Introduction
Akumina enables custom keys in Akumina‘s single–tenant hosting instances using Azure Key Vaults to store and manage cryptographic keys. Customers can use software-protected or HSM-Protected (Key Vaults Premium SKU provisioned on request) keys using Vaults.
Pre-Requisites
- KeyVaults should be co-located with storage (same region)
- Supported custom key format types are .pfx, .pem, and .byok
Generating Keys
You can visit the Azure portal Key Vault Key Generation UI to generate keys if you need to generate keys programmatically, either use PowerShell, CLI, or REST APIs. In this document, we are going to use Azure Portal.
To generate a key, navigate to the key vault, then click keys, and then click Generate/Import
Standard SKU
Premium SKU
Importing Keys
To generate a key, navigate to the key vault, then click keys, and then click Generate/Import.
Standard SKU
Premium SKU
Configuring Storage Encryption
To enable storage encryption using custom keys, locate your storage account, and then navigate to encrypt and configure the key vault’s custom key.