diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json index 053aadee4772..3ca4a33bc351 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateIndex.json @@ -112,6 +112,15 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": { + "applicationId": "00000000-0000-0000-0000-000000000000", + "applicationSecret": "myApplicationSecret" + } } } }, @@ -339,6 +348,15 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": { + "applicationId": "00000000-0000-0000-0000-000000000000", + "applicationSecret": null + } } } } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json index 1b0cc7864fa8..0cf655cf83d0 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateIndex.json @@ -115,6 +115,12 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null } } }, @@ -342,6 +348,12 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null } } }, @@ -568,6 +580,12 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null } } } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json index f7b3a5a5e546..dae2878f9b5b 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateOrUpdateSynonymMap.json @@ -8,7 +8,13 @@ "synonymMap": { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null + } } }, "responses": { @@ -16,14 +22,26 @@ "body": { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null + } } }, "201": { "body": { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null + } } } } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json index da5ba9b165dc..821ad6aedd81 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceCreateSynonymMap.json @@ -6,7 +6,16 @@ "synonymMap": { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": { + "applicationId": "00000000-0000-0000-0000-000000000000", + "applicationSecret": "myApplicationSecret" + } + } } }, "responses": { @@ -14,7 +23,16 @@ "body": { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault", + "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": { + "applicationId": "00000000-0000-0000-0000-000000000000", + "applicationSecret": null + } + } } } } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetIndex.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetIndex.json index 420eeee14940..53a76bba6ed1 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetIndex.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetIndex.json @@ -229,6 +229,15 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myKeyName", + "keyVaultKeyVersion": "myKeyVersion", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": { + "applicationId": "00000000-0000-0000-0000-000000000000", + "applicationSecret": null + } } } } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetSynonymMap.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetSynonymMap.json index cb2dc19cdcfd..36c88c4d91e0 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetSynonymMap.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceGetSynonymMap.json @@ -10,7 +10,16 @@ "body": { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myKeyName", + "keyVaultKeyVersion": "myKeyVersion", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": { + "applicationId": "00000000-0000-0000-0000-000000000000", + "applicationSecret": null + } + } } } } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListIndexes.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListIndexes.json index 9129b74fbc22..78cf467adea1 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListIndexes.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListIndexes.json @@ -231,6 +231,12 @@ "tempuri.org" ], "maxAgeInSeconds": 60 + }, + "encryptionKey": { + "keyVaultKeyName": "myKeyName", + "keyVaultKeyVersion": "myKeyVersion", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null } }, { @@ -272,7 +278,8 @@ "tokenizers": [], "tokenFilters": [], "charFilters": [], - "corsOptions": null + "corsOptions": null, + "encryptionKey": null } ] } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListSynonymMaps.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListSynonymMaps.json index 0348bff89355..a2122043614c 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListSynonymMaps.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/examples/SearchServiceListSynonymMaps.json @@ -11,12 +11,19 @@ { "name": "mysynonymmap", "format": "solr", - "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA" + "synonyms": "United States, United States of America, USA\nWashington, Wash. => WA", + "encryptionKey": { + "keyVaultKeyName": "myKeyName", + "keyVaultKeyVersion": "myKeyVersion", + "keyVaultUri": "https://myKeyVault.vault.azure.net", + "accessCredentials": null + } }, { "name": "myothersynonymmap", "format": "solr", - "synonyms": "couch, sofa, chesterfield\npop, soda\ntoque, hat" + "synonyms": "couch, sofa, chesterfield\npop, soda\ntoque, hat", + "encryptionKey": null } ] } diff --git a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json index 2c4cef2f4c08..09d2d37a89fd 100644 --- a/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json +++ b/specification/search/data-plane/Microsoft.Azure.Search.Service/preview/2017-11-11-preview/searchservice.json @@ -4383,6 +4383,13 @@ "url": "https://docs.microsoft.com/rest/api/searchservice/Custom-analyzers-in-Azure-Search" } }, + "encryptionKey": { + "$ref": "#/definitions/EncryptionKey", + "description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your data when you want full assurance that no one, not even Microsoft, can decrypt your data in Azure Search. Once you have encrypted your data, it will always remain encrypted. Azure Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your data will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.", + "externalDocs": { + "url": "https://aka.ms/azure-search-encryption-with-cmk" + } + }, "@odata.etag": { "x-ms-client-name": "ETag", "type": "string", @@ -5162,6 +5169,13 @@ "url": "https://docs.microsoft.com/rest/api/searchservice/Create-Synonym-Map#SynonymMapFormat" } }, + "encryptionKey": { + "$ref": "#/definitions/EncryptionKey", + "description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your data when you want full assurance that no one, not even Microsoft, can decrypt your data in Azure Search. Once you have encrypted your data, it will always remain encrypted. Azure Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your data will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.", + "externalDocs": { + "url": "https://aka.ms/azure-search-encryption-with-cmk" + } + }, "@odata.etag": { "x-ms-client-name": "ETag", "type": "string", @@ -5189,6 +5203,51 @@ }, "description": "Response from a List SynonymMaps request. If successful, it includes the full definitions of all synonym maps." }, + "EncryptionKey": { + "properties": { + "keyVaultKeyName": { + "type": "string", + "description": "The name of your Azure Key Vault key to be used to encrypt your data at rest." + }, + "keyVaultKeyVersion": { + "type": "string", + "description": "The version of your Azure Key Vault key to be used to encrypt your data at rest." + }, + "keyVaultUri": { + "type": "string", + "description": "The URI of your Azure Key Vault, also referred to as DNS name, that contains the key to be used to encrypt your data at rest. An example URI might be https://my-keyvault-name.vault.azure.net." + }, + "accessCredentials": { + "$ref": "#/definitions/AzureActiveDirectoryApplicationCredentials", + "description": "Optional Azure Active Directory credentials used for accessing your Azure Key Vault. Not required if using managed identity instead.", + "externalDocs": { + "url": "https://aka.ms/azure-search-msi" + } + } + }, + "required": [ + "keyVaultKeyName", + "keyVaultKeyVersion", + "keyVaultUri" + ], + "description": "A customer-managed encryption key in Azure Key Vault. Keys that you create and manage can be used to encrypt or decrypt data-at-rest in Azure Search, such as indexes and synonym maps." + }, + "AzureActiveDirectoryApplicationCredentials": { + "properties": { + "applicationId": { + "type": "string", + "description": "An AAD Application ID that was granted the required access permissions to the Azure Key Vault that is to be used when encrypting your data at rest. The Application ID should not be confused with the Object ID for your AAD Application." + }, + "applicationSecret": { + "type": "string", + "description": "The authentication key of the specified AAD application." + } + }, + "required": [ + "applicationId" + ], + "description" : "Credentials of a registered application created for your Azure Search service, used for authenticated access to the encryption keys stored in Azure Key Vault." + }, "ServiceStatistics": { "properties": { "counters": {