last sync: 2020-Oct-23 19:29:54 UTC

Azure Policy

Bring your own key data protection should be enabled for MySQL servers

Name Bring your own key data protection should be enabled for MySQL servers
Id 83cef61d-dbd1-4b20-a4fc-5fbc7da10833
Version 1.0.1
details on versioning
Category SQL
Description Using customer-managed keys for encrypting data at rest in your Azure Database for MySQL database servers enables implementing a separation of duties in the management of keys and data. When you configure a customer-managed key, the key is used to protect and control access to the key that encrypts your data. You have full control and responsibility for the key lifecycle, including rotation and management. The use of customer-managed keys is sometimes required for compliance purposes.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-04-28 14:50:57 add 83cef61d-dbd1-4b20-a4fc-5fbc7da10833
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Bring your own key data protection should be enabled for MySQL servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Using customer-managed keys for encrypting data at rest in your Azure Database for MySQL database servers enables implementing a separation of duties in the management of keys and data. When you configure a customer-managed key, the key is used to protect and control access to the key that encrypts your data. You have full control and responsibility for the key lifecycle, including rotation and management. The use of customer-managed keys is sometimes required for compliance purposes.",
    "metadata": {
      "version": "1.0.1",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DBforMySQL/servers"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.DBforMySQL/servers/keys",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.DBforMySQL/servers/keys/serverKeyType",
                "equals": "AzureKeyVault"
              },
              {
                "field": "Microsoft.DBforMySQL/servers/keys/uri",
                "notEquals": ""
              },
              {
                "field": "Microsoft.DBforMySQL/servers/keys/uri",
                "exists": "true"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "83cef61d-dbd1-4b20-a4fc-5fbc7da10833"
}