Volume encryption for Azure
You can encrypt disks in Azure using the following methods:
Default encryption, using Platform Managed Key (PMK)
Customer Managed Key (CMK) using Azure Key vault
For more information on Azure encryption, see: Data encryption models.
Table: Encryption for creating snapshots
Disk encryption | Snapshot encryption |
|---|---|
Platform Managed Key (PMK) | Same PMK is used as the source disk. |
Customer Managed Key (CMK) | Same CMK is used as the source disk. |
Table: Encryption for restoring snapshots
Snapshot encryption | Restored disk encryption |
|---|---|
PMK | Same PMK is used as the snapshot. |
CMK | Same CMK is used as the snapshot. |
Table: Encryption for restoring from backup
Snapshot encryption | Restored disk encryption |
|---|---|
PMK | Same PMK is used as the source disk. |
CMK | Same CMK is used as the source disk, else PMK is used. |
Note:
With this release disks would be restored with CMK if the same DES name is present in target subscription.