You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/container-registry-customer-managed-keys.md
+7-8Lines changed: 7 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -355,10 +355,10 @@ az group deployment create \
355
355
356
356
### Show encryption status
357
357
358
-
To show the status of registry encryption, run the [az acr encryption show-status][az-acr-encryption-show-status] command:
358
+
To show the status of registry encryption, run the [az acr encryption show][az-acr-encryption-show] command:
359
359
360
360
```azurecli
361
-
az acr encryption show-status --name <registry-name>
361
+
az acr encryption show --name <registry-name>
362
362
```
363
363
364
364
## Use the registry
@@ -367,7 +367,7 @@ After enabling a customer-managed key in a registry, you can perform the same re
367
367
368
368
## Rotate key
369
369
370
-
Rotate a customer-managed key in Azure Key Vault according to your compliance policies. Create a new key, or update a key version, and then update the registry to encrypt data using the key. You can perform these steps using the Azure CLI or in the portal.
370
+
Rotate a customer-managed key used for registry encryption to your compliance policies. Create a new key, or update a key version, and then update the registry to encrypt data using the key. You can perform these steps using the Azure CLI or in the portal.
371
371
372
372
When rotating a key, typically you specify the same identity used when creating the registry. Optionally, configure a new user-assigned identity for key access, or enable and specify the registry's system-assigned identity.
373
373
@@ -414,9 +414,8 @@ For example, to generate and configure a new key version:
414
414
415
415
1. In the portal, navigate to your registry.
416
416
1. Under **Settings**, select **Encryption** > **Change key**.
417
-
1. Select **Select key**.
418
-
419
-
417
+
1. Select **Select key**
418
+
420
419
1. In the **Select key from Azure Key Vault** window, select the key vault and key you configured previously, and in **Version**, select **Create new**.
421
420
1. In the **Create a key** window, select **Generate**, and then **Create**.
422
421
1. Complete the key selection and select **Save**.
@@ -438,13 +437,13 @@ Revoking the key effectively blocks access to all registry data, since the regis
438
437
439
438
### System-assigned identity
440
439
441
-
You can configure a registry's system-assigned managed identity to access the key vault for encryption keys. If you're unfamiliar with the different managed identities for Azure resources, see [the overview](../active-directory/managed-identities-azure-resources/overview.md).
440
+
You can configure a registry's system-assigned managed identity to access the key vault for encryption keys. If you're unfamiliar with the different managed identities for Azure resources, see the [overview](../active-directory/managed-identities-azure-resources/overview.md).
442
441
443
442
To enable the registry's system-assigned identity in the portal:
444
443
445
444
1. In the portal, navigate to your registry.
446
445
1. Select **Settings** > **Identity**.
447
-
1. Under **System assigned**, set Status to **On**. Select **Save**.
446
+
1. Under **System assigned**, set **Status** to **On**. Select **Save**.
0 commit comments