![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 95%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,159 questions
@Ankit Rathod
Thank you for your detailed post! When it comes to migrating encrypted disks, I'd recommend decrypting and creating a backup of your data prior to performing any type of migration.
SSE+PMK:
Since this is the default encryption method used in Azure, I'd recommend reaching out to AWS regarding whether or not their Cloud Native Migration tool can decrypt disks encrypted with SSE+PMK, since it's encrypted using 256-bit AES encryption.
With SSE+CMK, you won't be able to disable the encryption. You'll have to copy all the data using either Azure PowerShell, or Azure CLI, to an entirely different managed disk that isn't using customer-managed keys.
ADE:
You can disable/decrypt your disks using this PS script.
Disable-AzVMDiskEncryption -ResourceGroupName 'MyVirtualMachineResourceGroup' -VMName 'MySecureVM' -VolumeType "all"
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.