Editar

Compartilhar via


New-AzStorageEncryptionScope

Creates an encryption scope for a Storage account.

Syntax

New-AzStorageEncryptionScope
   [-ResourceGroupName] <String>
   [-StorageAccountName] <String>
   -EncryptionScopeName <String>
   [-StorageEncryption]
   [-RequireInfrastructureEncryption]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageEncryptionScope
   [-ResourceGroupName] <String>
   [-StorageAccountName] <String>
   -EncryptionScopeName <String>
   [-KeyvaultEncryption]
   -KeyUri <String>
   [-RequireInfrastructureEncryption]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageEncryptionScope
   -StorageAccount <PSStorageAccount>
   -EncryptionScopeName <String>
   [-StorageEncryption]
   [-RequireInfrastructureEncryption]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageEncryptionScope
   -StorageAccount <PSStorageAccount>
   -EncryptionScopeName <String>
   [-KeyvaultEncryption]
   -KeyUri <String>
   [-RequireInfrastructureEncryption]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzStorageEncryptionScope cmdlet creates an encryption scope for a Storage account.

Examples

Example 1: Create an encryption scope with Storage Encryption

New-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -StorageEncryption

ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                         
----      -----    ------            -------------- -------------------------------                                         
testscope Enabled  Microsoft.Storage

This command creates an encryption scope with Storage Encryption.

Example 2: Create an encryption scope with Keyvault Encryption, and RequireInfrastructureEncryption

New-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" `
	-EncryptionScopeName testscope -KeyvaultEncryption -KeyUri "https://keyvalutname.vault.azure.net:443/keys/keyname/34a0ba563b4243d9a0ef2b1d3c0c7d57" `
	-RequireInfrastructureEncryption

ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name         State   Source           KeyVaultKeyUri                                                                          RequireInfrastructureEncryption                                       
----         -----   ------             --------------                                                                        -------------------------------                                     
testscope Enabled  Microsoft.Keyvault https://keyvalutname.vault.azure.net:443/keys/keyname/34a0ba563b4243d9a0ef2b1d3c0c7d57  True

This command creates an encryption scope with Keyvault Encryption and RequireInfrastructureEncryption. The Storage account Identity need have get,wrapkey,unwrapkey permissions to the keyvault key.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptionScopeName

Azure Storage EncryptionScope name

Type:String
Aliases:Name
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-KeyUri

The key Uri

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-KeyvaultEncryption

Create encryption scope with keySource as Microsoft.Keyvault

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-RequireInfrastructureEncryption

The encryption scope will apply a secondary layer of encryption with platform managed keys for data at rest.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Resource Group Name.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-StorageAccount

Storage account object

Type:PSStorageAccount
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-StorageAccountName

Storage Account Name.

Type:String
Aliases:AccountName
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-StorageEncryption

Create encryption scope with keySource as Microsoft.Storage.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSStorageAccount

Outputs

PSEncryptionScope