Disk Encryption Sets - Update

Služba:

Compute

Verze rozhraní API:

2025-01-02

Aktualizuje (záplatuje) sadu pro šifrování disku.

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}?api-version=2025-01-02

Parametry identifikátoru URI

Name	V	Vyžadováno	Typ	Description
diskEncryptionSetName	path	True	string	Název vytvářené sady šifrování disku. Po vytvoření sady šifrování disku nelze název změnit. Podporované znaky pro název jsou a-z, A-Z, 0-9, _ a -. Maximální délka názvu je 80 znaků.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	Název skupiny prostředků. Název nerozlišuje malá a velká písmena.
subscriptionId	path	True	string minLength: 1	ID cílového předplatného.
api-version	query	True	string minLength: 1	Verze rozhraní API, která se má použít pro tuto operaci.

Text požadavku

Name	Typ	Description
identity	EncryptionSetIdentity	Spravovaná identita pro sadu šifrování disku. Předtím, než ho můžete použít k šifrování disků, by měla být udělena oprávnění k trezoru klíčů.
properties.activeKey	KeyForDiskEncryptionSet	Adresa URL klíče služby Key Vault, která se má použít pro šifrování Managed Disks a snímků na straně serveru
properties.encryptionType	DiskEncryptionSetType	Typ klíče, který se používá k šifrování dat disku.
properties.federatedClientId	string	ID klienta aplikace s více tenanty pro přístup k trezoru klíčů v jiném tenantovi Nastavením hodnoty None vlastnost vymažete.
properties.rotationToLatestKeyVersionEnabled	boolean	Nastavte tento příznak na true, pokud chcete povolit automatickou aktualizaci tohoto šifrování disku nastavenou na nejnovější verzi klíče.
tags	object	Štítky prostředků

Odpovědi

Name	Typ	Description
200 OK	DiskEncryptionSet	Operace Azure byla úspěšně dokončena.
202 Accepted	DiskEncryptionSet	Žádost byla přijata ke zpracování, ale zpracování ještě nebylo dokončeno. Hlavičky Location: string Retry-After: integer
Other Status Codes	CloudError	Neočekávaná chybová odpověď

Zabezpečení

azure_auth

Tok OAuth2 v Azure Active Directory

Typ: oauth2
Tok: implicit
URL autorizace: https://login.microsoftonline.com/common/oauth2/authorize

Rozsahy

Name	Description
user_impersonation	zosobnění uživatelského účtu

Příklady

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating

update a disk encryption set.

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded

Ukázkový požadavek

HTTP

PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true
  }
}

Java

import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for DiskEncryptionSets Update.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/
     * diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
     */
    /**
     * Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
            "myDiskEncryptionSet",
            new DiskEncryptionSetUpdate()
                .withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
                .withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
                .withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
                .withRotationToLatestKeyVersionEnabled(true),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.disk_encryption_sets.begin_update(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
        disk_encryption_set={
            "identity": {"type": "SystemAssigned"},
            "properties": {
                "activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
                "encryptionType": "EncryptionAtRestWithCustomerKey",
                "rotationToLatestKeyVersionEnabled": True,
            },
        },
    ).result()
    print(response)


# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7033e85e1f80ef5cd9ca664b538ed193a8fd815b/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
		Identity: &armcompute.EncryptionSetIdentity{
			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
		},
		Properties: &armcompute.DiskEncryptionSetUpdateProperties{
			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
			},
			EncryptionType:                    to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
			RotationToLatestKeyVersionEnabled: to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
	// 	Name: to.Ptr("myDiskEncryptionSet"),
	// 	Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
	// 	ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
	// 	Location: to.Ptr("West US"),
	// 	Identity: &armcompute.EncryptionSetIdentity{
	// 		Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 	},
	// 	Properties: &armcompute.EncryptionSetProperties{
	// 		ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 			KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"),
	// 		},
	// 		EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 		LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		RotationToLatestKeyVersionEnabled: to.Ptr(true),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Updates (patches) a disk encryption set.
 *
 * @summary Updates (patches) a disk encryption set.
 * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
 */
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
  const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
  const diskEncryptionSetName = "myDiskEncryptionSet";
  const diskEncryptionSet = {
    activeKey: {
      keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
    },
    encryptionType: "EncryptionAtRestWithCustomerKey",
    identity: { type: "SystemAssigned" },
    rotationToLatestKeyVersionEnabled: true,
  };
  const credential = new DefaultAzureCredential();
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.beginUpdateAndWait(
    resourceGroupName,
    diskEncryptionSetName,
    diskEncryptionSet,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
    Identity = new ManagedServiceIdentity("SystemAssigned"),
    EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
    RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Ukázková odpověď

