In this lab, we’ll walk through adding and configuring a storage volume to a Linux server and then encrypting the volume. We’ll start by creating an Azure Key Vault where we can store encryption keys, and we’ll walk through how to encrypt existing disks and use our vault to encrypt disks on new Virtual Machines.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a Key Vault and Key for Self-Managed Encryption
Learners will be shown how to create a vault in Azure Key Vault and then generate an encryption key for use with Azure’s encryption technologies.
- Encrypt a Disk Volume Using Azure Disk Encryption (ADE)
Learners will learn how to encrypt a disk using Azure Disk Encryption to secure data at the software level.
Note: Use the same location as your lab provided Resource Group when setting up the Azure Cloud Bash CLI.
- Use a Customer Managed Key with Azure Server Side Encryption
Learners will learn how to use a customer managed key rather the the standard Azure platform managed key to ensure they can meet their organization’s compliance standards.