Disk Encryption Sets - Update

Dienst:: Compute

API-Version:: 2025-01-02

Aktualisiert (patcht) einen Festplattenverschlüsselungssatz.

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}?api-version=2025-01-02

URI-Parameter

Name	In	Erforderlich	Typ	Beschreibung
diskEncryptionSetName	path	True	string	Der Name des Datenträgerverschlüsselungssatzes, der erstellt wird. Der Name kann nicht geändert werden, nachdem der Datenträgerverschlüsselungssatz erstellt wurde. Unterstützte Zeichen für den Namen sind a-z, A-Z, 0-9, _ und -. Die maximale Namenslänge ist 80 Zeichen.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	Der Name der Ressourcengruppe. Bei dem Namen wird die Groß-/Kleinschreibung nicht beachtet.
subscriptionId	path	True	string minLength: 1	Die ID des Zielabonnements.
api-version	query	True	string minLength: 1	Die API-Version, die für diesen Vorgang verwendet werden soll.

Anforderungstext

Name	Typ	Beschreibung
identity	EncryptionSetIdentity	Die verwaltete Identität für den Datenträgerverschlüsselungssatz. Sie sollte über die Berechtigung für den Schlüsseltresor verfügen, bevor sie zum Verschlüsseln von Datenträgern verwendet werden kann.
properties.activeKey	KeyForDiskEncryptionSet	Key Vault-Schlüssel-URL, die für die serverseitige Verschlüsselung von verwalteten Datenträgern und Momentaufnahmen verwendet werden soll
properties.encryptionType	DiskEncryptionSetType	Der Schlüsseltyp, der zum Verschlüsseln der Daten des Datenträgers verwendet wird.
properties.federatedClientId	string	Client-ID für mehrere Mandanten, um auf den Schlüsseltresor in einem anderen Mandanten zuzugreifen. Wenn Sie den Wert auf "None" festlegen, wird die Eigenschaft gelöscht.
properties.rotationToLatestKeyVersionEnabled	boolean	Legen Sie dieses Kennzeichen auf "true" fest, um die automatische Aktualisierung dieser Datenträgerverschlüsselung auf die neueste Schlüsselversion zu aktivieren.
tags	object	Ressourcenetiketten

Antworten

Name	Typ	Beschreibung
200 OK	DiskEncryptionSet	Azure-Operation erfolgreich abgeschlossen.
202 Accepted	DiskEncryptionSet	Die Anforderung wurde zur Verarbeitung akzeptiert, die Verarbeitung wurde jedoch noch nicht abgeschlossen. Header Location: string Retry-After: integer
Other Status Codes	CloudError	Unerwartete Fehlerantwort.

Name

Typ

Beschreibung

200 OK

DiskEncryptionSet

Azure-Operation erfolgreich abgeschlossen.

202 Accepted

DiskEncryptionSet

Die Anforderung wurde zur Verarbeitung akzeptiert, die Verarbeitung wurde jedoch noch nicht abgeschlossen.

Header

Location: string
Retry-After: integer

Other Status Codes

CloudError

Unerwartete Fehlerantwort.

Sicherheit

azure_auth

Azure Active Directory OAuth2 Flow.

Typ: oauth2
Ablauf: implicit
Autorisierungs-URL: https://login.microsoftonline.com/common/oauth2/authorize

Bereiche

Name	Beschreibung
user_impersonation	Identitätswechsel ihres Benutzerkontos

Beispiele

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating

update a disk encryption set.

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded

Beispielanforderung

PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true
  }
}


import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for DiskEncryptionSets Update.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
     */
    /**
     * Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded.
     * 
     * @param manager Entry point to ComputeManager.
     */
    public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded(
        com.azure.resourcemanager.compute.ComputeManager manager) {
        manager.serviceClient().getDiskEncryptionSets().update("myResourceGroup", "myDiskEncryptionSet",
            new DiskEncryptionSetUpdate()
                .withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
                .withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
                .withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
                .withRotationToLatestKeyVersionEnabled(true),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.disk_encryption_sets.begin_update(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
        disk_encryption_set={
            "identity": {"type": "SystemAssigned"},
            "properties": {
                "activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
                "encryptionType": "EncryptionAtRestWithCustomerKey",
                "rotationToLatestKeyVersionEnabled": True,
            },
        },
    ).result()
    print(response)


# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)

// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
		Identity: &armcompute.EncryptionSetIdentity{
			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
		},
		Properties: &armcompute.DiskEncryptionSetUpdateProperties{
			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
			},
			EncryptionType:                    to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
			RotationToLatestKeyVersionEnabled: to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armcompute.DiskEncryptionSetsClientUpdateResponse{
	// 	DiskEncryptionSet: &armcompute.DiskEncryptionSet{
	// 		Name: to.Ptr("myDiskEncryptionSet"),
	// 		ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
	// 		Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
	// 		Location: to.Ptr("West US"),
	// 		Identity: &armcompute.EncryptionSetIdentity{
	// 			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 		},
	// 		Properties: &armcompute.EncryptionSetProperties{
	// 			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"),
	// 			},
	// 			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 			RotationToLatestKeyVersionEnabled: to.Ptr(true),
	// 			ProvisioningState: to.Ptr("Succeeded"),
	// 			LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079872+00:00"); return t}()),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to updates (patches) a disk encryption set.
 *
 * @summary updates (patches) a disk encryption set.
 * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
 */
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "{subscription-id}";
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.update("myResourceGroup", "myDiskEncryptionSet", {
    identity: { type: "SystemAssigned" },
    activeKey: {
      keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
    },
    encryptionType: "EncryptionAtRestWithCustomerKey",
    rotationToLatestKeyVersionEnabled: true,
  });
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
    Identity = new ManagedServiceIdentity("SystemAssigned"),
    EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
    RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Beispiel für eine Antwort

Statuscode:: 200

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true,
    "provisioningState": "Succeeded",
    "lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
  }
}

Statuscode:: 202

Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": []
  }
}

update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating

Beispielanforderung

PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true
  }
}


import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for DiskEncryptionSets Update.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.
     * json
     */
    /**
     * Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating.
     * 
     * @param manager Entry point to ComputeManager.
     */
    public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating(
        com.azure.resourcemanager.compute.ComputeManager manager) {
        manager.serviceClient().getDiskEncryptionSets().update("myResourceGroup", "myDiskEncryptionSet",
            new DiskEncryptionSetUpdate()
                .withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
                .withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
                .withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
                .withRotationToLatestKeyVersionEnabled(true),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled_in_progress.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.disk_encryption_sets.begin_update(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
        disk_encryption_set={
            "identity": {"type": "SystemAssigned"},
            "properties": {
                "activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
                "encryptionType": "EncryptionAtRestWithCustomerKey",
                "rotationToLatestKeyVersionEnabled": True,
            },
        },
    ).result()
    print(response)


# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)

// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
		Identity: &armcompute.EncryptionSetIdentity{
			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
		},
		Properties: &armcompute.DiskEncryptionSetUpdateProperties{
			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
			},
			EncryptionType:                    to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
			RotationToLatestKeyVersionEnabled: to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armcompute.DiskEncryptionSetsClientUpdateResponse{
	// 	DiskEncryptionSet: &armcompute.DiskEncryptionSet{
	// 		Name: to.Ptr("myDiskEncryptionSet"),
	// 		ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
	// 		Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
	// 		Location: to.Ptr("West US"),
	// 		Identity: &armcompute.EncryptionSetIdentity{
	// 			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 		},
	// 		Properties: &armcompute.EncryptionSetProperties{
	// 			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 				KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"),
	// 			},
	// 			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 			RotationToLatestKeyVersionEnabled: to.Ptr(true),
	// 			PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
	// 				{
	// 					KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
	// 				},
	// 			},
	// 			ProvisioningState: to.Ptr("Updating"),
	// 			LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079872+00:00"); return t}()),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to updates (patches) a disk encryption set.
 *
 * @summary updates (patches) a disk encryption set.
 * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
 */
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "{subscription-id}";
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.update("myResourceGroup", "myDiskEncryptionSet", {
    identity: { type: "SystemAssigned" },
    activeKey: {
      keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
    },
    encryptionType: "EncryptionAtRestWithCustomerKey",
    rotationToLatestKeyVersionEnabled: true,
  });
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
    Identity = new ManagedServiceIdentity("SystemAssigned"),
    EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
    RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Beispiel für eine Antwort

Statuscode:: 200

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "rotationToLatestKeyVersionEnabled": true,
    "previousKeys": [
      {
        "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
      }
    ],
    "provisioningState": "Updating",
    "lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
  }
}

Statuscode:: 202

Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "name": "myDiskEncryptionSet",
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": []
  }
}

update a disk encryption set.

Beispielanforderung

PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey"
  },
  "tags": {
    "department": "Development",
    "project": "Encryption"
  }
}


import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import com.azure.resourcemanager.compute.models.SourceVault;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for DiskEncryptionSets Update.
 */
public final class Main {
    /*
     * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
     */
    /**
     * Sample code: update a disk encryption set.
     * 
     * @param manager Entry point to ComputeManager.
     */
    public static void updateADiskEncryptionSet(com.azure.resourcemanager.compute.ComputeManager manager) {
        manager.serviceClient().getDiskEncryptionSets().update("myResourceGroup", "myDiskEncryptionSet",
            new DiskEncryptionSetUpdate().withTags(mapOf("department", "Development", "project", "Encryption"))
                .withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
                .withActiveKey(new KeyForDiskEncryptionSet().withSourceVault(new SourceVault().withId(
                    "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
                    .withKeyUrl("fakeTokenPlaceholder")),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_update.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.disk_encryption_sets.begin_update(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
        disk_encryption_set={
            "properties": {
                "activeKey": {
                    "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
                    "sourceVault": {
                        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
                    },
                },
                "encryptionType": "EncryptionAtRestWithCustomerKey",
            },
            "tags": {"department": "Development", "project": "Encryption"},
        },
    ).result()
    print(response)


# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)

// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSet() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
		Properties: &armcompute.DiskEncryptionSetUpdateProperties{
			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
				SourceVault: &armcompute.SourceVault{
					ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
				},
				KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
			},
			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
		},
		Tags: map[string]*string{
			"department": to.Ptr("Development"),
			"project":    to.Ptr("Encryption"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armcompute.DiskEncryptionSetsClientUpdateResponse{
	// 	DiskEncryptionSet: &armcompute.DiskEncryptionSet{
	// 		Name: to.Ptr("myDiskEncryptionSet"),
	// 		Location: to.Ptr("West US"),
	// 		Identity: &armcompute.EncryptionSetIdentity{
	// 			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 		},
	// 		Properties: &armcompute.EncryptionSetProperties{
	// 			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 				SourceVault: &armcompute.SourceVault{
	// 					ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
	// 				},
	// 				KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
	// 			},
	// 			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 			PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
	// 			},
	// 			LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079872+00:00"); return t}()),
	// 		},
	// 		Tags: map[string]*string{
	// 			"department": to.Ptr("Development"),
	// 			"project": to.Ptr("Encryption"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to updates (patches) a disk encryption set.
 *
 * @summary updates (patches) a disk encryption set.
 * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
 */
async function updateADiskEncryptionSet() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "{subscription-id}";
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.update("myResourceGroup", "myDiskEncryptionSet", {
    activeKey: {
      sourceVault: {
        id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
      },
      keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
    },
    encryptionType: "EncryptionAtRestWithCustomerKey",
    tags: { department: "Development", project: "Encryption" },
  });
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
    Tags =
    {
    ["department"] = "Development",
    ["project"] = "Encryption"
    },
    EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"))
    {
        SourceVaultId = new ResourceIdentifier("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
    },
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Beispiel für eine Antwort

Statuscode:: 200

{
  "name": "myDiskEncryptionSet",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": [],
    "lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
  },
  "tags": {
    "department": "Development",
    "project": "Encryption"
  }
}

Statuscode:: 202

Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

{
  "name": "myDiskEncryptionSet",
  "location": "West US",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": []
  },
  "tags": {
    "department": "Development",
    "project": "Encryption"
  }
}

Definitionen

Name	Beschreibung
ApiError	API-Fehler.
ApiErrorBase	API-Fehlerbasis.
CloudError	Eine Fehlerantwort vom Compute-Dienst.
Common.UserAssignedIdentitiesValue
createdByType	Der Identitätstyp, der die Ressource erstellt hat.
DiskEncryptionSet	Datenträgerverschlüsselungssatzressource.
DiskEncryptionSetIdentityType	Der Typ der verwalteten Identität, die vom DiskEncryptionSet verwendet wird. Nur SystemAssigned wird für neue Erstellungen unterstützt. Datenträgerverschlüsselungssätze können während der Migration des Abonnements zu einem neuen Azure Active Directory Mandanten mit dem Identitätstyp "Keine" aktualisiert werden. Die verschlüsselten Ressourcen verlieren den Zugriff auf die Schlüssel.
DiskEncryptionSetType	Der Schlüsseltyp, der zum Verschlüsseln der Daten des Datenträgers verwendet wird.
DiskEncryptionSetUpdate	Datenträgerverschlüsselungssatz-Updateressource.
EncryptionSetIdentity	Die verwaltete Identität für den Datenträgerverschlüsselungssatz. Sie sollte über die Berechtigung für den Schlüsseltresor verfügen, bevor sie zum Verschlüsseln von Datenträgern verwendet werden kann.
InnerError	Innere Fehlerdetails.
KeyForDiskEncryptionSet	Key Vault-Schlüssel-URL, die für die serverseitige Verschlüsselung von verwalteten Datenträgern und Momentaufnahmen verwendet werden soll
SourceVault	Die Tresor-ID ist eine Azure Resource Manager-Ressourcen-ID im Format /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
systemData	Metadaten zur Erstellung und letzten Änderung der Ressource.

ApiError

Objekt

API-Fehler.

Name	Typ	Beschreibung
code	string	Der Fehlercode.
details	ApiErrorBase[]	Die Details zum API-Fehler
innererror	InnerError	Der innere API-Fehler
message	string	Die Fehlermeldung.
target	string	Das Ziel des bestimmten Fehlers.

ApiErrorBase

Objekt

API-Fehlerbasis.

Name	Typ	Beschreibung
code	string	Der Fehlercode.
message	string	Die Fehlermeldung.
target	string	Das Ziel des bestimmten Fehlers.

CloudError

Objekt

Eine Fehlerantwort vom Compute-Dienst.

Name	Typ	Beschreibung
error	ApiError	API-Fehler.

Common.UserAssignedIdentitiesValue

Objekt

Name	Typ	Beschreibung
clientId	string	Die Client-ID der vom Benutzer zugewiesenen Identität.
principalId	string	Die Prinzipal-ID der vom Benutzer zugewiesenen Identität.

createdByType

Enumeration

Der Identitätstyp, der die Ressource erstellt hat.

Wert	Beschreibung
User
Application
ManagedIdentity
Key

DiskEncryptionSet

Objekt

Datenträgerverschlüsselungssatzressource.

