PostgreSQL is a powerful, open-source object-relational database system with over 35 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. The origins of PostgreSQL date back to 1986 as part of the POSTGRES project at the University of California at Berkeley and has more than 35 years of active development on the core platform.
Customer Managed Key (CMK) in PostgreSQL Flexible Server
Since announcing General Availability of Azure Database for PostgreSQL - Flexible Server slightly over a year ago, we have seen dramatic adoption with customers in number of industries that work with sensitive data. Need to store sensitive data is crucial to our customers in financial, professional services, as well as e-commerce space. That need is met by storage encryption for data at rest, which is built in security feature of Microsoft Azure. However, many organizations require full control on access to the data using a customer-managed key. To meet this need we introduced Customer Key Management (CMK) feature with Azure Database for PostgreSQL - Flexible Server, which entered Public Preview in October 2022. In December of 2022 we announced General Availability (GA) of Customer Managed Key (CMK) feature in Azure Database for PostgreSQL – Flexible Server in seven popular Azure regions. Today, we are proud to announce General Availability for CMK feature in Azure Database for PostgreSQL - Flexible Server worldwide!
Benefits of Customer Managed Keys in PostgreSQL Flexible Server.
Data encryption with customer-managed keys for Azure Database for PostgreSQL - Flexible Server provides the following benefits:
You fully control data-access by the ability to remove the key and make the database inaccessible.
Full control over the key-lifecycle, including rotation of the key to aligning with corporate policies.
Central management and organization of keys in Azure Key Vault.
Enabling encryption doesn't have any additional performance impact with or without customers managed key (CMK) as PostgreSQL relies on the Azure storage layer for data encryption in both scenarios. The only difference is when CMK is used Azure Storage Encryption Key, which performs actual data encryption, is encrypted using CMK.
Ability to implement separation of duties between security officers, DBA, and system administrators.
We invite you to learn more about data encryption in PostgreSQL - Flexible Server and Customer Managed Keys by reading following resources:
We look forward to hearing about your’ experience with this new CMK feature on Flexible server. We’re always eager to hear customer feedback, so please reach out to us at Ask Azure DB for PostgreSQL.
To learn more about our Flexible Server managed service, see the Azure Database for PostgreSQL service page.