You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/azure-disk-customer-managed-keys.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.date: 07/18/2022
9
9
10
10
# Bring your own keys (BYOK) with Azure disks in Azure Kubernetes Service (AKS)
11
11
12
-
Azure Storage encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply customer-managed keys to use for encryption at rest for both the OS and data disks for your AKS clusters.
12
+
Azure Storage encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys to use for encryption at rest for both the OS and data disks for your AKS clusters.
13
13
14
14
Learn more about customer-managed keys on [Linux][customer-managed-keys-linux] and [Windows][customer-managed-keys-windows].
15
15
@@ -23,7 +23,7 @@ Learn more about customer-managed keys on [Linux][customer-managed-keys-linux] a
23
23
* You must enable soft delete and purge protection for *Azure Key Vault* when using Key Vault to encrypt managed disks.
24
24
* You need the Azure CLI version 2.11.1 or later.
25
25
* Customer-managed keys are only supported in Kubernetes versions 1.17 and higher.
26
-
* If you choose to rotate (change) your keys periodically, see [Customer-managed keys and encryption of Azure managed disk](../virtual-machines/disk-encryption.md) for more information.
26
+
* If you choose to rotate (change) your keys periodically, for more information see [Customer-managed keys and encryption of Azure managed disk](../virtual-machines/disk-encryption.md).
27
27
28
28
## Create an Azure Key Vault instance
29
29
@@ -96,7 +96,7 @@ When new node pools are added to the cluster created above, the customer-managed
96
96
97
97
## Encrypt your AKS cluster data disk(optional)
98
98
99
-
OS disk encryption key is used to encrypt the data disk if the key is not provided for data disk from AKS version 1.17.2. You can also encrypt AKS data disks with your other keys.
99
+
OS disk encryption key is used to encrypt the data disk if the key isn't provided for data disk from AKS version 1.17.2. You can also encrypt AKS data disks with your other keys.
100
100
101
101
> [!IMPORTANT]
102
102
> Ensure you have the proper AKS credentials. The managed identity needs to have contributor access to the resource group where the diskencryptionset is deployed. Otherwise, you'll get an error suggesting that the managed identity does not have permissions.
0 commit comments