You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/configure-customer-managed-keys.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ ms.workload: storage
13
13
ms.tgt_pltfrm: na
14
14
ms.topic: how-to
15
15
ms.custom: references_regions
16
-
ms.date: 03/31/2023
16
+
ms.date: 03/07/2023
17
17
ms.author: anfdocs
18
18
---
19
19
@@ -39,7 +39,8 @@ The following diagram demonstrates how customer-managed keys work with Azure Net
39
39
> Customer-managed keys for Azure NetApp Files volume encryption is currently in preview. You need to submit a waitlist request for accessing the feature through the **[Customer-managed keys for Azure NetApp Files volume encryption](https://aka.ms/anfcmkpreviewsignup)** page. Customer-managed keys feature is expected to be enabled within a week from submitting waitlist request.
40
40
41
41
* Customer-managed keys can only be configured on new volumes. You can't migrate existing volumes to customer-managed key encryption.
42
-
* To create a volume using customer-managed keys, you must select the *Standard* network features. You can't use customer-managed key volumes with volume configured using Basic network features. Follow instructions in [Set the Network Features option](configure-network-features.md#set-the-network-features-option) to create a volume.
42
+
* To create a volume using customer-managed keys, you must select the *Standard* network features. You can't use customer-managed key volumes with volume configured using Basic network features. Follow instructions in to [Set the Network Features option](configure-network-features.md#set-the-network-features-option) in the volume creation page.
43
+
* Switching from user-assigned identity to the system-assigned identity isn't currently supported.
43
44
* MSI Automatic certificate renewal isn't currently supported.
44
45
* The MSI certificate has a lifetime of 90 days. It becomes eligible for renewal after 46 days. **After 90 days, the certificate is no longer be valid and the customer-managed key volumes under the NetApp account will go offline.**
45
46
* To renew, you need to call the NetApp account operation `renewCredentials` if eligible for renewal. If it's not eligible, an error message will communicate the date of eligibility.
@@ -99,10 +100,7 @@ Before creating your first customer-managed key volume, you must have set up:
99
100
* The key vault must have soft delete and purge protection enabled.
100
101
* The key must be of type RSA.
101
102
* The key vault must have an [Azure Private Endpoint](../private-link/private-endpoint-overview.md).
102
-
* You need a private endpoint in each VNet you intend on using for Azure NetApp Files volumes
103
103
* The private endpoint must reside in a different subnet than the one delegated to Azure NetApp Files. The subnet must be in the same VNet as the one delegated to Azure NetApp.
104
-
* The network security group on the Azure NetApp Files delegated subnet must allow incoming traffic from the subnet where the VM mounting Azure NetApp Files volumes is located.
105
-
* The network security group on the Azure NetApp Files delegated subnet must also allow outgoing traffic to the subnet where the private endpoint is located.
106
104
107
105
For more information about Azure Key Vault and Azure Private Endpoint, refer to:
108
106
*[Quickstart: Create a key vault ](../key-vault/general/quick-create-portal.md)
@@ -144,7 +142,7 @@ For more information about Azure Key Vault and Azure Private Endpoint, refer to:
144
142
*`Microsoft.KeyVault/vaults/keys/decrypt/action`
145
143
The user-assigned identity you select is added to your NetApp account. Due to the customizable nature of role-based access control (RBAC), the Azure portal doesn't configure access to the key vault. See [Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control](../key-vault/general/rbac-guide.md) for details on configuring Azure Key Vault.
146
144
147
-
1. After selecting the **Save** button, you'll receive a notification communicating the status of the operation. If the operation was not successful, an error message displays. Refer to [error messages and troubleshooting](#error-messages-and-troubleshooting) for assistance in resolving the error.
145
+
1. After selecting **Save** button, you'll receive a notification communicating the status of the operation. If the operation was not successful, an error message displays. Refer to [error messages and troubleshooting](#error-messages-and-troubleshooting) for assistance in resolving the error.
0 commit comments