Azure Insights: Service Bus encryption; Container Registry; Container image scans; Linux CentOS

April 25 2020

Microsoft Azure pros share their thoughts on Service Bus encryption, Container Registry, container image scans and working with Linux CentOS.

Encrypting Azure Service Bus with user keys

On the Serverless360 Blog, Ranjith Eswaran described how to encrypt Azure Service Bus data both at rest and in-transit to safeguard sensitive information. For the most part, Microsoft data centers already encrypt data to safeguard it in storage. But on the customer's end, it's important to keep in mind that this data is only as secure as the keys kept in Identity Based Access Control, often with different keys depending on the number of partitions which the data is shared between. The Key Encryption Key feature in Key Vault helps to restrict access further.

According to Eswaran, a key hierarchy is used for encryption at rest, with the AES256 key typically used to encrypt a block of data or the contents of a partition. Some organizations conduct custom encryption for Service Bus messages, but this comes with the challenges of decrypting when the message is received. As an alternative, Azure's Bring Your Own Key can hasten decryption. For the time being, custom keys are only supported in Premium namespaces.

Understanding tokens and scope maps for Container Registry

About MSDW Reporter

More about MSDW Reporter