G. Werner
Reputation: 309
Difference between Bring-Your-Own-Key (BYOK) and Customer-Managed-Key (CMK) encryption?
On the documentation page of Azure I regularly read the abbreviation BYOK encryption (e.g. here) and CMK encryption (e.g. here).
Can these two terms be used synonymously or is there a difference?
Upvotes: 1
Views: 3204
Answers (2)
zmre
Reputation: 51
They are often used interchangeably. BYOK usually means the vendor holds the key, but you create it and upload it. CMK can mean that but also sometimes reflects the case where you hold your key in your own KMS instead, so it tends to encompass more patterns than BYOK does in practice. Neither of these have formal definitions that you can rely on though.
Upvotes: 3
Related Questions
- AWS KMS: What's the difference between CMK and key material?
- what is the difference between customer managed keys and customer provided keys in azure storage encryption
- What types of Storage Account services can be used with customer managed keys in Azure?
- What is difference between Keys and Secrets in Azure Key Vault?
- Azure blob customerProvidedKey vs EncryptionPolicy
- Azure.Security.KeyVault.Secrets vs Microsoft.Azure.KeyVault
- SQL Always encrypted CMK certificate storage best practice
- Azure Key vault vs Storage encryption
- Azure Key Vault Secrets unmanaged and managed whats the difference?
- Key Vault Keys vs Secrets