Merge pull request #106091 from Jak-MS/edit-pass-howto-data-encryption-troubleshoot-mysql-postgresql

edit pass: howto data encryption troubleshoot mysql postgresql

Author: ShawnJackson

articles/mysql/howto-data-encryption-troubleshoot.md

@@ -1,53 +1,57 @@
 ---
-title: Data encryption for Azure Database for MySQL troubleshooting
-description: Learn how to troubleshoot the data encryption for your Azure Database for MySQL
+title: Troubleshoot data encryption in Azure Database for MySQL
+description: Learn how to troubleshoot data encryption in Azure Database for MySQL
 author: kummanish
 ms.author: manishku
 ms.service: mysql
 ms.topic: conceptual
 ms.date: 02/13/2020
 ---
 
-# Troubleshooting data encryption with customer-managed keys in Azure Database for MySQL
-This article describes how to identify and resolve common issues/errors that occur on an Azure Database for MySQL configured with Data Encryption using customer-managed key.
+# Troubleshoot data encryption in Azure Database for MySQL
 
-## Introduction
-When data encryption is configured to use a customer-managed key in Azure Key Vault, continuous access to this key is required for the server to stay available. If the server loses access to the customer-managed key in Azure Key Vault, the server will start denying all connections with the appropriate error message and change its state to ***Inaccessible*** in the Azure portal.
+This article describes how to identify and resolve common issues that can occur in Azure Database for MySQL when configured with data encryption using a customer-managed key.
 
-If an inaccessible Azure Database for MySQL server is no longer needed, it can be deleted immediately to stop incurring costs. All other actions on the server are not permitted until access to the Azure key vault has been restored and the server is back available. Changing the data encryption option from ‘Yes’(customer-managed) to ‘No’ (service-managed) on an inaccessible the server is also not possible while a server is encrypted with customer-managed. You must revalidate the key manually to make the server back available. This is necessary to protect the data from unauthorized access while permissions to the customer-managed key have been revoked.
+## Introduction
 
-## Common errors causing server to become inaccessible
+When you configure data encryption to use a customer-managed key in Azure Key Vault, servers require continuous access to the key. If the server loses access to the customer-managed key in Azure Key Vault, it will deny all connections, return the appropriate error message, and change its state to ***Inaccessible*** in the Azure portal.
 
-Most issues that occur when you use data encryption with Azure Key Vault are caused by one of the following misconfigurations-
+If you no longer need an inaccessible Azure Database for MySQL server, you can delete it to stop incurring costs. No other actions on the server are permitted until access to the key vault has been restored and the server is available. It's also not possible to change the data encryption option from `Yes`(customer-managed) to `No` (service-managed) on an inaccessible server when it's encrypted with a customer-managed key. You'll have to revalidate the key manually before the server is accessible again. This action is necessary to protect the data from unauthorized access while permissions to the customer-managed key are revoked.
 
-The key vault is unavailable or doesn't exist
+## Common errors that cause the server to become inaccessible
 
-* The key vault was accidentally deleted.
-* An intermittent network error causes the key vault to be unavailable.
+The following misconfigurations cause most issues with data encryption that use Azure Key Vault keys:
 
-No permissions to access the key vault or the key doesn't exist
+- The key vault is unavailable or doesn't exist:
+  - The key vault was accidentally deleted.
+  - An intermittent network error causes the key vault to be unavailable.
 
-* The key was accidentally deleted, disabled or the key expired.
-* The Azure Database for MySQL instance-managed identity was accidentally deleted.
-* Permissions granted to the Azure Database for MySQL server managed identity for the keys aren't sufficient (they don't include Get, Wrap, and Unwrap).
-* Permissions for the Azure Database for MySQL server instance-managed identity were revoked.
+- You don't have permissions to access the key vault or the key doesn't exist:
+  - The key expired or was accidentally deleted or disabled.
+  - The managed identity of the Azure Database for MySQL instance was accidentally deleted.
+  - The managed identity of the Azure Database for MySQL instance has insufficient key permissions. For example, the permissions don't include Get, Wrap, and Unwrap.
+  - The managed identity permissions to the Azure Database for MySQL instance were revoked or deleted.
 
 ## Identify and resolve common errors
+
 ### Errors on the key vault
 
 #### Disabled key vault
-* AzureKeyVaultKeyDisabledMessage
-* **Explanation** : The operation could not be completed on server because the Azure Key Vault key is disabled.
+
+- `AzureKeyVaultKeyDisabledMessage`
+- **Explanation**: The operation couldn't be completed on server because the Azure Key Vault key is disabled.
 
 #### Missing key vault permissions
-* AzureKeyVaultMissingPermissionsMessage
-* The server does not have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault permissions. Grant any missing permissions to the service principal with ID.
+
+- `AzureKeyVaultMissingPermissionsMessage`
+- **Explanation**: The server doesn't have the required Get, Wrap, and Unwrap permissions to Azure Key Vault. Grant any missing permissions to the service principal with ID.
 
 ### Mitigation
-* Confirm that the customer-managed key is present in Key Vault:
-* Identify the key vault, then go to the key vault in the Azure portal.
-* Ensure that the key identified by the key URI is present.
 
+- Confirm that the customer-managed key is present in the key vault.
+- Identify the key vault, then go to the key vault in the Azure portal.
+- Ensure that the key URI identifies a key that is present.
 
 ## Next steps
-[Set up data encryption with a customer-managed key for your Azure database for MySQL by using the Azure portal](howto-data-encryption-portal.md).
+
+[Use the Azure portal to set up data encryption with a customer-managed key on Azure Database for MySQL](howto-data-encryption-portal.md)

articles/postgresql/howto-data-encryption-troubleshoot.md

@@ -1,53 +1,57 @@
 ---
-title: Data encryption for Azure Database for PostgreSQL - Single server troubleshooting
-description: Learn how to troubleshoot the data encryption for your Azure Database for PostgreSQL - Single server
+title: Troubleshoot data encryption in Azure Database for PostgreSQL - Single Server 
+description: Learn how to troubleshoot the data encryption on your Azure Database for PostgreSQL - Single Server
 author: kummanish
 ms.author: manishku
 ms.service: postgresql
 ms.topic: conceptual
 ms.date: 02/13/2020
 ---
 
-# Troubleshooting data encryption with customer-managed keys in Azure Database for PostgreSQL - Single server
-This article describes how to identify and resolve common issues/errors that occur on an Azure Database for PostgreSQL - Single server configured with Data Encryption using customer-managed key.
+# Troubleshoot data encryption in Azure Database for PostgreSQL - Single Server
 
-## Introduction
-When data encryption is configured to use a customer-managed key in Azure Key Vault, continuous access to this key is required for the server to stay available. If the server loses access to the customer-managed key in Azure Key Vault, the server will start denying all connections with the appropriate error message and change its state to ***Inaccessible*** in the Azure portal.
+This article helps you identify and resolve common issues that can occur in the single-server deployment of Azure Database for PostgreSQL when configured with data encryption using a customer-managed key.
 
-If an inaccessible Azure Database for PostgreSQL - Single server is no longer needed, it can be deleted immediately to stop incurring costs. All other actions on the server are not permitted until access to the Azure key vault has been restored and the server is back available. Changing the data encryption option from ‘Yes’(customer-managed) to ‘No’ (service-managed) on an inaccessible the server is also not possible while a server is encrypted with customer-managed. You must revalidate the key manually to make the server back available. This is necessary to protect the data from unauthorized access while permissions to the customer-managed key have been revoked.
+## Introduction
 
-## Common errors causing server to become inaccessible
+When you configure data encryption to use a customer-managed key in Azure Key Vault, the server requires continuous access to the key. If the server loses access to the customer-managed key in Azure Key Vault, it will deny all connections, return the appropriate error message, and change its state to ***Inaccessible*** in the Azure portal.
 
-Most issues that occur when you use data encryption with Azure Key Vault are caused by one of the following misconfigurations-
+If you no longer need an inaccessible Azure Database for PostgreSQL server, you can delete it to stop incurring costs. No other actions on the server are permitted until access to the key vault has been restored and the server is available. It's also not possible to change the data encryption option from `Yes`(customer-managed) to `No` (service-managed) on an inaccessible server when it's encrypted with a customer-managed key. You'll have to revalidate the key manually before the server is accessible again. This action is necessary to protect the data from unauthorized access while permissions to the customer-managed key are revoked.
 
-The key vault is unavailable or doesn't exist
+## Common errors causing server to become inaccessible
 
-* The key vault was accidentally deleted.
-* An intermittent network error causes the key vault to be unavailable.
+The following misconfigurations cause most issues with data encryption that use Azure Key Vault keys:
 
-No permissions to access the key vault or the key doesn't exist
+- The key vault is unavailable or doesn't exist:
+  - The key vault was accidentally deleted.
+  - An intermittent network error causes the key vault to be unavailable.
 
-* The key was accidentally deleted, disabled or the key expired.
-* The Azure Database for PostgreSQL - Single server instance-managed identity was accidentally deleted.
-* Permissions granted to the Azure Database for PostgreSQL managed identity for the keys aren't sufficient (they don't include Get, Wrap, and Unwrap).
-* Permissions for the Azure Database for PostgreSQL Single server instance-managed identity were revoked or deleted.
+- You don't have permissions to access the key vault or the key doesn't exist:
+  - The key expired or was accidentally deleted or disabled.
+- The managed identity of the Azure Database for PostgreSQL instance was accidentally deleted.
+  - The managed identity of the Azure Database for PostgreSQL instance has insufficient key permissions. For example, the permissions don't include Get, Wrap, and Unwrap.
+  - The managed identity permissions to the Azure Database for PostgreSQL instance were revoked or deleted.
 
 ## Identify and resolve common errors
+
 ### Errors on the key vault
 
 #### Disabled key vault
-* AzureKeyVaultKeyDisabledMessage
-* **Explanation** : The operation could not be completed on server because the Azure Key Vault key is disabled.
+
+- `AzureKeyVaultKeyDisabledMessage`
+- **Explanation**: The operation couldn't be completed on server because the Azure Key Vault key is disabled.
 
 #### Missing key vault permissions
-* AzureKeyVaultMissingPermissionsMessage
-* The server does not have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault permissions. Grant any missing permissions to the service principal with ID.
+
+- `AzureKeyVaultMissingPermissionsMessage`
+- **Explanation**: The server doesn't have the required Get, Wrap, and Unwrap permissions to Azure Key Vault. Grant any missing permissions to the service principal with ID.
 
 ### Mitigation
-* Confirm that the customer-managed key is present in Key Vault:
-* Identify the key vault, then go to the key vault in the Azure portal.
-* Ensure that the key identified by the key URI is present.
 
+- Confirm that the customer-managed key is present in the key vault.
+- Identify the key vault, then go to the key vault in the Azure portal.
+- Ensure that the key URI identifies a key that is present.
 
 ## Next steps
-[Set up data encryption with a customer-managed key for your Azure database for PostgreSQL by using the Azure portal](howto-data-encryption-portal.md).
+
+[Use the Azure portal to set up data encryption with a customer-managed key on Azure Database for PostgreSQL](howto-data-encryption-portal.md)