Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding sdk support for Encryption with customer managed key to the Azure Search specs #5567

Merged
merged 13 commits into from
Apr 17, 2019
Merged

Adding sdk support for Encryption with customer managed key to the Azure Search specs #5567

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
308a314
Add encryption
shmed Jul 28, 2018
cda3d33
change format and fix comment
shmed Mar 20, 2019
0da4cdd
Remove UUID
shmed Mar 23, 2019
9a78ae8
Update descriptions
shmed Apr 6, 2019
930aabd
Update description based on PR feedback
shmed Apr 8, 2019
0686b5e
Add encrypted example
shmed Apr 8, 2019
736a10d
Update examples
shmed Apr 9, 2019
fe67534
Update descriptions
shmed Apr 12, 2019
7b2e6de
Update customer managed keys to customer-managed keys
shmed Apr 12, 2019
5d1b6b9
Update descriptions
shmed Apr 12, 2019
504d43d
Updated descriptions
shmed Apr 16, 2019
63951a2
Update encryption key description
shmed Apr 16, 2019
fc75a2e
Update description to use customer-managed instead of user-managed or…
shmed Apr 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions ...ft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,8 @@
"maxAgeInSeconds": 60
},
shmed marked this conversation as resolved.
Show resolved Hide resolved
"encryptionKey": {
shmed marked this conversation as resolved.
Show resolved Hide resolved
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
Expand Down Expand Up @@ -350,12 +350,12 @@
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
"applicationSecret": null
}
}
}
Expand Down
12 changes: 6 additions & 6 deletions ....Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,8 @@
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
Expand Down Expand Up @@ -350,8 +350,8 @@
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
Expand Down Expand Up @@ -582,8 +582,8 @@
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
Expand Down
12 changes: 6 additions & 6 deletions ...ch.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
Expand All @@ -24,8 +24,8 @@
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
Expand All @@ -37,8 +37,8 @@
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
Expand Down
10 changes: 5 additions & 5 deletions ...ure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
Expand All @@ -25,12 +25,12 @@
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
"applicationSecret": null
}
}
}
Expand Down
21 changes: 12 additions & 9 deletions ...h/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4385,7 +4385,7 @@
},
"encryptionKey": {
"$ref": "#/definitions/EncryptionKey",
"description": "The configuration to use when you want to encrypt the index with your own encryption key (customer-managed key). On updates, the encryption key configuration will stay unchanged if not specified or null. Encryption with customer-managed keys is not available for free services. For paid services, it is only available for services created on or after 2019-01-1.",
"description": "The configuration to use when you want to encrypt the index with your own encryption key (customer-managed key). On updates, the encryption key configuration will stay unchanged if not specified or null. Encryption with customer-managed keys is not available for free services. For paid services, it is only available for services created on or after 2019-01-01.",
"externalDocs": {
"url": "https://aka.ms/azure-search-encryption-with-cmk"
}
Expand Down Expand Up @@ -5207,19 +5207,19 @@
"properties": {
"keyVaultKeyName": {
"type": "string",
"description": "The name of the key, from your Azure KeyVault, you wish to use to protect your data. "
"description": "The name of a user-managed encryption key created in Azure Key Vault used for data-at-rest encryption."
},
"keyVaultKeyVersion": {
"type": "string",
"description": "The specific version of the key, from your Azure KeyVault, you wish to use to protect your data."
"description": "The version of a key that you create in Azure Key Vault that will be used to encrypt your data at rest."
},
"keyVaultUri": {
"type": "string",
"description": "The URI of the Azure KeyVault where you created the key you want to use to protect your data. This value is also sometime referred to as the KeyVault DNS Name. An example value would be : https://your-keyvault-name.vault.azure.net."
"description": "The URI of the Azure Key Vault resource providing the encryption key. This value is also referred to as the Key Vault DNS Name. An example URI might be https://my-keyvault-name.vault.azure.net."
},
"accessCredentials": {
"$ref": "#/definitions/AzureActiveDirectoryApplicationCredentials",
"description": "The credentials to use to authenticate to the provided KeyVault. Can be left unspecified if MSI (Managed Service Identity) is enabled for the service.",
"description": "Azure Active Directory credentials used for Azure Search authentication to Azure Key Vault when accessing encryption keys. Credentials are required when you create a security principal for Azure Search. Omit this value if you are using a managed identity instead.",
"externalDocs": {
"url": "https://aka.ms/azure-search-msi"
}
Expand All @@ -5230,20 +5230,23 @@
"keyVaultKeyVersion",
"keyVaultUri"
],
"description": "The configuration to use encryption with customer-managed keys. This information will be used to encrypt or decrypt the data you have protected using your own keys."
"description": "A fully-specified, user-defined encryption key in Azure Key Vault. Keys that you create and manage can be used to encrypt or decrypt data-at-rest in Azure Search, such as indexes and synonym maps."
},
"AzureActiveDirectoryApplicationCredentials": {
"properties": {
"applicationId": {
"type": "string",
"description": "The is the ID of the Azure Active Directory Application that will be used to authenticate to your KeyVault. The Application ID is not to be confused with the Object ID of your Azure Active Directory Application."
"description": "The Application ID of an Azure Search service, when registered as an Azure Active Directory application, for the purpose of serving as a security principle for authentication to Azure Key Vault. The Application ID should not be confused with the Object ID for your application. Both IDs are GUIDs but have different purposes. The Application ID uniquely identifies the app on protocol transactions."
shmed marked this conversation as resolved.
Show resolved Hide resolved
},
"applicationSecret": {
"type": "string",
"description": "The application secret, also sometime refered to as the authentication key value. This will be used to authenticate to your KeyVault."
"description": "The application secret, also referred to as the authentication key value. This is the actual key used to authenticate to Azure Key Vault. When creating a key for a registered application, this is the string that is given when you save the key. This value is not visible in the portal after you leave the blade."
shmed marked this conversation as resolved.
Show resolved Hide resolved
}
},
"description" : "The credentials of the Azure Active Directory Application identity we are going to use to authenticate to your KeyVault when we need to access your encryption keys."
"required": [
"applicationId"
shmed marked this conversation as resolved.
Show resolved Hide resolved
],
"description" : "Credentials of a registered application created for your Azure Search service, used for authenticated access to the encryption keys stored in Azure Key Vault."
},
"ServiceStatistics": {
"properties": {
Expand Down