Using MarkLogic Server Encryption with Microsoft Azure Key Vault
Microsoft Azure Key Vault can encrypt your data in MarkLogic Server. Azure Key Vault is supported for customers running their cluster on Microsoft Azure. You must set up your Azure Key Vault, create the encryption keys in Key Vault, and configure the encryption key IDs in your MarkLogic Server before using the keys to encrypt data in MarkLogic Server.
To set up the Microsoft Azure Key Vault, first set up your Azure instance. See Getting Started with MarkLogic Server on Azure and Overview of MarkLogic Server on Azure for details. Keys are governed by access policies created by the Key Administrator. See the next section (Microsoft Azure Key Vault) for details and the Azure documentation regarding key policies for more information.
Warning
If an encryption key stored in the Azure Key Vault is disabled, it cannot be used for encryption or decryption and MarkLogic Server loses access to any data encrypted with the disabled key. Deleting a key will lead to permanent data loss as deleted keys can never be recovered.