Enable Infrastructure Double Encryption
More Info:
Ensure that infrastructure double encryption is enabled for your Azure PostgreSQL database servers in order to add a second layer of encryption for your PostgreSQL databases using a different encryption algorithm which provides enhanced data protection.Risk Level
MediumAddress
SecurityCompliance Standards
CISAZURE, CBP, HITRUST, GDPR, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Enable Infrastructure Double Encryption” in Azure using Azure Console, follow the below steps:
- Login to the Azure Portal (https://portal.azure.com/)
- Click on the “Virtual machines” option from the left-hand menu.
- Select the virtual machine that you want to remediate.
- Click on the “Disks” option from the left-hand menu.
- Select the disk that you want to remediate.
- Click on the “Disk Encryption” option from the left-hand menu.
- Click on the “Enable encryption” button.
- Select the key vault that you want to use for encryption.
- Click on the “Save” button to enable encryption.
Using CLI
Using CLI
To remediate the misconfiguration of enabling infrastructure double encryption in AZURE using AZURE CLI, please follow the below steps:
- Open the AZURE CLI in your terminal or command prompt.
- Login to your AZURE account using the command “az login”.
- Select the subscription in which the infrastructure needs to be double encrypted using the command
az account set --subscription <subscription-id> - Enable the infrastructure double encryption by creating a new storage account with encryption enabled using the command
az storage account create --name <storage-account-name> --resource-group <resource-group-name> --location <location> --sku Standard_LRS --encryption-services blob --encryption blob. - Verify that the infrastructure double encryption is enabled by checking the encryption status of the storage account using the command
az storage account show --name <storage-account-name> --resource-group <resource-group-name> --query "encryption.services.blob.enabled".
Using Python
Using Python
To enable Infrastructure Double Encryption in Azure using Python, you can follow these steps:
-
Install the Azure SDK for Python using pip:
-
Import the necessary modules:
-
Set up the Azure credentials:
-
Create a StorageManagementClient object:
-
Get the storage account that you want to enable Infrastructure Double Encryption for:
-
Create an Encryption object with the necessary properties:
-
Create a StorageAccountUpdateParameters object with the Encryption object:
-
Update the storage account with the StorageAccountUpdateParameters object: