More Info:
Ensure that Microsoft Azure PostgreSQL server data is encrypted in transit in order to meet security and compliance requirements. In-transit encryption helps prevent unauthorized users from getting access to critical data available in your Azure PostgreSQL databases.Risk Level
HighAddress
SecurityCompliance Standards
CISAZURE, CBP, HITRUST, SOC2, NISTCSF, PCIDSS, FedRAMPTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the misconfiguration of enabling in-transit encryption for PostgreSQL Database Servers in AZURE:
- Go to the AZURE portal and login to your account.
- In the left-hand menu, click on the “Azure Database for PostgreSQL servers” option.
- Select the PostgreSQL server for which you want to enable in-transit encryption.
- In the left-hand menu, under the “Security” section, click on the “Connection security” option.
- Under the “Connection security” section, toggle the “Enforce SSL connection” option to “Enabled”.
- Once you have enabled the “Enforce SSL connection” option, click on the “Save” button at the top of the page to save your changes.
Using CLI
Using CLI
To remediate the misconfiguration of enabling In-Transit Encryption for PostgreSQL Database Servers in AZURE using AZURE CLI, you can follow these step-by-step instructions:
- Open the Azure CLI in your preferred terminal.
-
Login to your Azure account using the command below:
-
Once you are logged in, set the subscription where your PostgreSQL server is located using the command below:
-
Next, set the resource group where your PostgreSQL server is located using the command below:
-
Now, enable SSL enforcement for your PostgreSQL server using the command below:
This command will enable SSL enforcement for your PostgreSQL server which will encrypt the data in transit.
-
Finally, verify that SSL enforcement is enabled for your PostgreSQL server by running the following command:
This command will return the value “Enabled” which confirms that SSL enforcement is enabled for your PostgreSQL server.
Using Python
Using Python
To remediate the misconfiguration “Enable In-Transit Encryption for PostgreSQL Database Servers” in Azure using Python, you can follow the below steps:These steps will enable in-transit encryption for PostgreSQL Database Servers in Azure using Python.
- Import the necessary libraries:
- Authenticate with Azure using Service Principal credentials:
- Instantiate the PostgreSQLManagementClient:
- Get the existing server details:
- Update the server with the in-transit encryption enabled:
- Verify that the in-transit encryption is enabled: