Still not right#8844
Conversation
- When AKV is behind a firewall, it applies to both user-assigned AND system-assigned managed identity (which was the issue we had). Still not reflected correctly in the documentation. - The next sense also does not make sense: Once this option is enabled, available keys can't be listed in the SQL server TDE menu in the Azure portal. It should be either: -- if this option is disabled, available keys can't be listed in the SQL server TDE menu in the Azure portal. or -- This option must be enabled for keys to be successfully listed in the SQL server TDE menu in the Azure portal.
|
@chschulsie : Thanks for your contribution! The author(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 06f73f9: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Can you review the proposed changes? When the changes are ready for publication, add a #label:"aq-pr-triaged" |
| ## Limitations and known issues | ||
|
|
||
| - If the key vault is behind a VNet that uses a firewall, the option to **Allow Trusted Microsoft Services to bypass this firewall** must be enabled in the key vault's **Networking** menu if you want to use a user-assigned managed identity. Once this option is enabled, available keys can't be listed in the SQL server TDE menu in the Azure portal. To set an individual CMK, a *key identifier* must be used. When the option to **Allow Trusted Microsoft Services to bypass this firewall** isn't enabled, the following error is returned: | ||
| - If the key vault is behind a VNet that uses a firewall, the option to **Allow Trusted Microsoft Services to bypass this firewall** must be enabled in the key vault's **Networking** menu if you want to use a user-assigned managed identity or system-assigned managed identity. If this option is disabled, available keys can't be listed in the SQL server TDE menu in the Azure portal. To set an individual CMK, a *key identifier* must be used. When the option to **Allow Trusted Microsoft Services to bypass this firewall** isn't enabled, the following error is returned: |
There was a problem hiding this comment.
'Once this option is enabled'
is correct, once AKV is behind a firewall it's not possible to view the available keys.
There was a problem hiding this comment.
I reverted the incorrect statement on this.
|
Learn Build status updates of commit cbe419b: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
#sign-off |
|
Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @GithubMirek |
|
PR 8844 has been merged from chschulsie:patch-1 to MicrosoftDocs:live by Jak-MS. |
-- This option must be enabled for keys to be successfully listed in the SQL server TDE menu in the Azure portal.