-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Storage Account Creation with Encryption using Customer Managed Keys #4122
Comments
From the referenced aka.ms link, does your KeyVault have the correct configuration as per the requirements from storage? |
Yes Both settings are enabled. |
have you also performed the required identity steps documented here? It may be worth raising a support ticket on the StorageAccount. ASO is just sending this request to Azure and it is the Azure Storage service which is rejecting the request with an error. Unfortunately the error says "you must meet these prerequisites" but there are 4-5 different ones and it's not clear which one(s) you haven't satisfied. Alternatively you can look at this ARM template example for storage accounts + CMK - you should be able to translate most/all of that into ASO resources. Possibly something in that template will jump you at you that you have not yet done via ASO. |
Yes i granted this mentioned role "Key Vault Crypto Service Encryption User"to userassignedidentity on keyvault. So above three conditions are satisfied. do you have other pre-requisites as well i see in the document these 3 are mentioned and satisfied. |
We're not sure what option you don't have set, but the storage API is rejecting the request because of the KeyVault configuration. As mentioned above, recommend raising a support ticket for the StorageAccount and asking the support engineer to check which option is not configured correctly on the KeyVault. |
I am trying to create storage account that uses customer-managed keys for encryption. Azure-Service Operator V2.7.0.
EXPECTED Behaviour
Account should get created with CMK
Error
Missing pre-requisites to enable EncryptionAtRest/Customer Managed Key for this storage account. For more information, see - https://aka.ms/storagecmkconfiguration
RESPONSE 409: 409 Conflict
ERROR CODE: FeatureNotSupportedForAccount
The text was updated successfully, but these errors were encountered: