Customer Managed Key feature in Azure PostgreSQL Flexible Server is GA in number of Azure regions!
Published Dec 15 2022 08:56 AM 3,528 Views

PostgreSQL is a powerful, open-source object-relational database system with over 35 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.   The origins of PostgreSQL date back to 1986 as part of the POSTGRES project at the University of California at Berkeley and has more than 35 years of active development on the core platform. 

Customer Managed Key (CMK) in PostgreSQL Flexible Server

Since announcing General Availability of Azure Database for PostgreSQL - Flexible Server slightly over a year ago, we have seen dramatic adoption with customers in number of industries that work with sensitive data.  Need to store sensitive data is crucial to our customers in financial, professional services, as well as e-commerce space.  That need is met by storage encryption for data at rest, which is built in security feature of Microsoft Azure.  However, many organizations require full control on access to the data using a customer-managed key.  To meet this need we introduced Customer Key Management (CMK) feature with Azure Database for PostgreSQL - Flexible Server, which entered Public Preview in October 2022.  As a next step, we are extremely excited to announce General Availability (GA) of Customer Managed Key (CMK) feature in Azure Database for PostgreSQL – Flexible Server in seven popular Azure regions.



Starting today, you can create Azure Database for PostgreSQL server with Customer Managed Keys (CMK) in General Availability in following seven Azure regions:

  • Canada East
  • Canada Central
  • Southeast Asia
  • Switzerland North
  • Switzerland West
  • Brazil South
  • East Asia 

Benefits of Customer Managed Keys in PostgreSQL Flexible Server. 

Data encryption with customer-managed keys for Azure Database for PostgreSQL - Flexible Server provides the following benefits:

  • You fully control data-access by the ability to remove the key and make the database inaccessible.

  • Full control over the key-lifecycle, including rotation of the key to aligning with corporate policies.

  • Central management and organization of keys in Azure Key Vault.

  • Enabling encryption doesn't have any additional performance impact with or without customers managed key (CMK) as PostgreSQL relies on the Azure storage layer for data encryption in both scenarios. The only difference is when CMK is used Azure Storage Encryption Key, which performs actual data encryption, is encrypted using CMK.

  • Ability to implement separation of duties between security officers, DBA, and system administrators.

We invite you to learn more about data encryption in PostgreSQL - Flexible Server and Customer Managed Keys by reading following resources:

We look forward to hearing about your’ experience with this new CMK feature in Preview on Flexible server. We’re always eager to hear customer feedback, so please reach out to us at Ask Azure DB for PostgreSQL.

To learn more about our Flexible Server managed service, see the Azure Database for PostgreSQL service page.

Version history
Last update:
‎Dec 27 2022 01:14 PM
Updated by: