Ensure that Microsoft Azure PostgreSQL server data is encrypted in transit in order to meet security and compliance requirements. In-transit encryption helps prevent unauthorized users from getting access to critical data available in your Azure PostgreSQL databases.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When working with production data, it is strongly recommended to encrypt all sensitive information in transit by enforcing Secure Sockets Layer (SSL) connections between PostgreSQL database servers and client applications. Once enabled, this additional layer of security will protect your data against Man-In-the-Middle (MITM) attacks and fulfill compliance requirements for in-transit encryption within your company.
Audit
To determine in-transit encryption configuration for your Azure PostgreSQL database servers, perform the following actions:
Remediation / Resolution
To enable in-transit encryption by enforcing SSL connections between your PostgreSQL database servers and your client applications, perform the following actions:
References
- Azure Official Documentation
- Configure SSL connectivity in Azure Database for PostgreSQL - Single Server
- Quickstart: Create an Azure Database for PostgreSQL server in the Azure portal
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az postgres server
- az postgres server list
- az postgres server show
- az postgres server update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable In-Transit Encryption for PostgreSQL Database Servers
Risk Level: High