az disk-encryption-set

Disk Encryption Set resource.

Commands

Name	Description	Type	Status
az disk-encryption-set create	Create a disk encryption set.	Core	GA
az disk-encryption-set delete	Delete a disk encryption set.	Core	GA
az disk-encryption-set identity	Manage identities of a disk encryption set.	Core	GA
az disk-encryption-set identity assign	Add managed identities to an existing disk encryption set.	Core	GA
az disk-encryption-set identity remove	Remove managed identities from an existing disk encryption set.	Core	GA
az disk-encryption-set identity show	Display managed identities of a disk encryption set.	Core	GA
az disk-encryption-set list	List disk encryption sets.	Core	GA
az disk-encryption-set list-associated-resources	List all resources that are encrypted with this disk encryption set.	Core	GA
az disk-encryption-set show	Get information about a disk encryption set.	Core	GA
az disk-encryption-set update	Update a disk encryption set.	Core	GA
az disk-encryption-set wait	Place the CLI in a waiting state until a condition is met.	Core	GA

az disk-encryption-set create

Create a disk encryption set.

az disk-encryption-set create --key-url
                              --name
                              --resource-group
                              [--auto-rotation {false, true}]
                              [--encryption-type {ConfidentialVmEncryptedWithCustomerKey, EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey}]
                              [--federated-client-id]
                              [--location]
                              [--mi-system-assigned {false, true}]
                              [--mi-user-assigned]
                              [--no-wait]
                              [--source-vault]
                              [--tags]

Examples

Create a disk encryption set.

az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault

Create a disk encryption set with a system assigned identity.

az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --mi-system-assigned

Create a disk encryption set with a user assigned identity.

az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --mi-user-assigned myAssignedId

Create a disk encryption set with system assigned identity and a user assigned identity.

az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --mi-system-assigned --mi-user-assigned myAssignedId

Create a disk encryption set with multi-tenant application client id to access key vault in a different tenant.

az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --federated-client-id myFederatedClientId

Create a disk encryption set that supports double encryption.

az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --encryption-type EncryptionAtRestWithPlatformAndCustomerKeys

Required Parameters

--key-url

URL pointing to a key or secret in KeyVault.

--name -n

Name of disk encryption set.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--auto-rotation --enable-auto-key-rotation

Enable automatic rotation of keys.

Accepted values: false, true

--encryption-type

The type of key used to encrypt the data of the disk. EncryptionAtRestWithPlatformKey: Disk is encrypted at rest with Platform managed key. It is the default encryption type. EncryptionAtRestWithCustomerKey: Disk is encrypted at rest with Customer managed key that can be changed and revoked by a customer. EncryptionAtRestWithPlatformAndCustomerKeys: Disk is encrypted at rest with 2 layers of encryption. One of the keys is Customer managed and the other key is Platform managed. ConfidentialVmEncryptedWithCustomerKey: An additional encryption type accepted for confidential VM. Disk is encrypted at rest with Customer managed key.

Accepted values: ConfidentialVmEncryptedWithCustomerKey, EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey

--federated-client-id

The federated client id used in cross tenant scenario.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--mi-system-assigned

Provide this flag to use system assigned identity. Check out help for more examples.

Accepted values: false, true

--mi-user-assigned

User Assigned Identity ids to be used for disk encryption set. Check out help for more examples.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--source-vault

Name or ID of the KeyVault containing the key or secret.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az disk-encryption-set delete

Delete a disk encryption set.

az disk-encryption-set delete [--disk-encryption-set-name]
                              [--ids]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--resource-group]
                              [--subscription]

Examples

Delete a disk encryption set.

az disk-encryption-set delete --name MyDiskEncryptionSet --resource-group MyResourceGroup

Optional Parameters

--disk-encryption-set-name --name -n

Name of disk encryption set.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az disk-encryption-set list

List disk encryption sets.

az disk-encryption-set list [--max-items]
                            [--next-token]
                            [--resource-group]

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az disk-encryption-set list-associated-resources

List all resources that are encrypted with this disk encryption set.

az disk-encryption-set list-associated-resources --disk-encryption-set-name
                                                 --resource-group
                                                 [--max-items]
                                                 [--next-token]

Required Parameters

--disk-encryption-set-name --name -n

Name of disk encryption set.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az disk-encryption-set show

Get information about a disk encryption set.

az disk-encryption-set show [--disk-encryption-set-name]
                            [--ids]
                            [--resource-group]
                            [--subscription]

Examples

Get information of a disk encryption sets

az disk-encryption-set show --name MyDiskEncryptionSet --resource-group MyResourceGroup

Optional Parameters

--disk-encryption-set-name --name -n

Name of disk encryption set.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az disk-encryption-set update

Update a disk encryption set.

az disk-encryption-set update [--add]
                              [--auto-rotation {false, true}]
                              [--federated-client-id]
                              [--force-string]
                              [--ids]
                              [--key-url]
                              [--name]
                              [--remove]
                              [--resource-group]
                              [--set]
                              [--source-vault]
                              [--subscription]

Examples

Update a disk encryption set. (autogenerated)

az disk-encryption-set update --name MyDiskEncryptionSet --resource-group MyResourceGroup --key-url MyKey --source-vault MyVault

Update multi-tenant application client id of a disk encryption set.

az disk-encryption-set update --name MyDiskEncryptionSet --resource-group MyResourceGroup --key-url MyKey --source-vault MyVault --federated-client-id myFederatedClientId

Clear multi-tenant application client id of a disk encryption set.

az disk-encryption-set update --name MyDiskEncryptionSet --resource-group MyResourceGroup --key-url MyKey --source-vault MyVault --federated-client-id None

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Default value: []

--auto-rotation --enable-auto-key-rotation

Enable automatic rotation of keys.

Accepted values: false, true

--federated-client-id

The federated client id used in cross tenant scenario.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--key-url

URL pointing to a key or secret in KeyVault.

--name -n

Name of disk encryption set.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Default value: []

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Default value: []

--source-vault

Name or ID of the KeyVault containing the key or secret.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az disk-encryption-set wait

Place the CLI in a waiting state until a condition is met.

az disk-encryption-set wait [--created]
                            [--custom]
                            [--deleted]
                            [--disk-encryption-set-name]
                            [--exists]
                            [--ids]
                            [--interval]
                            [--resource-group]
                            [--subscription]
                            [--timeout]
                            [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False

--disk-encryption-set-name --name -n

Name of disk encryption set.

--exists

Wait until the resource exists.

Default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.