Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding sdk support for Encryption with customer managed key to the Azure Search specs #5567

Merged
merged 13 commits into from
Apr 17, 2019
Merged

Adding sdk support for Encryption with customer managed key to the Azure Search specs #5567

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
308a314
Add encryption
shmed Jul 28, 2018
cda3d33
change format and fix comment
shmed Mar 20, 2019
0da4cdd
Remove UUID
shmed Mar 23, 2019
9a78ae8
Update descriptions
shmed Apr 6, 2019
930aabd
Update description based on PR feedback
shmed Apr 8, 2019
0686b5e
Add encrypted example
shmed Apr 8, 2019
736a10d
Update examples
shmed Apr 9, 2019
fe67534
Update descriptions
shmed Apr 12, 2019
7b2e6de
Update customer managed keys to customer-managed keys
shmed Apr 12, 2019
5d1b6b9
Update descriptions
shmed Apr 12, 2019
504d43d
Updated descriptions
shmed Apr 16, 2019
63951a2
Update encryption key description
shmed Apr 16, 2019
fc75a2e
Update description to use customer-managed instead of user-managed or…
shmed Apr 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions ...ft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,15 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
shmed marked this conversation as resolved.
Show resolved Hide resolved
"encryptionKey": {
shmed marked this conversation as resolved.
Show resolved Hide resolved
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
}
}
}
},
Expand Down Expand Up @@ -339,6 +348,15 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
shmed marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
}
Expand Down
18 changes: 18 additions & 0 deletions ....Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
Expand Down Expand Up @@ -342,6 +348,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
Expand Down Expand Up @@ -568,6 +580,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
}
Expand Down
24 changes: 21 additions & 3 deletions ...ch.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,40 @@
"synonymMap": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
"responses": {
"200": {
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
"201": {
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
}
}
Expand Down
22 changes: 20 additions & 2 deletions ...ure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,33 @@
"synonymMap": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
}
}
}
},
"responses": {
"201": {
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
shmed marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
}
}
Expand Down
9 changes: 9 additions & 0 deletions ...osoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,15 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
shmed marked this conversation as resolved.
Show resolved Hide resolved
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": null
}
}
}
}
Expand Down
11 changes: 10 additions & 1 deletion ....Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,16 @@
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": null
}
}
}
}
}
Expand Down
9 changes: 8 additions & 1 deletion ...ft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListIndexes.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
},
{
Expand Down Expand Up @@ -272,7 +278,8 @@
"tokenizers": [],
"tokenFilters": [],
"charFilters": [],
"corsOptions": null
"corsOptions": null,
"encryptionKey": null
}
]
}
Expand Down
11 changes: 9 additions & 2 deletions ...zure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListSynonymMaps.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,19 @@
{
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
},
{
"name": "myothersynonymmap",
"format": "solr",
"synonyms": "couch, sofa, chesterfield\npop, soda\ntoque, hat"
"synonyms": "couch, sofa, chesterfield\npop, soda\ntoque, hat",
"encryptionKey": null
}
]
}
Expand Down
56 changes: 56 additions & 0 deletions ...h/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4383,6 +4383,13 @@
"url": "https://docs.microsoft.com/rest/api/searchservice/Custom-analyzers-in-Azure-Search"
}
},
"encryptionKey": {
"$ref": "#/definitions/EncryptionKey",
"description": "The configuration to use when you want to encrypt the index with your own encryption key (customer-managed key). On updates, the encryption key configuration will stay unchanged if not specified or null. Encryption with customer-managed keys is not available for free services. For paid services, it is only available for services created on or after 2019-01-1.",
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
"externalDocs": {
"url": "https://aka.ms/azure-search-encryption-with-cmk"
}
},
"@odata.etag": {
"x-ms-client-name": "ETag",
"type": "string",
Expand Down Expand Up @@ -5162,6 +5169,13 @@
"url": "https://docs.microsoft.com/rest/api/searchservice/Create-Synonym-Map#SynonymMapFormat"
}
},
"encryptionKey": {
"$ref": "#/definitions/EncryptionKey",
"description": "The configuration to use when you want to encrypt the synonym map with your own encryption key (customer-managed key). On updates, the encryption key configuration will stay unchanged if not specified or null. Encryption with customer-managed keys is not available for free services. For paid services, it is only available for services created on or after 2019-01-1.",
shmed marked this conversation as resolved.
Show resolved Hide resolved
"externalDocs": {
"url": "https://aka.ms/azure-search-encryption-with-cmk"
}
},
"@odata.etag": {
"x-ms-client-name": "ETag",
"type": "string",
Expand Down Expand Up @@ -5189,6 +5203,48 @@
},
"description": "Response from a List SynonymMaps request. If successful, it includes the full definitions of all synonym maps."
},
"EncryptionKey": {
"properties": {
"keyVaultKeyName": {
"type": "string",
"description": "The name of the key, from your Azure KeyVault, you wish to use to protect your data. "
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"keyVaultKeyVersion": {
"type": "string",
"description": "The specific version of the key, from your Azure KeyVault, you wish to use to protect your data."
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"keyVaultUri": {
"type": "string",
"description": "The URI of the Azure KeyVault where you created the key you want to use to protect your data. This value is also sometime referred to as the KeyVault DNS Name. An example value would be : https://your-keyvault-name.vault.azure.net."
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"accessCredentials": {
"$ref": "#/definitions/AzureActiveDirectoryApplicationCredentials",
"description": "The credentials to use to authenticate to the provided KeyVault. Can be left unspecified if MSI (Managed Service Identity) is enabled for the service.",
shmed marked this conversation as resolved.
Show resolved Hide resolved
"externalDocs": {
"url": "https://aka.ms/azure-search-msi"
}
}
},
"required": [
"keyVaultKeyName",
"keyVaultKeyVersion",
"keyVaultUri"
],
"description": "The configuration to use encryption with customer-managed keys. This information will be used to encrypt or decrypt the data you have protected using your own keys."
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"AzureActiveDirectoryApplicationCredentials": {
"properties": {
"applicationId": {
"type": "string",
"description": "The is the ID of the Azure Active Directory Application that will be used to authenticate to your KeyVault. The Application ID is not to be confused with the Object ID of your Azure Active Directory Application."
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"applicationSecret": {
"type": "string",
"description": "The application secret, also sometime refered to as the authentication key value. This will be used to authenticate to your KeyVault."
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
}
},
"description" : "The credentials of the Azure Active Directory Application identity we are going to use to authenticate to your KeyVault when we need to access your encryption keys."
shmed marked this conversation as resolved.
Show resolved Hide resolved
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"ServiceStatistics": {
"properties": {
"counters": {
Expand Down