Microsoft.Storage storageAccounts/encryptionScopes 2021-04-01

Bicep resource definition

The storageAccounts/encryptionScopes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Storage/storageAccounts/encryptionScopes@2021-04-01' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    keyVaultProperties: {
      keyUri: 'string'
    }
    requireInfrastructureEncryption: bool
    source: 'string'
    state: 'string'
  }
}

Property values

storageAccounts/encryptionScopes

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: storageAccounts
properties Properties of the encryption scope. EncryptionScopeProperties

EncryptionScopeProperties

Name Description Value
keyVaultProperties The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. EncryptionScopeKeyVaultProperties
requireInfrastructureEncryption A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. bool
source The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. 'Microsoft.KeyVault'
'Microsoft.Storage'
state The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. 'Disabled'
'Enabled'

EncryptionScopeKeyVaultProperties

Name Description Value
keyUri The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. string

ARM template resource definition

The storageAccounts/encryptionScopes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following JSON to your template.

{
  "type": "Microsoft.Storage/storageAccounts/encryptionScopes",
  "apiVersion": "2021-04-01",
  "name": "string",
  "properties": {
    "keyVaultProperties": {
      "keyUri": "string"
    },
    "requireInfrastructureEncryption": "bool",
    "source": "string",
    "state": "string"
  }
}

Property values

storageAccounts/encryptionScopes

Name Description Value
type The resource type 'Microsoft.Storage/storageAccounts/encryptionScopes'
apiVersion The resource api version '2021-04-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)
properties Properties of the encryption scope. EncryptionScopeProperties

EncryptionScopeProperties

Name Description Value
keyVaultProperties The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. EncryptionScopeKeyVaultProperties
requireInfrastructureEncryption A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. bool
source The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. 'Microsoft.KeyVault'
'Microsoft.Storage'
state The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. 'Disabled'
'Enabled'

EncryptionScopeKeyVaultProperties

Name Description Value
keyUri The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. string

Terraform (AzAPI provider) resource definition

The storageAccounts/encryptionScopes resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/encryptionScopes@2021-04-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      keyVaultProperties = {
        keyUri = "string"
      }
      requireInfrastructureEncryption = bool
      source = "string"
      state = "string"
    }
  })
}

Property values

storageAccounts/encryptionScopes

Name Description Value
type The resource type "Microsoft.Storage/storageAccounts/encryptionScopes@2021-04-01"
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: storageAccounts
properties Properties of the encryption scope. EncryptionScopeProperties

EncryptionScopeProperties

Name Description Value
keyVaultProperties The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. EncryptionScopeKeyVaultProperties
requireInfrastructureEncryption A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. bool
source The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. "Microsoft.KeyVault"
"Microsoft.Storage"
state The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. "Disabled"
"Enabled"

EncryptionScopeKeyVaultProperties

Name Description Value
keyUri The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. string