Microsoft.Compute diskEncryptionSets 2021-08-01

Bicep resource definition

The diskEncryptionSets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/diskEncryptionSets resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/diskEncryptionSets@2021-08-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  identity: {
    type: 'string'
  }
  properties: {
    activeKey: {
      keyUrl: 'string'
      sourceVault: {
        id: 'string'
      }
    }
    encryptionType: 'string'
    rotationToLatestKeyVersionEnabled: bool
  }
}

Property values

diskEncryptionSets

Name Description Value
name The resource name string (required)

Character limit: 1-80

Valid characters:
Alphanumerics, underscores, and hyphens.
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. EncryptionSetIdentity
properties EncryptionSetProperties

EncryptionSetIdentity

Name Description Value
type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. 'None'
'SystemAssigned'

EncryptionSetProperties

Name Description Value
activeKey The key vault key which is currently used by this disk encryption set. KeyForDiskEncryptionSet
encryptionType The type of key used to encrypt the data of the disk. 'ConfidentialVmEncryptedWithCustomerKey'
'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
rotationToLatestKeyVersionEnabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. bool

KeyForDiskEncryptionSet

Name Description Value
keyUrl Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. string (required)
sourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. SourceVault

SourceVault

Name Description Value
id Resource Id string

ARM template resource definition

The diskEncryptionSets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/diskEncryptionSets resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/diskEncryptionSets",
  "apiVersion": "2021-08-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "identity": {
    "type": "string"
  },
  "properties": {
    "activeKey": {
      "keyUrl": "string",
      "sourceVault": {
        "id": "string"
      }
    },
    "encryptionType": "string",
    "rotationToLatestKeyVersionEnabled": "bool"
  }
}

Property values

diskEncryptionSets

Name Description Value
type The resource type 'Microsoft.Compute/diskEncryptionSets'
apiVersion The resource api version '2021-08-01'
name The resource name string (required)

Character limit: 1-80

Valid characters:
Alphanumerics, underscores, and hyphens.
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. EncryptionSetIdentity
properties EncryptionSetProperties

EncryptionSetIdentity

Name Description Value
type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. 'None'
'SystemAssigned'

EncryptionSetProperties

Name Description Value
activeKey The key vault key which is currently used by this disk encryption set. KeyForDiskEncryptionSet
encryptionType The type of key used to encrypt the data of the disk. 'ConfidentialVmEncryptedWithCustomerKey'
'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
rotationToLatestKeyVersionEnabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. bool

KeyForDiskEncryptionSet

Name Description Value
keyUrl Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. string (required)
sourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. SourceVault

SourceVault

Name Description Value
id Resource Id string

Terraform (AzAPI provider) resource definition

The diskEncryptionSets resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/diskEncryptionSets resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/diskEncryptionSets@2021-08-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  identity {
    type =  "SystemAssigned"
  }
  body = jsonencode({
    properties = {
      activeKey = {
        keyUrl = "string"
        sourceVault = {
          id = "string"
        }
      }
      encryptionType = "string"
      rotationToLatestKeyVersionEnabled = bool
    }
  })
}

Property values

diskEncryptionSets

Name Description Value
type The resource type "Microsoft.Compute/diskEncryptionSets@2021-08-01"
name The resource name string (required)

Character limit: 1-80

Valid characters:
Alphanumerics, underscores, and hyphens.
location Resource location string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags Dictionary of tag names and values.
identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. EncryptionSetIdentity
properties EncryptionSetProperties

EncryptionSetIdentity

Name Description Value
type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. "SystemAssigned"

EncryptionSetProperties

Name Description Value
activeKey The key vault key which is currently used by this disk encryption set. KeyForDiskEncryptionSet
encryptionType The type of key used to encrypt the data of the disk. "ConfidentialVmEncryptedWithCustomerKey"
"EncryptionAtRestWithCustomerKey"
"EncryptionAtRestWithPlatformAndCustomerKeys"
rotationToLatestKeyVersionEnabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. bool

KeyForDiskEncryptionSet

Name Description Value
keyUrl Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. string (required)
sourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. SourceVault

SourceVault

Name Description Value
id Resource Id string