Home > Encryption Management > Prerequisites for Creating an Encryption Profile
Export to PDFPrerequisites for Creating an Encryption Profile
The encryption profile requires some properties of a key vault. Before creating an encryption profile, make sure you have a key vault in Azure. If you do not have any key vaults, refer to the instructions in Create a Key Vault in Azure.
Then, perform the following pre-check on the key vault:
-
Log in to the Microsoft Azure portal.
-
Navigate to Key vaults.
-
Click the key vault you prepared.
-
Refer to the instructions below based on your scenario:
-
To check Azure RBAC roles assigned on the key vault, follow the steps below:
-
In the Key Vault’s menu, click Access control (IAM).
-
Go to the Role assignments tab.
-
Use the search bar or filter to find the Key Vault Crypto User role.
-
Check the list of users, groups, or service principals assigned with this role.
-
-
To check access policies added on the key vault, follow the steps below:
-
In the Key Vault’s menu, click Access policies.
-
Locate the application that is used for your key vault.
-
In the Key permissions drop-down list, make sure that at least the following operations are selected: Get, Encrypt, and Decrypt.
-
-
-
Navigate to the pane for key vault settings and click Keys.
-
Click a key and click a version of the key.
-
In the Permitted operations section, make sure that at least Encrypt and Decrypt are selected.
-
Copy the key identifier that resides in the Properties section. When you create an encryption profile in AvePoint Online Services, you will need to provide this key identifier.
Apart from the pre-checks above, AvePoint Online Services recommends that you back up the key in case it is accidentally deleted. If a key has been applied to AvePoint Online Services' encryption profile to encrypt data, and the key is deleted without a backup, the encrypted data will be damaged, and AvePoint Online Services may fail to function properly.