Skip to content

Commit c2094bd

Browse files
tamramtamram
authored
Update storage-service-encryption.md
1 parent 9a5610d commit c2094bd

File tree

1 file changed

+3
-4
lines changed

1 file changed

+3
-4
lines changed

articles/storage/common/storage-service-encryption.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: storage
55
author: tamram
66

77
ms.service: storage
8-
ms.date: 03/12/2020
8+
ms.date: 04/10/2020
99
ms.topic: conceptual
1010
ms.author: tamram
1111
ms.reviewer: cbrooks
@@ -30,7 +30,7 @@ For more information about the cryptographic modules underlying Azure Storage en
3030

3131
## About encryption key management
3232

33-
By default, data in a storage account is encrypted with Microsoft-managed keys. You can rely on Microsoft-managed keys for the encryption of your data, or you can manage encryption with your own keys. If you choose to manage encryption with your own keys, you have two options:
33+
Data in a new storage account is encrypted with Microsoft-managed keys. You can rely on Microsoft-managed keys for the encryption of your data, or you can manage encryption with your own keys. If you choose to manage encryption with your own keys, you have two options:
3434

3535
- You can specify a *customer-managed key* with Azure Key Vault to use for encrypting and decrypting data in Blob storage and in Azure Files.<sup>1,2</sup> For more information about customer-managed keys, see [Use customer-managed keys with Azure Key Vault to manage Azure Storage encryption](encryption-customer-managed-keys.md).
3636
- You can specify a *customer-provided key* on Blob storage operations. A client making a read or write request against Blob storage can include an encryption key on the request for granular control over how blob data is encrypted and decrypted. For more information about customer-provided keys, see [Provide an encryption key on a request to Blob storage (preview)](encryption-customer-provided-keys.md).
@@ -43,8 +43,7 @@ The following table compares key management options for Azure Storage encryption
4343
| Azure Storage services supported | All | Blob storage, Azure Files<sup>1,2</sup> | Blob storage |
4444
| Key storage | Microsoft key store | Azure Key Vault | Azure Key Vault or any other key store |
4545
| Key rotation responsibility | Microsoft | Customer | Customer |
46-
| Key usage | Microsoft | Azure portal, Storage Resource Provider REST API, Azure Storage management libraries, PowerShell, CLI | Azure Storage REST API (Blob storage), Azure Storage client libraries |
47-
| Key access | Microsoft only | Microsoft, Customer | Customer only |
46+
| Key control | Microsoft | Customer | Customer |
4847

4948
<sup>1</sup> For information about creating an account that supports using customer-managed keys with Queue storage, see [Create an account that supports customer-managed keys for queues](account-encryption-key-create.md?toc=%2fazure%2fstorage%2fqueues%2ftoc.json).<br />
5049
<sup>2</sup> For information about creating an account that supports using customer-managed keys with Table storage, see [Create an account that supports customer-managed keys for tables](account-encryption-key-create.md?toc=%2fazure%2fstorage%2ftables%2ftoc.json).

0 commit comments

Comments
 (0)