az storage account encryption-scope
Manage encryption scope for a storage account.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az storage account encryption-scope create |
Create an encryption scope within storage account. |
Core | GA |
| az storage account encryption-scope list |
List encryption scopes within storage account. |
Core | GA |
| az storage account encryption-scope show |
Show properties for specified encryption scope within storage account. |
Core | GA |
| az storage account encryption-scope update |
Update properties for specified encryption scope within storage account. |
Core | GA |
az storage account encryption-scope create
Create an encryption scope within storage account.
az storage account encryption-scope create --account-name
--name
[--key-source {Microsoft.KeyVault, Microsoft.Storage}]
[--key-uri]
[--require-infrastructure-encryption {false, true}]
[--resource-group]Examples
Create an encryption scope within storage account based on Microsoft.Storage key source.
az storage account encryption-scope create --name myencryption -s Microsoft.Storage --account-name mystorageaccount -g MyResourceGroupCreate an encryption scope within storage account based on Microsoft.KeyVault key source.
az storage account encryption-scope create --name myencryption -s Microsoft.KeyVault -u "https://vaultname.vault.azure.net/keys/keyname/1f7fa7edc99f4cdf82b5b5f32f2a50a7" --account-name mystorageaccount -g MyResourceGroupCreate an encryption scope within storage account. (autogenerated)
az storage account encryption-scope create --account-name mystorageaccount --key-source Microsoft.Storage --name myencryption --resource-group MyResourceGroup --subscription mysubscriptionRequired Parameters
The storage account name.
The name of the encryption scope within the specified storage account.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The provider for the encryption scope.
| Property | Value |
|---|---|
| Default value: | Microsoft.Storage |
| Accepted values: | Microsoft.KeyVault, Microsoft.Storage |
The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
| Property | Value |
|---|---|
| Accepted values: | false, true |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az storage account encryption-scope list
List encryption scopes within storage account.
az storage account encryption-scope list --account-name
[--filter]
[--include {All, Disabled, Enabled}]
[--marker]
[--maxpagesize]
[--resource-group]Examples
List encryption scopes within storage account.
az storage account encryption-scope list --account-name mystorageaccount -g MyResourceGroupList encryption scopes starting with specific name.
az storage account encryption-scope list --account-name mystorageaccount -g myresourcegroup --filter 'startswith(name, value)'Required Parameters
The storage account name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
When specified, only encryption scope names starting with the filter will be listed.
When specified, will list encryption scopes with the specific state.
| Property | Value |
|---|---|
| Accepted values: | All, Disabled, Enabled |
A string value that identifies the portion of the list of containers to be returned with the next listing operation. The operation returns the NextMarker value within the response body if the listing operation did not return all containers remaining to be listed with the current page. If specified, this generator will begin returning results from the point where the previous generator stopped.
The maximum number of encryption scopes that will be included in the list response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az storage account encryption-scope show
Show properties for specified encryption scope within storage account.
az storage account encryption-scope show --account-name
--name
[--resource-group]Examples
Show properties for specified encryption scope within storage account.
az storage account encryption-scope show --name myencryption --account-name mystorageaccount -g MyResourceGroupRequired Parameters
The storage account name.
The name of the encryption scope within the specified storage account.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az storage account encryption-scope update
Update properties for specified encryption scope within storage account.
az storage account encryption-scope update --account-name
--name
[--key-source {Microsoft.KeyVault, Microsoft.Storage}]
[--key-uri]
[--resource-group]
[--state {Disabled, Enabled}]Examples
Update an encryption scope key source to Microsoft.Storage.
az storage account encryption-scope update --name myencryption -s Microsoft.Storage --account-name mystorageaccount -g MyResourceGroupCreate an encryption scope within storage account based on Microsoft.KeyVault key source.
az storage account encryption-scope update --name myencryption -s Microsoft.KeyVault -u "https://vaultname.vault.azure.net/keys/keyname/1f7fa7edc99f4cdf82b5b5f32f2a50a7" --account-name mystorageaccount -g MyResourceGroupDisable an encryption scope within storage account.
az storage account encryption-scope update --name myencryption --state Disabled --account-name mystorageaccount -g MyResourceGroupEnable an encryption scope within storage account.
az storage account encryption-scope update --name myencryption --state Enabled --account-name mystorageaccount -g MyResourceGroupRequired Parameters
The storage account name.
The name of the encryption scope within the specified storage account.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The provider for the encryption scope.
| Property | Value |
|---|---|
| Accepted values: | Microsoft.KeyVault, Microsoft.Storage |
The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Change the state the encryption scope. When disabled, all blob read/write operations using this encryption scope will fail.
| Property | Value |
|---|---|
| Accepted values: | Disabled, Enabled |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