Stavový kód:

200

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true,
    "provisioningState": "Succeeded",
    "lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
  }
}

Stavový kód:

202

Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": []
  }
}

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating

Ukázkový požadavek

HTTP

PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true
  }
}

Java

import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for DiskEncryptionSets Update.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/
     * diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
     */
    /**
     * Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
            "myDiskEncryptionSet",
            new DiskEncryptionSetUpdate()
                .withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
                .withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
                .withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
                .withRotationToLatestKeyVersionEnabled(true),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled_in_progress.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.disk_encryption_sets.begin_update(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
        disk_encryption_set={
            "identity": {"type": "SystemAssigned"},
            "properties": {
                "activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
                "encryptionType": "EncryptionAtRestWithCustomerKey",
                "rotationToLatestKeyVersionEnabled": True,
            },
        },
    ).result()
    print(response)


# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7033e85e1f80ef5cd9ca664b538ed193a8fd815b/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
		Identity: &armcompute.EncryptionSetIdentity{
			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
		},
		Properties: &armcompute.DiskEncryptionSetUpdateProperties{
			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
			},
			EncryptionType:                    to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
			RotationToLatestKeyVersionEnabled: to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
	// 	Name: to.Ptr("myDiskEncryptionSet"),
	// 	Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
	// 	ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
	// 	Location: to.Ptr("West US"),
	// 	Identity: &armcompute.EncryptionSetIdentity{
	// 		Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 	},
	// 	Properties: &armcompute.EncryptionSetProperties{
	// 		ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 			KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"),
	// 		},
	// 		EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 		LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
	// 		PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
	// 			{
	// 				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
	// 		}},
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		RotationToLatestKeyVersionEnabled: to.Ptr(true),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Updates (patches) a disk encryption set.
 *
 * @summary Updates (patches) a disk encryption set.
 * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
 */
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
  const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
  const diskEncryptionSetName = "myDiskEncryptionSet";
  const diskEncryptionSet = {
    activeKey: {
      keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
    },
    encryptionType: "EncryptionAtRestWithCustomerKey",
    identity: { type: "SystemAssigned" },
    rotationToLatestKeyVersionEnabled: true,
  };
  const credential = new DefaultAzureCredential();
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.beginUpdateAndWait(
    resourceGroupName,
    diskEncryptionSetName,
    diskEncryptionSet,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
    Identity = new ManagedServiceIdentity("SystemAssigned"),
    EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
    RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Ukázková odpověď

Stavový kód:

200

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true,
    "previousKeys": [
      {
        "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
      }
    ],
    "provisioningState": "Updating",
    "lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
  }
}

Stavový kód:

202

Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": []
  }
}

update a disk encryption set.

Ukázkový požadavek

HTTP

PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey"
  },
  "tags": {
    "department": "Development",
    "project": "Encryption"
  }
}

Java

import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import com.azure.resourcemanager.compute.models.SourceVault;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for DiskEncryptionSets Update.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/
     * diskEncryptionSetExamples/DiskEncryptionSet_Update.json
     */
    /**
     * Sample code: update a disk encryption set.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void updateADiskEncryptionSet(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
            "myDiskEncryptionSet",
            new DiskEncryptionSetUpdate().withTags(mapOf("department", "Development", "project", "Encryption"))
                .withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
                .withActiveKey(new KeyForDiskEncryptionSet().withSourceVault(new SourceVault().withId(
                    "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
                    .withKeyUrl("fakeTokenPlaceholder")),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_update.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.disk_encryption_sets.begin_update(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
        disk_encryption_set={
            "properties": {
                "activeKey": {
                    "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
                    "sourceVault": {
                        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
                    },
                },
                "encryptionType": "EncryptionAtRestWithCustomerKey",
            },
            "tags": {"department": "Development", "project": "Encryption"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7033e85e1f80ef5cd9ca664b538ed193a8fd815b/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSet() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
		Properties: &armcompute.DiskEncryptionSetUpdateProperties{
			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
				KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
				SourceVault: &armcompute.SourceVault{
					ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
				},
			},
			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
		},
		Tags: map[string]*string{
			"department": to.Ptr("Development"),
			"project":    to.Ptr("Encryption"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
	// 	Name: to.Ptr("myDiskEncryptionSet"),
	// 	Location: to.Ptr("West US"),
	// 	Tags: map[string]*string{
	// 		"department": to.Ptr("Development"),
	// 		"project": to.Ptr("Encryption"),
	// 	},
	// 	Identity: &armcompute.EncryptionSetIdentity{
	// 		Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 	},
	// 	Properties: &armcompute.EncryptionSetProperties{
	// 		ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 			KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
	// 			SourceVault: &armcompute.SourceVault{
	// 				ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
	// 			},
	// 		},
	// 		EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 		LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
	// 		PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Updates (patches) a disk encryption set.
 *
 * @summary Updates (patches) a disk encryption set.
 * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
 */
async function updateADiskEncryptionSet() {
  const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
  const diskEncryptionSetName = "myDiskEncryptionSet";
  const diskEncryptionSet = {
    activeKey: {
      keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
      sourceVault: {
        id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
      },
    },
    encryptionType: "EncryptionAtRestWithCustomerKey",
    tags: { department: "Development", project: "Encryption" },
  };
  const credential = new DefaultAzureCredential();
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.beginUpdateAndWait(
    resourceGroupName,
    diskEncryptionSetName,
    diskEncryptionSet,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
    Tags =
    {
    ["department"] = "Development",
    ["project"] = "Encryption"
    },
    EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"))
    {
        SourceVaultId = new ResourceIdentifier("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
    },
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Ukázková odpověď

Stavový kód:

200

{
  "name": "myDiskEncryptionSet",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": [],
    "lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
  },
  "tags": {
    "department": "Development",
    "project": "Encryption"
  }
}

Stavový kód:

202

Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "name": "myDiskEncryptionSet",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": []
  },
  "tags": {
    "department": "Development",
    "project": "Encryption"
  }
}

Definice

Name	Description
ApiError	Chyba rozhraní API.
ApiErrorBase	Chybová základna API.
CloudError	Chybová odpověď ze služby Compute.
createdByType	Typ identity, která prostředek vytvořila.
DiskEncryptionSet	prostředek sady šifrování disku.
DiskEncryptionSetIdentityType	Typ spravované identity používané diskEncryptionSet. Pro nové vytváření se podporuje pouze systemAssigned. Sady šifrování disků je možné aktualizovat s typem identity None během migrace předplatného do nového tenanta Azure Active Directory; způsobí, že šifrované prostředky ztratí přístup ke klíčům.
DiskEncryptionSetType	Typ klíče, který se používá k šifrování dat disku.
DiskEncryptionSetUpdate	Disk Encryption Set Update Resource.
EncryptionSetIdentity	Spravovaná identita pro sadu šifrování disku. Předtím, než ho můžete použít k šifrování disků, by měla být udělena oprávnění k trezoru klíčů.
InnerError	Podrobnosti vnitřní chyby.
KeyForDiskEncryptionSet	Adresa URL klíče služby Key Vault, která se má použít pro šifrování Managed Disks a snímků na straně serveru
SourceVault	ID trezoru je ID prostředku Azure Resource Manager ve formátu /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
systemData	Metadata týkající se vytvoření a poslední změny prostředku.
UserAssignedIdentitiesValue

ApiError

Objekt

Chyba rozhraní API.