Name	Typ	Beschreibung
id	string	Vollqualifizierte Ressourcen-ID für die Ressource. Zum Beispiel - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	EncryptionSetIdentity	Die verwaltete Identität für den Datenträgerverschlüsselungssatz. Sie sollte über die Berechtigung für den Schlüsseltresor verfügen, bevor sie zum Verschlüsseln von Datenträgern verwendet werden kann.
location	string	Der geografische Standort, an dem sich die Ressource befindet
name	string	Der Name der Ressource
properties.activeKey	KeyForDiskEncryptionSet	Der Schlüsseltresorschlüssel, der derzeit von diesem Datenträgerverschlüsselungssatz verwendet wird.
properties.autoKeyRotationError	ApiError	Der Fehler, der während der automatischen Schlüsseldrehung aufgetreten ist. Wenn ein Fehler auftritt, wird die automatische Schlüsselrotation erst versucht, wenn der Fehler in diesem Datenträgerverschlüsselungssatz behoben ist.
properties.encryptionType	DiskEncryptionSetType	Der Schlüsseltyp, der zum Verschlüsseln der Daten des Datenträgers verwendet wird.
properties.federatedClientId	string	Client-ID für mehrere Mandanten, um auf den Schlüsseltresor in einem anderen Mandanten zuzugreifen. Wenn Sie den Wert auf "None" festlegen, wird die Eigenschaft gelöscht.
properties.lastKeyRotationTimestamp	string (date-time)	Der Zeitpunkt, zu dem der aktive Schlüssel dieses Festplattenverschlüsselungssatzes aktualisiert wurde.
properties.previousKeys	KeyForDiskEncryptionSet[]	Eine schreibgeschützte Auflistung von Schlüsseltresorschlüsseln, die zuvor von diesem Datenträgerverschlüsselungssatz verwendet wurden, während eine Schlüsselrotation ausgeführt wird. Er ist leer, wenn keine laufende Schlüsselrotation stattfindet.
properties.provisioningState	string	Der Bereitstellungsstatus des Datenträgerverschlüsselungssatzes.
properties.rotationToLatestKeyVersionEnabled	boolean	Legen Sie dieses Kennzeichen auf "true" fest, um die automatische Aktualisierung dieser Datenträgerverschlüsselung auf die neueste Schlüsselversion zu aktivieren.
systemData	systemData	Azure Resource Manager-Metadaten, die createdBy und modifiedBy-Informationen enthalten.
tags	object	Ressourcentags.
type	string	Der Typ der Ressource. Zum Beispiel "Microsoft. Compute/virtualMachines" oder "Microsoft. Speicher/Speicherkonten"

DiskEncryptionSetIdentityType

Enumeration

Der Typ der verwalteten Identität, die vom DiskEncryptionSet verwendet wird. Nur SystemAssigned wird für neue Erstellungen unterstützt. Datenträgerverschlüsselungssätze können während der Migration des Abonnements zu einem neuen Azure Active Directory Mandanten mit dem Identitätstyp "Keine" aktualisiert werden. Die verschlüsselten Ressourcen verlieren den Zugriff auf die Schlüssel.

Wert	Beschreibung
SystemAssigned
UserAssigned
SystemAssigned, UserAssigned
None

DiskEncryptionSetType

Enumeration

Der Schlüsseltyp, der zum Verschlüsseln der Daten des Datenträgers verwendet wird.

Wert	Beschreibung
EncryptionAtRestWithCustomerKey	Die Ressource, die diskEncryptionSet verwendet, wird im Ruhezustand mit dem vom Kunden verwalteten Schlüssel verschlüsselt, der von einem Kunden geändert und widerrufen werden kann.
EncryptionAtRestWithPlatformAndCustomerKeys	Die Ressource, die diskEncryptionSet verwendet, wird im Ruhezustand mit zwei Verschlüsselungsebenen verschlüsselt. Einer der Schlüssel ist vom Kunden verwaltet, und der andere Schlüssel wird plattformverwaltet.
ConfidentialVmEncryptedWithCustomerKey	Der von vertraulichen VMs unterstützte Datenträger und der Gaststatus der VM werden mit dem vom Kunden verwalteten Schlüssel verschlüsselt.

DiskEncryptionSetUpdate

Objekt

Datenträgerverschlüsselungssatz-Updateressource.

Name	Typ	Beschreibung
identity	EncryptionSetIdentity	Die verwaltete Identität für den Datenträgerverschlüsselungssatz. Sie sollte über die Berechtigung für den Schlüsseltresor verfügen, bevor sie zum Verschlüsseln von Datenträgern verwendet werden kann.
properties.activeKey	KeyForDiskEncryptionSet	Key Vault-Schlüssel-URL, die für die serverseitige Verschlüsselung von verwalteten Datenträgern und Momentaufnahmen verwendet werden soll
properties.encryptionType	DiskEncryptionSetType	Der Schlüsseltyp, der zum Verschlüsseln der Daten des Datenträgers verwendet wird.
properties.federatedClientId	string	Client-ID für mehrere Mandanten, um auf den Schlüsseltresor in einem anderen Mandanten zuzugreifen. Wenn Sie den Wert auf "None" festlegen, wird die Eigenschaft gelöscht.
properties.rotationToLatestKeyVersionEnabled	boolean	Legen Sie dieses Kennzeichen auf "true" fest, um die automatische Aktualisierung dieser Datenträgerverschlüsselung auf die neueste Schlüsselversion zu aktivieren.
tags	object	Ressourcenetiketten

