ワンクリックでManusで任意のスキルを実行

始める

cis-azure-database-2-8

スター617

フォーク102

更新日2026年4月13日 11:05

Ensure that Azure Cache for Redis is Using Customer-Managed Keys

インストール

Codex または Claude でインストールこの Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。

Manusで実行

ソース

CyberStrikeus

CyberStrikeus/CyberStrike

GitHub リポジトリを開く Creator のリポジトリを見る

ダウンロード

Manusで実行

2.8 Ensure that Azure Cache for Redis is Using Customer-Managed Keys (Manual)

Profile Applicability

Level 2

Description

Customer Managed Keys allow you more granular control over the encryption of your information.

Rationale

Customer Managed Keys increase security of your disk encryption by offering features like custom managed expiration dates, allowing you to set your own key lifecycle.

Impact

This comes with an increased cost, as only Enterprise tier Azure Cache for Redis supports customer managed keys.

Audit Procedure

Audit From Azure Portal

Select your Redis Cache.
In the left column select Encryption.
View the keys listed, and determine if the checkbox for 'Customer Managed Key' is selected.

Audit From PowerShell

Run the following command to determine if your Azure Cache for Redis is using a Customer Managed Key.

Get-AzRedisEnterpriseCache -ResourceGroupName "<resourcegroupname>" -Name
"<azurecacheforredisname>" | Select-Object -ExpandProperty
EnableCustomerManagedKey

If the command returns true, you are using a customer managed key.

Audit From Azure Policy

Policy ID: 09aa11bb-87ec-409f-bf0b-49b7c1561a87 - Name: 'Azure Cache for Redis Enterprise should use customer-managed keys for encrypting disk data'

Expected Result

The 'Customer Managed Key' checkbox should be selected, or the PowerShell command should return true.

Remediation

Remediate From Azure Portal

Select your Redis Cache.
In the left column select Encryption.
Select the checkbox to enable Customer Managed keys.
Select Add to assign a user managed identity with permissions to access your Azure key vault.
Select your subscription and Azure Key vault that contains your customer managed key. Ensure this is in the same region as your Azure Cache for Redis.
Select your customer managed key.
Click Save.

Remediate From PowerShell

In Azure Key Vault find the full URL for a key you have created. Then run the following command with the information for your environment.

Update-AzRedisEnterpriseCache -ClusterName "<yourclustername>"
-ResourceGroupName "<yourresourcegroupname>" -
CustomerManagedKeyEncryptionKeyUrl "<thekeyinazurekeyvaultURL>"

Default Value

By default Azure Cache for Redis uses Microsoft Managed Keys for all Redis services.

Additional Information

Be certain to set your expiration dates and other settings for the Customer Managed Key within your Azure Key Vault for optimal security.

References

CIS Controls

Controls Version	Control	IG 1	IG 2	IG 3
v8	3.11 Encrypt Sensitive Data at Rest		X	X
v7	14.8 Encrypt Sensitive Information at Rest			X

このリポジトリの他の Skills

同じリポジトリ

ebpf-attacks

CyberStrikeus/CyberStrike

eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux

2026-06-23617

aws-postexploit

CyberStrikeus/CyberStrike

AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3

2026-06-22617

azure-postexploit

CyberStrikeus/CyberStrike

Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation

2026-06-22617

cicd-attacks

CyberStrikeus/CyberStrike

CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab

2026-06-22617

k8s-postexploit

CyberStrikeus/CyberStrike

Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence

2026-06-22617

macos-postexploit

CyberStrikeus/CyberStrike

macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools

2026-06-22617

name	cis-azure-database-2.8
description	Ensure that Azure Cache for Redis is Using Customer-Managed Keys
category	cis-azure-database
version	2.0.0
author	cyberstrike-official
tags	["cis","azure","redis","cache"]
cis_id	2.8
cis_benchmark	CIS Microsoft Azure Database Services Benchmark v2.0.0
tech_stack	["azure"]
cwe_ids	[]
chains_with	[]
prerequisites	[]
severity_boost	{}

2.8 Ensure that Azure Cache for Redis is Using Customer-Managed Keys (Manual)

Profile Applicability

Level 2

Description

Customer Managed Keys allow you more granular control over the encryption of your information.

Rationale

Customer Managed Keys increase security of your disk encryption by offering features like custom managed expiration dates, allowing you to set your own key lifecycle.

Impact

This comes with an increased cost, as only Enterprise tier Azure Cache for Redis supports customer managed keys.

Audit Procedure

Audit From Azure Portal

Select your Redis Cache.
In the left column select Encryption.
View the keys listed, and determine if the checkbox for 'Customer Managed Key' is selected.

Audit From PowerShell

Run the following command to determine if your Azure Cache for Redis is using a Customer Managed Key.

Get-AzRedisEnterpriseCache -ResourceGroupName "<resourcegroupname>" -Name
"<azurecacheforredisname>" | Select-Object -ExpandProperty
EnableCustomerManagedKey

If the command returns true, you are using a customer managed key.

Audit From Azure Policy

Policy ID: 09aa11bb-87ec-409f-bf0b-49b7c1561a87 - Name: 'Azure Cache for Redis Enterprise should use customer-managed keys for encrypting disk data'

Expected Result

The 'Customer Managed Key' checkbox should be selected, or the PowerShell command should return true.

Remediation

Remediate From Azure Portal

Select your Redis Cache.
In the left column select Encryption.
Select the checkbox to enable Customer Managed keys.
Select Add to assign a user managed identity with permissions to access your Azure key vault.
Select your subscription and Azure Key vault that contains your customer managed key. Ensure this is in the same region as your Azure Cache for Redis.
Select your customer managed key.
Click Save.

Remediate From PowerShell

In Azure Key Vault find the full URL for a key you have created. Then run the following command with the information for your environment.

Update-AzRedisEnterpriseCache -ClusterName "<yourclustername>"
-ResourceGroupName "<yourresourcegroupname>" -
CustomerManagedKeyEncryptionKeyUrl "<thekeyinazurekeyvaultURL>"

Default Value

By default Azure Cache for Redis uses Microsoft Managed Keys for all Redis services.

Additional Information

Be certain to set your expiration dates and other settings for the Customer Managed Key within your Azure Key Vault for optimal security.

References

CIS Controls

Controls Version	Control	IG 1	IG 2	IG 3
v8	3.11 Encrypt Sensitive Data at Rest		X	X
v7	14.8 Encrypt Sensitive Information at Rest			X