Reputation: 455
Azure Service Bus security when at rest
I know that Azure Service Bus is secure while in transit because of SSL, but I'm unable to find any information about if it's encrypted while at rest.
If the content of the message is sensitive in nature, can Azure be relied on to keep messages private while within the Azure infrastructure - or should we implement message security?
Upvotes: 7
Views: 3437
Answers (4)
Reputation: 2192
In contrast to the currently accepted answer, currently in 2024 the encryption of data at rest for Azure Service Bus is limited to the Premium tier only:
Azure Service Bus Premium provides encryption of data at rest with Azure Storage Service Encryption (Azure SSE). Service Bus Premium uses Azure Storage to store the data. All the data that's stored with Azure Storage is encrypted using Microsoft-managed keys.
https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-premium-messaging
Also referenced in this [Microsoft Q&A][1]:
@Antra Sharma Azure service bus REST Encryption are only supported in Premium namespace and it cannot be enabled for standard tier Service Bus namespaces. As premium namespace uses Azure Storage to store the data therefor it provides encryption data at rest with Azure Storage Service Encryption (Azure SSE).
[1]: https://learn.microsoft.com/en-us/answers/questions/424372/azure-service-bus-encryption-at-rest-transit-(stan
Upvotes: 0
Reputation: 9138
As of 4/25/2018, the page that @tyler-pollack referenced, has been updated to specify that encryption at rest is provided at all tiers. https://learn.microsoft.com/en-us/azure/security/azure-security-encryption-atrest
You can see the update in this github commit: https://github.com/MicrosoftDocs/azure-docs/commit/66214db8a21eefcece6441ae566041b90b2615fa#diff-f55bddd3fba462832c4a2d0e7918f750
Upvotes: 5
Reputation: 31
Service Bus Premium currently supports encryption at rest - https://learn.microsoft.com/en-us/azure/security/azure-security-encryption-atrest#azure-resource-providers-encryption-model-support
Upvotes: 1
Reputation: 914
You will have to encrypt the data yourself. There are currently no facilities built into the service bus for data at rest.
Upvotes: 2
Related Questions
- Securing non-Http triggered Azure Functions like Service Bus triggers
- Azure service bus security using asymmetric certificates
- Is there a way to firewall an Azure Service Bus?
- Azure service bus System.UnauthorizedAccessException
- How to expose existing REST API through Azure Service Bus (or through something else)
- Service Bus for Windows Server authorization
- Prevent forgery and message signing for Azure service bus
- Securing Service Bus
- Azure Service Bus Brokered Message Security
- Azure Service Bus - Own hosting