Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable storage account infrastructure encryption #4139

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Enable storage account infrastructure encryption #4139

wants to merge 4 commits into from

Conversation

jonnyry
Copy link
Contributor

@jonnyry jonnyry commented Nov 15, 2024

Resolves #4001

What is being addressed

Enable storage account infrastructure encryption.

Since storage account infrastructure encryption can only be turned on when a storage account is first created (unless you allow terraform to destroy the storage account and recreate it), this change is only applied on first deployment of a TRE (or a template component). Storage accounts that exist within an existing TRE deployment will not be affected.

The terraform pattern used to acheive this behaviour is as follows:

resource "azurerm_storage_account" "stg" {

  ... existing attributes ...

  # changing this value is destructive, hence attribute is in lifecycle.ignore_changes block below
  infrastructure_encryption_enabled = true

  lifecycle { ignore_changes = [infrastructure_encryption_enabled ] }
}

@github-actions github-actions bot added the external PR from an external contributor label Nov 15, 2024
@jonnyry jonnyry mentioned this pull request Nov 15, 2024
Open
tim-allen-ck
tim-allen-ck approved these changes Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@tim-allen-ck tim-allen-ck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions GitHub Actions
Copy link

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 522aaa7.

tamirkamara
tamirkamara requested changes Nov 17, 2024
View reviewed changes
Copy link
Collaborator

@tamirkamara tamirkamara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have a CMK contribution coming in too. Are the two compatible with each other?
@yuvalyaron

@yuvalyaron
Copy link
Collaborator

@tamirkamara yes, they are compatible

@tamirkamara tamirkamara self-requested a review November 17, 2024 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tim-allen-ck tim-allen-ck tim-allen-ck approved these changes

@tamirkamara tamirkamara Awaiting requested review from tamirkamara

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
external PR from an external contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Storage accounts should use infrastructure encryption
4 participants
@jonnyry @yuvalyaron @tamirkamara @tim-allen-ck