Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding sdk support for Encryption with customer managed key to the Azure Search specs #5567

Merged
merged 13 commits into from
Apr 17, 2019
Merged

Adding sdk support for Encryption with customer managed key to the Azure Search specs #5567

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
308a314
Add encryption
shmed Jul 28, 2018
cda3d33
change format and fix comment
shmed Mar 20, 2019
0da4cdd
Remove UUID
shmed Mar 23, 2019
9a78ae8
Update descriptions
shmed Apr 6, 2019
930aabd
Update description based on PR feedback
shmed Apr 8, 2019
0686b5e
Add encrypted example
shmed Apr 8, 2019
736a10d
Update examples
shmed Apr 9, 2019
fe67534
Update descriptions
shmed Apr 12, 2019
7b2e6de
Update customer managed keys to customer-managed keys
shmed Apr 12, 2019
5d1b6b9
Update descriptions
shmed Apr 12, 2019
504d43d
Updated descriptions
shmed Apr 16, 2019
63951a2
Update encryption key description
shmed Apr 16, 2019
fc75a2e
Update description to use customer-managed instead of user-managed or…
shmed Apr 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions ...ft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,15 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
shmed marked this conversation as resolved.
Show resolved Hide resolved
"encryptionKey": {
shmed marked this conversation as resolved.
Show resolved Hide resolved
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
}
}
}
},
Expand Down Expand Up @@ -339,6 +348,15 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": null
}
}
}
}
Expand Down
18 changes: 18 additions & 0 deletions ....Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
Expand Down Expand Up @@ -342,6 +348,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
Expand Down Expand Up @@ -568,6 +580,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
}
Expand Down
24 changes: 21 additions & 3 deletions ...ch.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,40 @@
"synonymMap": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
"responses": {
"200": {
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
},
"201": {
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
}
}
}
Expand Down
22 changes: 20 additions & 2 deletions ...ure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,33 @@
"synonymMap": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": "myApplicationSecret"
}
}
}
},
"responses": {
"201": {
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
"keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": null
}
}
}
}
}
Expand Down
9 changes: 9 additions & 0 deletions ...osoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetIndex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,15 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
shmed marked this conversation as resolved.
Show resolved Hide resolved
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": null
}
}
}
}
Expand Down
11 changes: 10 additions & 1 deletion ....Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetSynonymMap.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,16 @@
"body": {
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": {
"applicationId": "00000000-0000-0000-0000-000000000000",
"applicationSecret": null
}
}
}
}
}
Expand Down
9 changes: 8 additions & 1 deletion ...ft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListIndexes.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,12 @@
"tempuri.org"
],
"maxAgeInSeconds": 60
},
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
},
{
Expand Down Expand Up @@ -272,7 +278,8 @@
"tokenizers": [],
"tokenFilters": [],
"charFilters": [],
"corsOptions": null
"corsOptions": null,
"encryptionKey": null
}
]
}
Expand Down
11 changes: 9 additions & 2 deletions ...zure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListSynonymMaps.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,19 @@
{
"name": "mysynonymmap",
"format": "solr",
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA"
"synonyms": "United States, United States of America, USA\nWashington, Wash. => WA",
"encryptionKey": {
"keyVaultKeyName": "myKeyName",
"keyVaultKeyVersion": "myKeyVersion",
"keyVaultUri": "https://myKeyVault.vault.azure.net",
"accessCredentials": null
}
},
{
"name": "myothersynonymmap",
"format": "solr",
"synonyms": "couch, sofa, chesterfield\npop, soda\ntoque, hat"
"synonyms": "couch, sofa, chesterfield\npop, soda\ntoque, hat",
"encryptionKey": null
}
]
}
Expand Down
59 changes: 59 additions & 0 deletions ...h/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4383,6 +4383,13 @@
"url": "https://docs.microsoft.com/rest/api/searchservice/Custom-analyzers-in-Azure-Search"
}
},
"encryptionKey": {
"$ref": "#/definitions/EncryptionKey",
"description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your data when you want full assurance that no one, not even Microsoft, can decrypt your data in Azure Search. Once you have encrypted your data, it will always remain encrypted. Azure Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your data will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.",
"externalDocs": {
"url": "https://aka.ms/azure-search-encryption-with-cmk"
}
},
"@odata.etag": {
"x-ms-client-name": "ETag",
"type": "string",
Expand Down Expand Up @@ -5162,6 +5169,13 @@
"url": "https://docs.microsoft.com/rest/api/searchservice/Create-Synonym-Map#SynonymMapFormat"
}
},
"encryptionKey": {
"$ref": "#/definitions/EncryptionKey",
"description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your data when you want full assurance that no one, not even Microsoft, can decrypt your data in Azure Search. Once you have encrypted your data, it will always remain encrypted. Azure Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your data will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.",
"externalDocs": {
"url": "https://aka.ms/azure-search-encryption-with-cmk"
}
},
"@odata.etag": {
"x-ms-client-name": "ETag",
"type": "string",
Expand Down Expand Up @@ -5189,6 +5203,51 @@
},
"description": "Response from a List SynonymMaps request. If successful, it includes the full definitions of all synonym maps."
},
"EncryptionKey": {
"properties": {
"keyVaultKeyName": {
"type": "string",
"description": "The name of your Azure Key Vault key to be used to encrypt your data at rest."
},
"keyVaultKeyVersion": {
"type": "string",
"description": "The version of your Azure Key Vault key to be used to encrypt your data at rest."
},
"keyVaultUri": {
"type": "string",
"description": "The URI of your Azure Key Vault, also referred to as DNS name, that contains the key to be used to encrypt your data at rest. An example URI might be https://my-keyvault-name.vault.azure.net."
},
"accessCredentials": {
"$ref": "#/definitions/AzureActiveDirectoryApplicationCredentials",
"description": "Optional Azure Active Directory credentials used for accessing your Azure Key Vault. Not required if using managed identity instead.",
"externalDocs": {
"url": "https://aka.ms/azure-search-msi"
}
}
},
"required": [
"keyVaultKeyName",
"keyVaultKeyVersion",
"keyVaultUri"
],
"description": "A customer-managed encryption key in Azure Key Vault. Keys that you create and manage can be used to encrypt or decrypt data-at-rest in Azure Search, such as indexes and synonym maps."
},
"AzureActiveDirectoryApplicationCredentials": {
"properties": {
"applicationId": {
"type": "string",
"description": "An AAD Application ID that was granted the required access permissions to the Azure Key Vault that is to be used when encrypting your data at rest. The Application ID should not be confused with the Object ID for your AAD Application."
},
"applicationSecret": {
"type": "string",
"description": "The authentication key of the specified AAD application."
}
},
"required": [
"applicationId"
shmed marked this conversation as resolved.
Show resolved Hide resolved
],
"description" : "Credentials of a registered application created for your Azure Search service, used for authenticated access to the encryption keys stored in Azure Key Vault."
},
"ServiceStatistics": {
"properties": {
"counters": {
Expand Down