EncryptionSetIdentity

Objekt

Die verwaltete Identität für den Datenträgerverschlüsselungssatz. Sie sollte über die Berechtigung für den Schlüsseltresor verfügen, bevor sie zum Verschlüsseln von Datenträgern verwendet werden kann.

Name	Typ	Beschreibung
principalId	string	Die Objekt-ID der Ressource für verwaltete Identitäten. Dies wird von ARM über den x-ms-identity-principal-id-Header in der PUT-Anforderung an die vertrauende Seite gesendet, wenn die Ressource über eine systemAssigned(implizite) Identität verfügt
tenantId	string	Die Mandanten-ID der Ressource für verwaltete Identitäten. Dies wird von ARM über den x-ms-client-tenant-id-Header in der PUT-Anforderung an die vertrauende Seite gesendet, wenn die Ressource über eine systemAssigned(implizite) Identität verfügt
type	DiskEncryptionSetIdentityType	Der Typ der verwalteten Identität, die vom DiskEncryptionSet verwendet wird. Nur SystemAssigned wird für neue Erstellungen unterstützt. Datenträgerverschlüsselungssätze können während der Migration des Abonnements zu einem neuen Azure Active Directory Mandanten mit dem Identitätstyp "Keine" aktualisiert werden. Die verschlüsselten Ressourcen verlieren den Zugriff auf die Schlüssel.
userAssignedIdentities	<string, Common.UserAssignedIdentitiesValue>	Die Liste der Benutzeridentitäten, die dem Datenträgerverschlüsselungssatz zugeordnet sind. Die Schlüsselreferenzen im Benutzeridentitätswörterbuch sind ARM-Ressourcen-IDs in der Form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft. ManagedIdentity/userAssignedIdentities/{identityName}'.

InnerError

Objekt

Innere Fehlerdetails.

Name	Typ	Beschreibung
errordetail	string	Die interne Fehlermeldung oder der Ausnahmedump.
exceptiontype	string	Der Ausnahmetyp.

KeyForDiskEncryptionSet

Objekt

Key Vault-Schlüssel-URL, die für die serverseitige Verschlüsselung von verwalteten Datenträgern und Momentaufnahmen verwendet werden soll

Name	Typ	Beschreibung
keyUrl	string	Vollversionierte Schlüssel-URL, die auf einen Schlüssel in KeyVault verweist. Das Versionssegment der URL ist unabhängig vom RotationToLatestKeyVersionEnabled-Wert erforderlich.
sourceVault	SourceVault	Ressourcen-ID des KeyVault-Werts, der den Schlüssel oder geheimen Schlüssel enthält. Diese Eigenschaft ist optional und kann nicht verwendet werden, wenn das KeyVault-Abonnement nicht mit dem Disk Encryption Set-Abonnement identisch ist.

SourceVault

Objekt

Die Tresor-ID ist eine Azure Resource Manager-Ressourcen-ID im Format /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

Name	Typ	Beschreibung
id	string	Ressourcen-ID

systemData

Objekt

Metadaten zur Erstellung und letzten Änderung der Ressource.

Name	Typ	Beschreibung
createdAt	string (date-time)	Der Zeitstempel der Ressourcenerstellung (UTC).
createdBy	string	Die Identität, die die Ressource erstellt hat.
createdByType	createdByType	Der Identitätstyp, der die Ressource erstellt hat.
lastModifiedAt	string (date-time)	Der Zeitstempel der letzten Änderung der Ressource (UTC)
lastModifiedBy	string	Die Identität, die die Ressource zuletzt geändert hat.
lastModifiedByType	createdByType	Der Identitätstyp, der die Ressource zuletzt geändert hat.