Data encryption with customer-managed keys (CMK) for Azure Database for MySQL – Flexible Server allows you to bring your own key (BYOK) for data protection at rest. You can use this feature to implement separation of duties for managing keys and data. Additionally, you can centrally manage and organize keys using Azure Key Vault. With customer-managed encryption, you’re responsible for, and in full control of, a key’s lifecycle, key usage permissions, and auditing operations on keys.