This capability is in Limited Availability for interested customers. Contact your account team if you are interested in using CMEK in VantageCloud Lake on Azure.
Customer managed encryption keys (CMEK) allow you to control encryption keys to protect your organization's data. You choose the rotation schedule and the granularity of access.
- Create a single-region encryption key in Azure Key Vault that is created for the same region where your Teradata environment is hosted. Teradata recommends creating a new key to use to encrypt your environment.Important: The new key is essentially blank, do not assign any other Azure accounts or roles. This is done when you start provisioning the environment.
- Obtain the URL for the key, for example https://keyvault.azure.com/something/else/goes/here.
- Follow the instructions in Step 1: Signing On and Creating Your First Environment to create the Environment; then return here.
- Copy the App ID from the VantageCloud Lake Console and use it to allow the App in your Azure vault access to the managed encryption key.
- Select Complete Setup to secure the environment with your CMEK that you manage in Azure KMS.
Complete within 14 Days after Creating the Environment