What is encryption?
Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key.
There are two different type :-
- Symmetric encryption :– Which mean you will use same key to encrypt and decrypt the data
- Asymmetric encryption :– Which mean you will use different key , for example Private and public key.
both of these two type having two different ways :-
- Encryption at rest which mean data stored in a database, or data stored in a storage account.
- Encryption in transit which means data actively moving from one location to another.
So, there are different type of Encryption provided by Azure:-
- Encrypt raw storage
- Azure Storage Service Encryption :- encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval.
- Encrypt virtual machine disks low-level encryption protection for data written to physical disk
- Azure Disk Encryption : this method helps you to encruypt the actually windows or Linux disk, the best way to do this is h Azure Key Vault.
- Encrypt databases
- Transparent data encryption :- helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. It performs real-time encryption and decryption of the database.
The best way to do this which is Azure Key Vault, cloud service for storing your application secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, why should i use it :-
- Centralizing the solutions.
- Securely stored secrets and keys.
- Monitor access and use.
- Simplified administration of application secrets.
There are also two different kind of certificate in Azure which will helps you to encrypt for example the website or application, you need to know that Certificates used in Azure are x.509 v3 and can be signed by a trusted certificate authority, or they can be self-signed.
Types of certificates
- Service certificates are used for cloud services
- Management certificates are used for authenticating with the management API
which is attached to cloud services and enable secure communication to and from the service. For example, if you deploy a web site, you would want to supply a certificate that can authenticate an exposed HTTPS endpoint. Service certificates, which are defined in your service definition, are automatically deployed to the VM that is running an instance of your role.
allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.
Be noted that you can use Azure Key Vault to store your certificates.