You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/mysql/howto-data-encryption-troubleshoot.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ This article describes how to identify and resolve common issues/errors that occ
14
14
## Introduction
15
15
When data encryption is configured to use a customer-managed key in Azure Key Vault, continuous access to this key is required for the server to stay available. If the server loses access to the customer-managed key in Azure Key Vault, the server will start denying all connections with the appropriate error message and change its state to ***Inaccessible*** in the Azure portal.
16
16
17
-
If an inaccessible Azure Database for MySQL server is no longer needed, it can be deleted immediately to stop incurring costs. All other actions on the server are not permitted until access to the Azure key vault key has been restored and the server is back available. Changing the data encryption option from ‘Yes’(customer-managed) to ‘No’ (service-managed) on the server is also not possible while a server is encrypted with customer-managed keys is inaccessible. You must re-validate the key manually to make the server back available. This is necessary to protect the data from unauthorized access while permissions to the customer-managed key have been revoked.
17
+
If an inaccessible Azure Database for MySQL server is no longer needed, it can be deleted immediately to stop incurring costs. All other actions on the server are not permitted until access to the Azure key vault has been restored and the server is back available. Changing the data encryption option from ‘Yes’(customer-managed) to ‘No’ (service-managed) on an inaccessible the server is also not possible while a server is encrypted with customer-managed. You must revalidate the key manually to make the server back available. This is necessary to protect the data from unauthorized access while permissions to the customer-managed key have been revoked.
18
18
19
19
## Common errors causing server to become inaccessible
20
20
@@ -28,9 +28,9 @@ The key vault is unavailable or doesn't exist
28
28
No permissions to access the key vault or the key doesn't exist
29
29
30
30
* The key was accidentally deleted, disabled or the key expired.
31
-
* The Azure Database for MySQL instancemanaged identity was accidentally deleted.
31
+
* The Azure Database for MySQL instance-managed identity was accidentally deleted.
32
32
* Permissions granted to the Azure Database for MySQL server’s managed identity for the keys aren't sufficient (they don't include Get, Wrap, and Unwrap).
33
-
* Permissions for the Azure Database for MySQL server instancemanaged identity were revoked.
33
+
* Permissions for the Azure Database for MySQL server instance-managed identity were revoked.
34
34
35
35
## Identify and resolve common errors
36
36
### Errors on the key vault
@@ -41,7 +41,7 @@ No permissions to access the key vault or the key doesn't exist
41
41
42
42
#### Missing key vault permissions
43
43
* AzureKeyVaultMissingPermissionsMessage
44
-
* The server does not have the requires Get, Wrap and Unwrap permissions to the Azure Key Vault permissions. Please grant any missing permissions to the service principal with ID.
44
+
* The server does not have the required Get, Wrap, and Unwrap permissions to the Azure Key Vault permissions. Grant any missing permissions to the service principal with ID.
45
45
46
46
### Mitigation
47
47
* Confirm that the customer-managed key is present in Key Vault:
Copy file name to clipboardExpand all lines: articles/postgresql/howto-data-encryption-troubleshoot.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ This article describes how to identify and resolve common issues/errors that occ
14
14
## Introduction
15
15
When data encryption is configured to use a customer-managed key in Azure Key Vault, continuous access to this key is required for the server to stay available. If the server loses access to the customer-managed key in Azure Key Vault, the server will start denying all connections with the appropriate error message and change its state to ***Inaccessible*** in the Azure portal.
16
16
17
-
If an inaccessible Azure Database for PostgreSQL Single server is no longer needed, it can be deleted immediately to stop incurring costs. All other actions on the server are not permitted until access to the Azure key vault key has been restored and the server is back available. Changing the data encryption option from ‘Yes’(customer-managed) to ‘No’ (service-managed) on the server is also not possible while a server is encrypted with customer-managed keys is inaccessible. You must re-validate the key manually to make the server back available. This is necessary to protect the data from unauthorized access while permissions to the customer-managed key have been revoked.
17
+
If an inaccessible Azure Database for PostgreSQL Single server is no longer needed, it can be deleted immediately to stop incurring costs. All other actions on the server are not permitted until access to the Azure key vault has been restored and the server is back available. Changing the data encryption option from ‘Yes’(customer-managed) to ‘No’ (service-managed) on an inaccessible the server is also not possible while a server is encrypted with customer-managed. You must revalidate the key manually to make the server back available. This is necessary to protect the data from unauthorized access while permissions to the customer-managed key have been revoked.
18
18
19
19
## Common errors causing server to become inaccessible
20
20
@@ -28,9 +28,9 @@ The key vault is unavailable or doesn't exist
28
28
No permissions to access the key vault or the key doesn't exist
29
29
30
30
* The key was accidentally deleted, disabled or the key expired.
31
-
* The Azure Database for PostgreSQL Single server instancemanaged identity was accidentally deleted.
31
+
* The Azure Database for PostgreSQL Single server instance-managed identity was accidentally deleted.
32
32
* Permissions granted to the Azure Database for PostgreSQL Single server’s managed identity for the keys aren't sufficient (they don't include Get, Wrap, and Unwrap).
33
-
* Permissions for the Azure Database for PostgreSQL Single server instancemanaged identity were revoked or deleted.
33
+
* Permissions for the Azure Database for PostgreSQL Single server instance-managed identity were revoked or deleted.
34
34
35
35
## Identify and resolve common errors
36
36
### Errors on the key vault
@@ -41,7 +41,7 @@ No permissions to access the key vault or the key doesn't exist
41
41
42
42
#### Missing key vault permissions
43
43
* AzureKeyVaultMissingPermissionsMessage
44
-
* The server does not have the requires Get, Wrap and Unwrap permissions to the Azure Key Vault permissions. Please grant any missing permissions to the service principal with ID.
44
+
* The server does not have the requires Get, Wrap, and Unwrap permissions to the Azure Key Vault permissions. Grant any missing permissions to the service principal with ID.
45
45
46
46
### Mitigation
47
47
* Confirm that the customer-managed key is present in Key Vault:
0 commit comments