleshoot data encryption on Azure Database for PostgreSQL - singleserver
3
-
description: Learn how to troubleshoot the data encryption on your Azure Database for PostgreSQL - singleserver
2
+
title: Troubleshoot data encryption in Azure Database for PostgreSQL (single-server deployment)
3
+
description: Learn how to troubleshoot the data encryption on your Azure Database for PostgreSQL (single-server deployment)
4
4
author: kummanish
5
5
ms.author: manishku
6
6
ms.service: postgresql
7
7
ms.topic: conceptual
8
8
ms.date: 02/13/2020
9
9
---
10
10
11
-
# Troubleshoot data encryption with customer-managed keys in Azure Database for PostgreSQL - singleserver
11
+
# Troubleshoot data encryption in Azure Database for PostgreSQL (single-server deployment)
12
12
13
-
This article describes how to identify and resolve common issues that can occur on an Azure Database for PostgreSQL - single server configured with data encryption using customer-managed key.
13
+
This article describes how to identify and resolve common issues that can occur in Azure Database for PostgreSQL (single-server deployment) when configured with data encryption using a customer-managed key.
14
14
15
15
## Introduction
16
16
17
-
When you configure data encryption to use a customer-managed key in Azure Key Vault, servers require continuous access to the key. If the server loses access to the customer-managed key in Azure Key Vault, it will deny all connections, return the appropriate error message, and change its state to ***Inaccessible*** in the Azure portal.
17
+
When you configure data encryption to use a customer-managed key in Azure Key Vault, the server requires continuous access to the key. If the server loses access to the customer-managed key in Azure Key Vault, it will deny all connections, return the appropriate error message, and change its state to ***Inaccessible*** in the Azure portal.
18
18
19
-
If you no longer need an inaccessible Azure Database for PostgreSQL - single server, you can delete it to stop incurring costs. No other actions on the server are permitted until access to the Azure Key Vault has been restored and the server is available. It's also not possible to change the data encryption option from `Yes`(customer-managed) to `No` (service-managed) on an inaccessible server when it's encrypted with a customer-managed key. You'll have to revalidate the key manually before the server is accessible again. This action is necessary to protect the data from unauthorized access while permissions to the customer-managed key are revoked.
19
+
If you no longer need an inaccessible Azure Database for PostgreSQL server, you can delete it to stop incurring costs. No other actions on the server are permitted until access to the key vault has been restored and the server is available. It's also not possible to change the data encryption option from `Yes`(customer-managed) to `No` (service-managed) on an inaccessible server when it's encrypted with a customer-managed key. You'll have to revalidate the key manually before the server is accessible again. This action is necessary to protect the data from unauthorized access while permissions to the customer-managed key are revoked.
20
20
21
21
## Common errors causing server to become inaccessible
22
22
23
-
Most issues that occur when you use data encryption with Azure Key Vault are caused by one of the following misconfigurations:
23
+
The following misconfigurations cause most issues with data encryption that use Azure Key Vault keys:
24
24
25
25
- The key vault is unavailable or doesn't exist:
26
26
- The key vault was accidentally deleted.
27
27
- An intermittent network error causes the key vault to be unavailable.
28
28
29
29
- You don't have permissions to access the key vault or the key doesn't exist:
30
30
- The key expired or was accidentally deleted or disabled.
31
-
- The Azure Database for PostgreSQL - single server instance-managed identity was accidentally deleted.
32
-
-Permissions granted to the Azure Database for PostgreSQL managed identity for the keys aren't sufficient. For example, the permissions don't include Get, Wrap, and Unwrap.
33
-
-Permissions for the Azure Database for PostgreSQL - single-server instance-managed identity were revoked or deleted.
31
+
- The managed identity of the Azure Database for PostgreSQL instance was accidentally deleted.
32
+
-Insufficient key permissions are granted to the managed identity of the Azure Database for PostgreSQL instance. For example, the permissions don't include Get, Wrap, and Unwrap.
33
+
-The managed identity permissions to the Azure Database for PostgreSQL instance were revoked or deleted.
34
34
35
35
## Identify and resolve common errors
36
36
@@ -44,13 +44,13 @@ Most issues that occur when you use data encryption with Azure Key Vault are cau
44
44
#### Missing key vault permissions
45
45
46
46
-`AzureKeyVaultMissingPermissionsMessage`
47
-
- The server doesn't have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault permissions. Grant any missing permissions to the service principal with ID.
47
+
-**Explanation**: The server doesn't have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault. Grant any missing permissions to the service principal with ID.
48
48
49
49
### Mitigation
50
50
51
-
- Confirm that the customer-managed key is present in Key Vault.
51
+
- Confirm that the customer-managed key is present in the key vault.
52
52
- Identify the key vault, then go to the key vault in the Azure portal.
53
-
- Ensure that the key identified by the key URI is present.
53
+
- Ensure that the key URI identifies a key that is present.
0 commit comments