Martin is a Cloud Security Engineer of Whizlabs Inc.
As the best practice, he implemented the option to change the access key of the Blob storage regularly.
Consequently, the storage keys of Blob storage (Polybase) are also required to rotate which is the underlying storage of the dedicated SQL pool of Azure Synapse analytics.
For each storage account, whose key is required to change, he issued the following t-sql statement with the “ALTER DATABASE ENCRYPTION KEY” command.
ALTER DATABASE ENCRYPTION KEY REGENERATE WITH ALGORITHM = AES_256;Go Does the above step match the requirements for this scenario?
Click on the arrows to vote for the correct answer
A. B.Correct Answer: B.
No, the above step does not match the requirements for this scenario.
The ALTER DATABASE ENCRYPTION KEY command with the REGENERATE option is used to regenerate the database encryption key for Transparent Data Encryption (TDE). It is not used for rotating the storage keys of a Blob storage account.
To rotate the storage keys of a Blob storage account, you need to use the Azure portal, Azure PowerShell, Azure CLI, or Azure Storage client libraries. Regenerating the storage access key invalidates the existing keys and generates a new key that can be used to access the Blob storage account.
If you need to rotate the storage keys of Blob storage used by PolyBase in Azure Synapse Analytics, you need to perform the following steps:
Note that regenerating the storage account access key can impact the services or applications that are using it. Therefore, it is important to carefully plan and coordinate the key rotation process to minimize any disruption to your services or applications.