Editar

Partilhar via


New-AzDiskEncryptionSetConfig

Creates a configurable disk encryption set object.

Syntax

New-AzDiskEncryptionSetConfig
   [-Location] <String>
   [[-Tag] <Hashtable>]
   [[-IdentityType] <String>]
   [[-SourceVaultId] <String>]
   [-KeyUrl <String>]
   [-EncryptionType <String>]
   [-RotationToLatestKeyVersionEnabled <Boolean>]
   [-FederatedClientId <String>]
   [-UserAssignedIdentity <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Creates a configurable disk encryption set object.

Examples

Example 1

$config = New-AzDiskEncryptionSetConfig -Location 'westcentralus' -KeyUrl "https://valut1.vault.azure.net:443/keys/key1/mykey" -SourceVaultId '/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/resourceGroups/rg1/providers/Microsoft.KeyVault/vaults/vault1' -IdentityType 'SystemAssigned'
$config | New-AzDiskEncryptionSet -ResourceGroupName 'rg1' -Name 'enc1'

Creates disk encryption set using the given active key in the key vault.

Example 2

$userAssignedIdentities = @{ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}" = @{}};
$config = New-AzDiskEncryptionSetConfig -Location 'westcentralus' -KeyUrl "https://valut1.vault.azure.net:443/keys/key1/mykey" -SourceVaultId '/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/resourceGroups/rg1/providers/Microsoft.KeyVault/vaults/vault1' -IdentityType 'UserAssigned' -RotationToLatestKeyVersionEnabled $True -UserAssignedIdentity $userAssignedIdentities -FederatedClientId "13ebe945-1314-41b4-8b58-f3784e0dd278"
$config | New-AzDiskEncryptionSet -ResourceGroupName 'rg1' -Name 'enc1'

Using UserAssignedIdentity and FederatedClientId

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptionType

Use this to set the encryption type of the disk encryption set. Available values are: 'EncryptionAtRestWithPlatformKey', 'EncryptionAtRestWithCustomerKey'.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-FederatedClientId

Multi-tenant application client id to access key vault in a different tenant.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported.

Type:String
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyUrl

Url pointing to the active key in KeyVault

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Location

Specifies a location.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RotationToLatestKeyVersionEnabled

Gets or sets set this flag to true to enable auto-updating of this disk encryption

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SourceVaultId

Resource id of the KeyVault containing the active key.

Type:String
Position:3
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Tag

Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"}

Type:Hashtable
Position:1
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-UserAssignedIdentity

The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Hashtable

Outputs

PSDiskEncryptionSet