确定用于存储帐户的 Azure 存储加密密钥模型Determine which Azure Storage encryption key model is in use for the storage account

存储帐户中的数据自动由 Azure 存储加密。Data in your storage account is automatically encrypted by Azure Storage. Azure 存储加密提供两个选项,用于在存储帐户级别管理加密密钥:Azure Storage encryption offers two options for managing encryption keys at the level of the storage account:

  • Microsoft 管理的密钥。Microsoft-managed keys. 默认情况下,Azure 会管理用于加密存储帐户的密钥。By default, Azure manages the keys used to encrypt your storage account.
  • 客户管理的密钥。Customer-managed keys. 可以选择管理存储帐户的加密密钥。You can optionally choose to manage encryption keys for your storage account. 客户管理的密钥必须存储在 Azure Key Vault 中。Customer-managed keys must be stored in Azure Key Vault.

此外,还可以在单个请求级别为某些 Blob 存储操作提供加密密钥。Additionally, you can provide an encryption key at the level of an individual request for some Blob storage operations. 在请求上指定加密密钥时,该密钥会替代存储帐户上处于活动状态的加密密钥。When an encryption key is specified on the request, that key overrides the encryption key that is active on the storage account. 有关详细信息,请参阅在对 Blob 存储的请求中指定客户提供的密钥For more information, see Specify a customer-provided key on a request to Blob storage.

有关加密密钥的详细信息,请参阅静态数据的 Azure 存储加密For more information about encryption keys, see Azure Storage encryption for data at rest.

检查存储帐户的加密密钥模型Check the encryption key model for the storage account

若要确定存储帐户是使用 Microsoft 托管密钥还是客户托管密钥进行加密,请使用下列方法之一。To determine whether a storage account is using Microsoft-managed keys or customer-managed keys for encryption, use one of the following approaches.

若要使用 Azure 门户检查存储帐户的加密模型,请执行以下步骤:To check the encryption model for the storage account by using the Azure portal, follow these steps:

  1. 在 Azure 门户中导航到存储帐户。In the Azure portal, navigate to your storage account.
  2. 选择“加密” 设置,并记下设置。Select the Encryption setting and note the setting.

下图显示了使用 Microsoft 托管密钥加密的存储帐户:The following image shows a storage account that is encrypted with Microsoft-managed keys:

查看使用 Microsoft 托管密钥加密的帐户

下图显示了使用客户托管密钥加密的存储帐户:And the following image shows a storage account that is encrypted with customer-managed keys:

屏幕截图,显示 Azure 门户中的加密密钥设置

后续步骤Next steps