Encrypt Azure Data Factory with Key Vault - Step-by-Step Guide

Encrypt Azure Data Factory with Key Vault

Prev Question Next Question

Question

You have an Azure subscription that contains an Azure Data Factory version 2 (V2) data factory named df1. Df1 contains a linked service.

You have an Azure Key vault named vault1 that contains an encryption key named key1.

You need to encrypt df1 by using key1.

What should you do first?

Answers

A. Disable purge protection on vault1.

B. Create a self-hosted integration runtime.

C. Disable soft delete on vault1.

D. Remove the linked service from df1.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Linked services are much like connection strings, which define the connection information needed for Data Factory to connect to external resources.

Incorrect Answers:

A, C: Data Factory requires two properties to be set on the Key Vault, Soft Delete and Do Not Purge

B: A self-hosted integration runtime copies data between an on-premises store and cloud storage.

https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key https://docs.microsoft.com/en-us/azure/data-factory/concepts-linked-services https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime

The correct answer is B. Create a self-hosted integration runtime.

To encrypt an Azure Data Factory version 2 (V2) data factory using an encryption key from an Azure Key Vault, you need to create a self-hosted integration runtime in Azure Data Factory. Here's why:

An integration runtime is the compute infrastructure used by Azure Data Factory to provide data integration capabilities across network environments.
Self-hosted integration runtime allows you to run data integration tasks securely within your organization's environment. This allows you to leverage your organization's existing infrastructure and data security protocols to ensure that sensitive data is handled in accordance with your organization's data security policies.
By creating a self-hosted integration runtime and linking it to an Azure Key Vault, you can use the key in the key vault to encrypt the data factory.

Therefore, the correct first step is to create a self-hosted integration runtime in Azure Data Factory and link it to your Azure Key Vault.

Options A and C are incorrect because they refer to purge protection and soft delete, which are not relevant to the task of encrypting an Azure Data Factory. Purge protection and soft delete are used to protect against accidental or malicious deletion of resources and do not relate to encryption.

Option D is incorrect because removing the linked service from df1 does not help with the task of encrypting the data factory. A linked service is a way to connect to external data sources or services,

Prev Question Next Question