Platform, Security, Workplace
How to master Azure Firewall, Private Endpoints and DNS
A blog website to…
Build. Secure. Automate.
Public Preview: Stronger data security for Azure Database for PostgreSQL: Customer managed keys now supported on Premium SSD v2 disks
12/03/2026
Public Preview: Stronger data security for Azure Database for PostgreSQL: Customer managed keys now supported on Premium SSD v2 disks
If you’re running PostgreSQL workloads on Azure and have been waiting for tighter control over your encryption strategy, there’s good news. Microsoft has announced public preview support for customer managed keys on Azure Database for PostgreSQL. This is a meaningful step forward for teams that take data security seriously.
What’s changing?
Until now, Azure handled encryption at rest automatically using platform-managed keys.That works well for many workloads, but it doesn’t satisfy the requirements of every organization, particularly those in regulated industries like finance, healthcare, or government, where the rules often require that you, not your cloud provider, hold the keys to your data. With this preview, you can bring your own keys from Azure Key Vault. Apply them directly to the Premium SSD v2 disks backing your PostgreSQL databases. You control key rotation, access policies, and revocation. Azure manages the database infrastructure underneath.
Why Premium SSD v2?
Premium SSD v2 is Azure’s high-performance disk tier designed for demanding database workloads. It offers fine-grained performance tuning, low latency, and independent IOPS scaling. This makes it a natural fit for production PostgreSQL environments. Adding CMK support to this tier means you no longer have to choose between performance and security compliance. You get both.
Who should pay attention? This update is particularly relevant if your organization:
– Operates under regulatory frameworks such as HIPAA, PCI DSS, or ISO 27001 that require customer-controlled encryption
– Has internal policies mandating separation of duties between cloud operations and key management
– Needs an auditable trail of key access and rotation events
– Is building toward a zero-trust security architecture
Even outside formal compliance requirements, owning your encryption keys gives your security team a meaningful last line of defense. If your Azure environment is ever compromised, revoking a key immediately limits the blast radius
What to keep in mind during preview
As with any public preview feature, it’s worth testing this thoroughly in non-production environments before rolling it out to critical workloads. Preview features can evolve before general availability. Keep an eye on the official Azure documentation and release notes to stay ahead of any changes
Start evaluating now
If you’re already using Azure Database for PostgreSQL with Premium SSD v2 storage, you can explore this feature through the Azure portal or the Azure CLI by configuring a key in Azure Key Vault and associating it with your database instance. Microsoft’s documentation covers the setup steps in detail, including the required Key Vault permissions and key rotation best practices.
This is a welcome addition for teams that have wanted enterprise-grade key management without giving up the performance headroom that Premium SSD v2 provides. It’s worth evaluating now while the feature is in preview, getting familiar with the configuration early puts you in a strong position when it reaches general availability.
Protecting your encryption keys is just one piece of the puzzle. Learn how to detect a Microsoft 365 breach in under 10 minutes if your environment is ever compromised
