Platform, Security, Workplace
Private Preview: Azure Storage Mover now supports private data transfers from AWS S3
A blog website to…
Build. Secure. Automate.
Public Preview: Stronger data security for Azure Database for PostgreSQL: Customer managed keys now supported on Premium SSD v2 disks
12/03/2026
Public Preview: Stronger data security for Azure Database for PostgreSQL: Customer managed keys now supported on Premium SSD v2 disks
If you’re running PostgreSQL workloads on Azure and have been waiting for tighter control over your encryption strategy, there’s good news. Microsoft has announced a public preview of customer managed key (CMK) support for Azure Database for PostgreSQL on Premium SSD v2 disks, a meaningful step forward for teams that take data security seriously.
What’s changing?
Until now, encryption at rest on Azure Database for PostgreSQL relied on platform-managed keys, handled automatically by Azure behind the scenes. That works well for many workloads, but it doesn’t satisfy the requirements of every organization, particularly those in regulated industries like finance, healthcare, or government, where the rules often require that you, not your cloud provider, hold the keys to your data. With this preview, you can now bring your own encryption keys stored in Azure Key Vault and apply them directly to Premium SSD v2 disks backing your PostgreSQL databases. You stay in control of key rotation schedules, access policies, and revocation, while Azure continues to manage the database infrastructure underneath.
Why Premium SSD v2?
Premium SSD v2 is Azure’s high-performance disk tier designed for demanding database workloads. It offers fine-grained performance tuning, low latency, and the ability to scale IOPS and throughput independently, making it a natural fit for production PostgreSQL environments. Adding CMK support to this tier means you no longer have to choose between performance and security compliance. You get both.
Who should pay attention? This update is particularly relevant if your organization:
– Operates under regulatory frameworks such as HIPAA, PCI DSS, or ISO 27001 that require customer-controlled encryption
– Has internal policies mandating separation of duties between cloud operations and key management
– Needs an auditable trail of key access and rotation events
– Is building toward a zero-trust security architecture
Even outside formal compliance requirements, owning your encryption keys gives your security team a meaningful last line of defense. If access to your Azure environment were ever compromised, the ability to revoke a key immediately limits the blast radius.
What to keep in mind during preview
As with any public preview feature, it’s worth testing this thoroughly in non-production environments before rolling it out to critical workloads. Preview features can evolve before general availability, so keeping an eye on the official Azure documentation and release notes will help you stay ahead of any changes to behavior or configuration requirements.
Getting started
If you’re already using Azure Database for PostgreSQL with Premium SSD v2 storage, you can explore this feature through the Azure portal or the Azure CLI by configuring a key in Azure Key Vault and associating it with your database instance. Microsoft’s documentation covers the setup steps in detail, including the required Key Vault permissions and key rotation best practices.
This is a welcome addition for teams that have wanted enterprise-grade key management without giving up the performance headroom that Premium SSD v2 provides. It’s worth evaluating now while the feature is in preview, getting familiar with the configuration early puts you in a strong position when it reaches general availability.