Name	Typ	Description
code	string	Kód chyby.
details	ApiErrorBase[]	Podrobnosti o chybě rozhraní API
innererror	InnerError	Vnitřní chyba Api
message	string	Chybová zpráva.
target	string	Cíl konkrétní chyby.

ApiErrorBase

Objekt

Chybová základna API.

Name	Typ	Description
code	string	Kód chyby.
message	string	Chybová zpráva.
target	string	Cíl konkrétní chyby.

CloudError

Objekt

Chybová odpověď ze služby Compute.

Name	Typ	Description
error	ApiError	Chyba rozhraní API.

createdByType

Výčet

Typ identity, která prostředek vytvořila.

Hodnota	Description
User
Application
ManagedIdentity
Key

DiskEncryptionSet

Objekt

prostředek sady šifrování disku.

Name	Typ	Description
id	string	Plně kvalifikované ID prostředku pro prostředek. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	EncryptionSetIdentity	Spravovaná identita pro sadu šifrování disku. Předtím, než ho můžete použít k šifrování disků, by měla být udělena oprávnění k trezoru klíčů.
location	string	Geografické umístění, ve kterém se nachází zdroj
name	string	Název prostředku
properties.activeKey	KeyForDiskEncryptionSet	Klíč trezoru klíčů, který aktuálně používá tato sada šifrování disku.
properties.autoKeyRotationError	ApiError	Chyba, ke které došlo během automatické rotace klíčů. Pokud dojde k chybě, nebude se o automatické střídání klíčů pokoušet, dokud nebude chyba v této sadě šifrování disku opravena.
properties.encryptionType	DiskEncryptionSetType	Typ klíče, který se používá k šifrování dat disku.
properties.federatedClientId	string	ID klienta aplikace s více tenanty pro přístup k trezoru klíčů v jiném tenantovi Nastavením hodnoty None vlastnost vymažete.
properties.lastKeyRotationTimestamp	string (date-time)	Čas, kdy byl aktualizován aktivní klíč této sady pro šifrování disku.
properties.previousKeys	KeyForDiskEncryptionSet[]	Kolekce klíčů trezoru klíčů, které tato sada šifrování disku dříve používala, jen pro čtení během probíhající obměně klíčů. Pokud neprobíhá žádná rotace klíčů, bude prázdná.
properties.provisioningState	string	Stav zřizování sady šifrování disku .
properties.rotationToLatestKeyVersionEnabled	boolean	Nastavte tento příznak na true, pokud chcete povolit automatickou aktualizaci tohoto šifrování disku nastavenou na nejnovější verzi klíče.
systemData	systemData	Metadata služby Azure Resource Manager obsahující informace o tom, kdo jej vytvořil a upravil.
tags	object	Značky prostředků
type	string	Typ prostředku. Např. "Microsoft.Compute/virtualMachines" nebo "Microsoft.Storage/storageAccounts"

DiskEncryptionSetIdentityType

Výčet

Typ spravované identity používané diskEncryptionSet. Pro nové vytváření se podporuje pouze systemAssigned. Sady šifrování disků je možné aktualizovat s typem identity None během migrace předplatného do nového tenanta Azure Active Directory; způsobí, že šifrované prostředky ztratí přístup ke klíčům.

Hodnota	Description
SystemAssigned
UserAssigned
SystemAssigned, UserAssigned
None

DiskEncryptionSetType

Výčet

Typ klíče, který se používá k šifrování dat disku.

Hodnota	Description
EncryptionAtRestWithCustomerKey	Prostředek používající diskEncryptionSet by byl v klidovém stavu zašifrován pomocí klíče spravovaného zákazníkem, který může zákazník změnit a odvolat.
EncryptionAtRestWithPlatformAndCustomerKeys	Prostředek používající diskEncryptionSet by byl v klidovém stavu zašifrován pomocí dvou vrstev šifrování. Jeden z klíčů je Spravováno zákazníkem a druhý klíč je Spravováno platformou.
ConfidentialVmEncryptedWithCustomerKey	Důvěrný stav disku podporovaného virtuálním počítačem a hosta virtuálního počítače by se zašifroval pomocí klíče spravovaného zákazníkem.

