How to enable SSE with CMK on Azure VM disks using Python SDK API calls?

Question

How to enable SSE with CMK on Azure VM disks using Python SDK API calls?

Prem Jha 95

I am using Azure Python SDK API calls to create a virtual machine with both an OS disk and a data disk. I need to enable the feature of Server Side Encryption (SSE) with Customer Managed Key (CMK) using Disk Encryption Sets. However, I am unsure how to do this. Can someone help me out with this? Thank you.

vipullag-MSFT 26,487 Reputation points Moderator

2023-11-02T03:47:55.5633333+00:00

Hello Prem Jha

Any update on the issue?

Just checking in to see if you got a chance to see previous response.

If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

1 answer

Your answer

vipullag-MSFT 26,487 Reputation points Moderator

2023-11-02T03:47:55.5633333+00:00

Hello Prem Jha

Any update on the issue?

Just checking in to see if you got a chance to see previous response.

If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

Answer 1

Hello Prem Jha

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

To enable SSE with CMK on Azure VM disks using Python SDK API calls, you need to follow these steps:

Create an Azure Key Vault and a DiskEncryptionSet resource.
Create a managed disk and associate it with the DiskEncryptionSet.
Create a virtual machine and attach the managed disk to it.

Here is an example code snippet that demonstrates how to create a virtual machine with both an OS disk and a data disk, and enable SSE with CMK using Disk Encryption Sets:

from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.compute.models import DiskCreateOption, DiskEncryptionSetParameters, EncryptionSetIdentity, EncryptionSetIdentityType, EncryptionSetType, KeyVaultAndKeyReference, KeyVaultAndSecretReference, OperatingSystemTypes, StorageAccountTypes, VirtualHardDisk, VirtualMachine, VirtualMachineDataDisk, VirtualMachineIdentity, VirtualMachineSizeTypes
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.mgmt.keyvault.models import AccessPolicyEntry, Permissions, SecretPermissions, VaultProperties
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.resource.resources.models import DeploymentMode, DeploymentProperties, ResourceGroup, TemplateLink

# Set variables
subscription_id = ''
resource_group_name = ''
location = ''
vm_name = ''
vm_size = VirtualMachineSizeTypes.standard_b2s
os_disk_name = ''
os_disk_size_gb = 128
os_disk_create_option = DiskCreateOption.from_image
os_disk_image_uri = ''
data_disk_name = ''
data_disk_size_gb = 256
key_vault_name = ''
key_vault_resource_group_name = ''
key_vault_location = ''
key_vault_access_policy_object_id = ''
key_vault_key_name = ''
key_vault_key_version = ''
key_vault_key_url = ''
key_vault_secret_name = ''
key_vault_secret_version = ''
key_vault_secret_url = ''
disk_encryption_set

Hope this helps.

Share via

How to enable SSE with CMK on Azure VM disks using Python SDK API calls?

1 answer

Your answer