You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/automation/automation-secure-asset-encryption.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ manager: kmadnani
13
13
14
14
# Secure assets in Azure Automation
15
15
16
-
Secure assets in Azure Automation include credentials, certificates, connections and encrypted variables. These are protected in Azure Automation using multiple levels of encryption.
16
+
Secure assets in Azure Automation include credentials, certificates, connections, and encrypted variables. These assets are protected in Azure Automation using multiple levels of encryption.
17
17
Based on the top-level key used for the encryption, there are two models for encryption:
18
18
- Using Microsoft-managed keys
19
19
- Using customer-managed keys
@@ -26,9 +26,9 @@ Each secure asset is encrypted and stored in Azure Automation using a unique key
26
26
27
27
### Customer-managed Keys with Key Vault (preview)
28
28
29
-
You can manage encryption of secure assets in Azure Automation at the level of an automation account with your own keys. When you specify a customer-managed key at the level of the Automation account, that key is used to protect and control access to the account encryption key for the automation account which in turn is used to encrypt and decrypt all the secure assets. Customer-managed keys offer greater flexibility to create, rotate, disable and revoke access controls. You can also audit the encryption keys used to protect your secure assets.
29
+
You can manage encryption of secure assets in Azure Automation at the level of an automation account with your own keys. When you specify a customer-managed key at the level of the Automation account, that key is used to protect and control access to the account encryption key for the automation account, which in turn is used to encrypt and decrypt all the secure assets. Customer-managed keys offer greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your secure assets.
30
30
31
-
You must use Azure Key Vault to store customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. For more information about Azure Key Vault, see [What is Azure Key Vault?](../../key-vault/key-vault-overview.md)
31
+
You must use Azure Key Vault to store customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. For more information about Azure Key Vault, see [What is Azure Key Vault?](../key-vault/key-vault-overview.md)
32
32
33
33
## Enable customer-managed keys for an Automation account
34
34
@@ -47,8 +47,8 @@ The following three sections describe the mechanics of enabling customer-managed
47
47
Before enabling customer-managed keys for an Automation account, you must ensure the following pre-requisites are met
48
48
49
49
- The customer-manged key is stored in an Azure Key Vault.
50
-
- You must enable both the **Soft Delete** and **Do Not Purge** properties on the key vault. This is required to allow for recovery of keys in case of accidental deletion.
51
-
- Only RSA keys are supported with Azure Automation encryption. For more information about keys, see [About Azure Key Vault keys, secrets and certificates](../../key-vault/about-keys-secrets-and-certificates#key-vault-keys.md).
50
+
- You must enable both the **Soft Delete** and **Do Not Purge** properties on the key vault. These features are required to allow for recovery of keys in case of accidental deletion.
51
+
- Only RSA keys are supported with Azure Automation encryption. For more information about keys, see [About Azure Key Vault keys, secrets, and certificates](../key-vault/about-keys-secrets-and-certificates.md#key-vault-keys).
52
52
- The automation account and the key vault can be in different subscriptions but need to be in the same Azure Active Directory tenant.
53
53
54
54
### Assign an identity to the automation account
@@ -123,7 +123,7 @@ Request body
123
123
``
124
124
125
125
[!NOTE]
126
-
The tenantId and objectId fields need to be provided with values of identity.tenantId and identity.principalId from the response of managed identity for the automation account.
126
+
The tenantId and objectId fields must be provided with values of identity.tenantId and identity.principalId from the response of managed identity for the automation account.
127
127
128
128
### Change the configuration of automation account to use customer managed key
129
129
@@ -184,7 +184,7 @@ To revoke access to customer-managed keys, use PowerShell or Azure CLI. For more
184
184
185
185
## Next steps
186
186
187
-
-[What is Azure Key Vault?](../../azure/key-vault/key-vault-overview.md)
188
-
-[Certificate assets in Azure Automation]()
189
-
-[Credential assets in Azure Automation]()
190
-
-[Variable assets in Azure Automation]()
187
+
-[What is Azure Key Vault?](../key-vault/key-vault-overview.md)
188
+
-[Certificate assets in Azure Automation](shared-resources/certificates.md)
189
+
-[Credential assets in Azure Automation](shared-resources/credentials.md)
190
+
-[Variable assets in Azure Automation](shared-resources/variables.md)
0 commit comments