Update-AzStorageEncryptionScope

Reference

Module:: Az.Storage

Modify an encryption scope for a Storage account.

Syntax

Update-AzStorageEncryptionScope
      [-ResourceGroupName] <String>
      [-StorageAccountName] <String>
      -EncryptionScopeName <String>
      [-StorageEncryption]
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzStorageEncryptionScope
      [-ResourceGroupName] <String>
      [-StorageAccountName] <String>
      -EncryptionScopeName <String>
      [-KeyvaultEncryption]
      -KeyUri <String>
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzStorageEncryptionScope
      -StorageAccount <PSStorageAccount>
      -EncryptionScopeName <String>
      [-StorageEncryption]
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzStorageEncryptionScope
      -StorageAccount <PSStorageAccount>
      -EncryptionScopeName <String>
      [-KeyvaultEncryption]
      -KeyUri <String>
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzStorageEncryptionScope
      -InputObject <PSEncryptionScope>
      [-StorageEncryption]
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Update-AzStorageEncryptionScope
      -InputObject <PSEncryptionScope>
      [-KeyvaultEncryption]
      -KeyUri <String>
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Update-AzStorageEncryptionScope cmdlet modifies an encryption scope for a Storage account.

Examples

Example 1: Disable an encryption scope

Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -State Disabled

ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                         
----      -----    ------            -------------- -------------------------------                                         
testscope Disabled Microsoft.Storage

This command disables an encryption scope.

Example 2: Enable an encryption scope

Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -State Enabled

ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                                                           
----      -----    ------            -------------- -------------------------------                                                                          
testscope Enabled  Microsoft.Storage

This command enables an encryption scope.

Example 3: Update an encryption scope to use Storage Encryption

Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -StorageEncryption

ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                          
----      -----    ------            -------------- -------------------------------                                         
testscope Enabled  Microsoft.Storage

This command updates an encryption scope to use Storage Encryption.

Example 4: Update an encryption scope to use Keyvault Encryption

Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" -EncryptionScopeName testscope -KeyvaultEncryption -KeyUri "https://keyvalutname.vault.azure.net:443/keys/keyname/34a0ba563b4243d9a0ef2b1d3c0c7d57"

ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source             KeyVaultKeyUri                                                                          RequireInfrastructureEncryption 
----      -----    ------             --------------                                                                          -------------------------------
testscope Enabled  Microsoft.Keyvault https://keyvalutname.vault.azure.net:443/keys/keyname/34a0ba563b4243d9a0ef2b1d3c0c7d57

This command updtaes an encryption scope to use Keyvault Encryption. The Storage account Identity need have get,wrapkey,unwrapkey permissions to the keyvault key.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-EncryptionScopeName

Azure Storage EncryptionScope name

Type:	String
Aliases:	Name
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

EncryptionScope object

Type:	PSEncryptionScope
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-KeyUri

The key Uri

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-KeyvaultEncryption

Create encryption scope with keySource as Microsoft.Keyvault

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-ResourceGroupName

Resource Group Name.

Type:	String
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-State

Update encryption scope State, Possible values include: 'Enabled', 'Disabled'.

Type:	String
Accepted values:	Enabled, Disabled
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-StorageAccount

Storage account object

Type:	PSStorageAccount
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-StorageAccountName

Storage Account Name.

Type:	String
Aliases:	AccountName
Position:	1
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-StorageEncryption

Create encryption scope with keySource as Microsoft.Storage.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

PSStorageAccount

Outputs

PSEncryptionScope