Share via

Microsoft.Compute diskEncryptionSets 2020-09-30

  • Article

Bicep resource definition

The diskEncryptionSets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/diskEncryptionSets resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/diskEncryptionSets@2020-09-30' = {
  identity: {
    type: 'string'
  }
  location: 'string'
  name: 'string'
  properties: {
    activeKey: {
      keyUrl: 'string'
      sourceVault: {
        id: 'string'
      }
    }
    encryptionType: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

EncryptionSetIdentity

Name Description Value
type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. 'None'
'SystemAssigned'

EncryptionSetProperties

Name Description Value
activeKey The key vault key which is currently used by this disk encryption set. KeyForDiskEncryptionSet
encryptionType The type of key used to encrypt the data of the disk. 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'

KeyForDiskEncryptionSet

Name Description Value
keyUrl Fully versioned Key Url pointing to a key in KeyVault string (required)
sourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. SourceVault

Microsoft.Compute/diskEncryptionSets

Name Description Value
identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. EncryptionSetIdentity
location Resource location string (required)
name The resource name string (required)
properties EncryptionSetProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

ResourceTags

Name Description Value

SourceVault

Name Description Value
id Resource Id string

ARM template resource definition

The diskEncryptionSets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/diskEncryptionSets resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/diskEncryptionSets",
  "apiVersion": "2020-09-30",
  "name": "string",
  "identity": {
    "type": "string"
  },
  "location": "string",
  "properties": {
    "activeKey": {
      "keyUrl": "string",
      "sourceVault": {
        "id": "string"
      }
    },
    "encryptionType": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

EncryptionSetIdentity

Name Description Value
type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. 'None'
'SystemAssigned'

EncryptionSetProperties

Name Description Value
activeKey The key vault key which is currently used by this disk encryption set. KeyForDiskEncryptionSet
encryptionType The type of key used to encrypt the data of the disk. 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'

KeyForDiskEncryptionSet

Name Description Value
keyUrl Fully versioned Key Url pointing to a key in KeyVault string (required)
sourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. SourceVault

Microsoft.Compute/diskEncryptionSets

Name Description Value
apiVersion The api version '2020-09-30'
identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. EncryptionSetIdentity
location Resource location string (required)
name The resource name string (required)
properties EncryptionSetProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Compute/diskEncryptionSets'

ResourceTags

Name Description Value

SourceVault

Name Description Value
id Resource Id string

Terraform (AzAPI provider) resource definition

The diskEncryptionSets resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/diskEncryptionSets resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/diskEncryptionSets@2020-09-30"
  name = "string"
  identity = {
    type = "string"
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      activeKey = {
        keyUrl = "string"
        sourceVault = {
          id = "string"
        }
      }
      encryptionType = "string"
    }
  })
}

Property values

EncryptionSetIdentity

Name Description Value
type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. 'None'
'SystemAssigned'

EncryptionSetProperties

Name Description Value
activeKey The key vault key which is currently used by this disk encryption set. KeyForDiskEncryptionSet
encryptionType The type of key used to encrypt the data of the disk. 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'

KeyForDiskEncryptionSet

Name Description Value
keyUrl Fully versioned Key Url pointing to a key in KeyVault string (required)
sourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. SourceVault

Microsoft.Compute/diskEncryptionSets

Name Description Value
identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. EncryptionSetIdentity
location Resource location string (required)
name The resource name string (required)
properties EncryptionSetProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Compute/diskEncryptionSets@2020-09-30"

ResourceTags

Name Description Value

SourceVault

Name Description Value
id Resource Id string