DiskEncryptionSetUpdate

Objekt

Disk Encryption Set Update Resource.

Name	Typ	Description
identity	EncryptionSetIdentity	Spravovaná identita pro sadu šifrování disku. Předtím, než ho můžete použít k šifrování disků, by měla být udělena oprávnění k trezoru klíčů.
properties.activeKey	KeyForDiskEncryptionSet	Adresa URL klíče služby Key Vault, která se má použít pro šifrování Managed Disks a snímků na straně serveru
properties.encryptionType	DiskEncryptionSetType	Typ klíče, který se používá k šifrování dat disku.
properties.federatedClientId	string	ID klienta aplikace s více tenanty pro přístup k trezoru klíčů v jiném tenantovi Nastavením hodnoty None vlastnost vymažete.
properties.rotationToLatestKeyVersionEnabled	boolean	Nastavte tento příznak na true, pokud chcete povolit automatickou aktualizaci tohoto šifrování disku nastavenou na nejnovější verzi klíče.
tags	object	Štítky prostředků

EncryptionSetIdentity

Objekt

Spravovaná identita pro sadu šifrování disku. Předtím, než ho můžete použít k šifrování disků, by měla být udělena oprávnění k trezoru klíčů.

Name	Typ	Description
principalId	string	ID objektu prostředku spravované identity. To se odešle do RP z ARM prostřednictvím hlavičky x-ms-identity-principal-id v požadavku PUT, pokud má prostředek systemAssigned(implicitní) identitu
tenantId	string	ID tenanta prostředku spravované identity. To se odešle do RP z ARM prostřednictvím hlavičky x-ms-client-tenant-id v požadavku PUT, pokud má prostředek identitu systemAssigned(implicit)
type	DiskEncryptionSetIdentityType	Typ spravované identity používané diskEncryptionSet. Pro nové vytváření se podporuje pouze systemAssigned. Sady šifrování disků je možné aktualizovat s typem identity None během migrace předplatného do nového tenanta Azure Active Directory; způsobí, že šifrované prostředky ztratí přístup ke klíčům.
userAssignedIdentities	<string,  UserAssignedIdentitiesValue>	Seznam identit uživatelů přidružených k sadě šifrování disku. Odkazy na klíč slovníku identit uživatele budou ID prostředků ARM ve formátu: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.

InnerError

Objekt

Podrobnosti vnitřní chyby.

Name	Typ	Description
errordetail	string	Vnitřní chybová zpráva nebo výpis výjimky.
exceptiontype	string	Typ výjimky.

KeyForDiskEncryptionSet

Objekt

Adresa URL klíče služby Key Vault, která se má použít pro šifrování Managed Disks a snímků na straně serveru

Name	Typ	Description
keyUrl	string	Plně funkční adresa URL klíče odkazující na klíč ve službě KeyVault Segment verze adresy URL se vyžaduje bez ohledu na hodnotu rotationToLatestKeyVersionEnabled.
sourceVault	SourceVault	ID prostředku služby KeyVault obsahující klíč nebo tajný klíč Tato vlastnost je volitelná a nelze ji použít, pokud předplatné služby KeyVault není stejné jako předplatné sady šifrování disku.

SourceVault

Objekt

ID trezoru je ID prostředku Azure Resource Manager ve formátu /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

Name	Typ	Description
id	string	ID prostředku

systemData

Objekt

Metadata týkající se vytvoření a poslední změny prostředku.

Name	Typ	Description
createdAt	string (date-time)	Časové razítko vytvoření prostředku (UTC).
createdBy	string	Identita, která prostředek vytvořila.
createdByType	createdByType	Typ identity, která prostředek vytvořila.
lastModifiedAt	string (date-time)	Časové razítko poslední změny zdroje (UTC)
lastModifiedBy	string	Identita, která naposledy změnila prostředek.
lastModifiedByType	createdByType	Typ identity, která naposledy změnila prostředek.

UserAssignedIdentitiesValue

Objekt

Name	Typ	Description
clientId	string	ID klienta identity přiřazené uživatelem.
principalId	string	ID objektu zabezpečení identity přiřazené uživatelem.