메뉴
Ensure that Azure Cache for Redis is Using Customer-Managed Keys
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux
AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3
Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation
CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab
Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence
macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools
| name | cis-azure-database-2.8 |
| description | Ensure that Azure Cache for Redis is Using Customer-Managed Keys |
| category | cis-azure-database |
| version | 2.0.0 |
| author | cyberstrike-official |
| tags | ["cis","azure","redis","cache"] |
| cis_id | 2.8 |
| cis_benchmark | CIS Microsoft Azure Database Services Benchmark v2.0.0 |
| tech_stack | ["azure"] |
| cwe_ids | [] |
| chains_with | [] |
| prerequisites | [] |
| severity_boost | {} |
Customer Managed Keys allow you more granular control over the encryption of your information.
Customer Managed Keys increase security of your disk encryption by offering features like custom managed expiration dates, allowing you to set your own key lifecycle.
This comes with an increased cost, as only Enterprise tier Azure Cache for Redis supports customer managed keys.
Get-AzRedisEnterpriseCache -ResourceGroupName "<resourcegroupname>" -Name
"<azurecacheforredisname>" | Select-Object -ExpandProperty
EnableCustomerManagedKey
09aa11bb-87ec-409f-bf0b-49b7c1561a87 - Name: 'Azure Cache for Redis Enterprise should use customer-managed keys for encrypting disk data'The 'Customer Managed Key' checkbox should be selected, or the PowerShell command should return true.
Update-AzRedisEnterpriseCache -ClusterName "<yourclustername>"
-ResourceGroupName "<yourresourcegroupname>" -
CustomerManagedKeyEncryptionKeyUrl "<thekeyinazurekeyvaultURL>"
By default Azure Cache for Redis uses Microsoft Managed Keys for all Redis services.
Be certain to set your expiration dates and other settings for the Customer Managed Key within your Azure Key Vault for optimal security.
| Controls Version | Control | IG 1 | IG 2 | IG 3 |
|---|---|---|---|---|
| v8 | 3.11 Encrypt Sensitive Data at Rest | X | X | |
| v7 | 14.8 Encrypt Sensitive Information at Rest | X |