az storage account encryption-scope
Manage encryption scope for a storage account.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az storage account encryption-scope create |
Create an encryption scope within storage account. |
Core | GA |
| az storage account encryption-scope list |
List encryption scopes within storage account. |
Core | GA |
| az storage account encryption-scope show |
Show properties for specified encryption scope within storage account. |
Core | GA |
| az storage account encryption-scope update |
Update properties for specified encryption scope within storage account. |
Core | GA |
az storage account encryption-scope create
Create an encryption scope within storage account.
az storage account encryption-scope create --account-name
--name
[--key-source {Microsoft.KeyVault, Microsoft.Storage}]
[--key-uri]
[--require-infrastructure-encryption {false, true}]
[--resource-group]Examples
Create an encryption scope within storage account based on Microsoft.Storage key source.
az storage account encryption-scope create --name myencryption -s Microsoft.Storage --account-name mystorageaccount -g MyResourceGroupCreate an encryption scope within storage account based on Microsoft.KeyVault key source.
az storage account encryption-scope create --name myencryption -s Microsoft.KeyVault -u "https://vaultname.vault.azure.net/keys/keyname/1f7fa7edc99f4cdf82b5b5f32f2a50a7" --account-name mystorageaccount -g MyResourceGroupCreate an encryption scope within storage account. (autogenerated)
az storage account encryption-scope create --account-name mystorageaccount --key-source Microsoft.Storage --name myencryption --resource-group MyResourceGroup --subscription mysubscriptionRequired Parameters
The storage account name.
The name of the encryption scope within the specified storage account.
Optional Parameters
The provider for the encryption scope.
The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az storage account encryption-scope list
List encryption scopes within storage account.
az storage account encryption-scope list --account-name
[--filter]
[--include {All, Disabled, Enabled}]
[--marker]
[--maxpagesize]
[--resource-group]Examples
List encryption scopes within storage account.
az storage account encryption-scope list --account-name mystorageaccount -g MyResourceGroupList encryption scopes starting with specific name.
az storage account encryption-scope list --account-name mystorageaccount -g myresourcegroup --filter 'startswith(name, value)'Required Parameters
The storage account name.
Optional Parameters
When specified, only encryption scope names starting with the filter will be listed.
When specified, will list encryption scopes with the specific state.
A string value that identifies the portion of the list of containers to be returned with the next listing operation. The operation returns the NextMarker value within the response body if the listing operation did not return all containers remaining to be listed with the current page. If specified, this generator will begin returning results from the point where the previous generator stopped.
The maximum number of encryption scopes that will be included in the list response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az storage account encryption-scope show
Show properties for specified encryption scope within storage account.
az storage account encryption-scope show --account-name
--name
[--resource-group]Examples
Show properties for specified encryption scope within storage account.
az storage account encryption-scope show --name myencryption --account-name mystorageaccount -g MyResourceGroupRequired Parameters
The storage account name.
The name of the encryption scope within the specified storage account.
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az storage account encryption-scope update
Update properties for specified encryption scope within storage account.
az storage account encryption-scope update --account-name
--name
[--key-source {Microsoft.KeyVault, Microsoft.Storage}]
[--key-uri]
[--resource-group]
[--state {Disabled, Enabled}]Examples
Update an encryption scope key source to Microsoft.Storage.
az storage account encryption-scope update --name myencryption -s Microsoft.Storage --account-name mystorageaccount -g MyResourceGroupCreate an encryption scope within storage account based on Microsoft.KeyVault key source.
az storage account encryption-scope update --name myencryption -s Microsoft.KeyVault -u "https://vaultname.vault.azure.net/keys/keyname/1f7fa7edc99f4cdf82b5b5f32f2a50a7" --account-name mystorageaccount -g MyResourceGroupDisable an encryption scope within storage account.
az storage account encryption-scope update --name myencryption --state Disabled --account-name mystorageaccount -g MyResourceGroupEnable an encryption scope within storage account.
az storage account encryption-scope update --name myencryption --state Enabled --account-name mystorageaccount -g MyResourceGroupRequired Parameters
The storage account name.
The name of the encryption scope within the specified storage account.
Optional Parameters
The provider for the encryption scope.
The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Change the state the encryption scope. When disabled, all blob read/write operations using this encryption scope will fail.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for