Microsoft.Storage storageAccounts/encryptionScopes
Bicep resource definition
The storageAccounts/encryptionScopes resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Storage/storageAccounts/encryptionScopes@2023-05-01' = {
name: 'string'
parent: resourceSymbolicName
properties: {
keyVaultProperties: {
keyUri: 'string'
}
requireInfrastructureEncryption: bool
source: 'string'
state: 'string'
}
}
Property values
storageAccounts/encryptionScopes
| Name | Description | Value |
|---|---|---|
| name | The resource name See how to set names and types for child resources in Bicep. |
string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: storageAccounts |
| properties | Properties of the encryption scope. | EncryptionScopeProperties |
EncryptionScopeProperties
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. | EncryptionScopeKeyVaultProperties |
| requireInfrastructureEncryption | A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. | bool |
| source | The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. | 'Microsoft.KeyVault' 'Microsoft.Storage' |
| state | The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. | 'Disabled' 'Enabled' |
EncryptionScopeKeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyUri | The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. | string |
ARM template resource definition
The storageAccounts/encryptionScopes resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following JSON to your template.
{
"type": "Microsoft.Storage/storageAccounts/encryptionScopes",
"apiVersion": "2023-05-01",
"name": "string",
"properties": {
"keyVaultProperties": {
"keyUri": "string"
},
"requireInfrastructureEncryption": "bool",
"source": "string",
"state": "string"
}
}
Property values
storageAccounts/encryptionScopes
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Storage/storageAccounts/encryptionScopes' |
| apiVersion | The resource api version | '2023-05-01' |
| name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
| properties | Properties of the encryption scope. | EncryptionScopeProperties |
EncryptionScopeProperties
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. | EncryptionScopeKeyVaultProperties |
| requireInfrastructureEncryption | A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. | bool |
| source | The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. | 'Microsoft.KeyVault' 'Microsoft.Storage' |
| state | The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. | 'Disabled' 'Enabled' |
EncryptionScopeKeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyUri | The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. | string |
Terraform (AzAPI provider) resource definition
The storageAccounts/encryptionScopes resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Storage/storageAccounts/encryptionScopes@2023-05-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
keyVaultProperties = {
keyUri = "string"
}
requireInfrastructureEncryption = bool
source = "string"
state = "string"
}
})
}
Property values
storageAccounts/encryptionScopes
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Storage/storageAccounts/encryptionScopes@2023-05-01" |
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: storageAccounts |
| properties | Properties of the encryption scope. | EncryptionScopeProperties |
EncryptionScopeProperties
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. | EncryptionScopeKeyVaultProperties |
| requireInfrastructureEncryption | A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. | bool |
| source | The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. | "Microsoft.KeyVault" "Microsoft.Storage" |
| state | The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. | "Disabled" "Enabled" |
EncryptionScopeKeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyUri | The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. | string |