Azure Container Instance should use CMK for encryption
HIGH
Ensures Azure Container Instances encrypt data at rest using customer-managed keys.
What does this mean?
This recommendation ensures that Azure Container Instance groups use customer-managed keys for encrypting data at rest, providing full control over the encryption key lifecycle for containerized workloads.
Benefits of implementation
- Full control over encryption of container instance data
- Meets compliance requirements for customer-managed encryption
- Consistent encryption strategy across container services
Drawbacks and considerations
- Requires Azure Key Vault setup
- Not all regions may support CMK for ACI
- Adds complexity to container deployment
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Container Security
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12