Ensure that Microsoft Azure PostgreSQL server data is encrypted in transit in order to meet security and compliance requirements. In-transit encryption helps prevent unauthorized users from getting access to critical data available in your Azure PostgreSQL databases.
When working with production data, it is strongly recommended to encrypt all sensitive information in transit by enforcing Secure Sockets Layer (SSL) connections between PostgreSQL database servers and client applications. Once enabled, this additional layer of security will protect your data against Man-In-the-Middle (MITM) attacks and fulfill compliance requirements for in-transit encryption within your company.
To determine in-transit encryption configuration for your Azure PostgreSQL database servers, perform the following actions:
Remediation / Resolution
To enable in-transit encryption by enforcing SSL connections between your PostgreSQL database servers and your client applications, perform the following actions:
- Azure Official Documentation
- Configure SSL connectivity in Azure Database for PostgreSQL - Single Server
- Quickstart: Create an Azure Database for PostgreSQL server in the Azure portal
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable In-Transit Encryption for PostgreSQL Database Servers
Risk level: High