![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 76%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,158 questions
Thank you for your post!
I understand that you have several Linux VMs and Storage Accounts with SSE + PMK enabled and are now planning to migrate all your Managed Disks and Storage Accounts to SEE + CMK but are looking for a possible solution to do this using Terraform. To hopefully help point you in the right direction, I'll share my findings below.
Findings:
I wasn't able to locate anything specific on the Azure side of things regarding enabling SSE + CMK via Terraform. However, when looking through the Terraform azurerm provider registry you might be able to leverage the azurerm_managed_disk and azurerm_disk_encryption_set resources to convert your existing SSE encryption from PMK to CMK.
Because you'll need to create a Terraform specific script to convert your existing SSE+PMK encryption, I'd recommend reaching out to the Terraform Community so their experts can further assist with this. For more info Terraform Community.
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.