Query: Storage accounts should use customer-managed key for encryption

Description

Secure your storage account with greater flexibility using customer-managed keys. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data. Using customer-managed keys provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.

Query

Tables used in this query:

• azure_storage_account
• azure_subscription

Controls using this query:

• 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
• 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
• 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
• 3.9 Ensure storage for critical data are encrypted with Customer Managed Key
• 3.9 Ensure storage for critical data are encrypted with Customer Managed Key
• 4.11 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
• Storage accounts should use customer-managed key for encryption

SQL