Disk Encryption Sets - List
Lists all the disk encryption sets under a subscription.
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/diskEncryptionSets?api-version=2024-03-02
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
subscription
|
path | True |
string |
Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
api-version
|
query | True |
string |
Client Api Version. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
List all disk encryption sets in a subscription.
Sample request
Sample response
{
"value": [
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/{key}"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": [],
"provisioningState": "Succeeded"
},
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"name": "myDiskEncryptionSet"
},
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/mySecondResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault2"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/{key}"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": [],
"provisioningState": "Succeeded"
},
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"id": "/subscriptions/{subscriptionId}/resourceGroups/mySecondResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet2",
"name": "myDiskEncryptionSet2"
}
],
"nextLink": "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/diskEncryptionSets?$skiptoken={token}"
}
Definitions
Name | Description |
---|---|
Api |
Api error. |
Api |
Api error base. |
Cloud |
An error response from the Compute service. |
Disk |
disk encryption set resource. |
Disk |
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. |
Disk |
The List disk encryption set operation response. |
Disk |
The type of key used to encrypt the data of the disk. |
Encryption |
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. |
Inner |
Inner error details. |
Key |
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots |
Source |
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName} |
User |
The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
ApiError
Api error.
Name | Type | Description |
---|---|---|
code |
string |
The error code. |
details |
The Api error details |
|
innererror |
The Api inner error |
|
message |
string |
The error message. |
target |
string |
The target of the particular error. |
ApiErrorBase
Api error base.
Name | Type | Description |
---|---|---|
code |
string |
The error code. |
message |
string |
The error message. |
target |
string |
The target of the particular error. |
CloudError
An error response from the Compute service.
Name | Type | Description |
---|---|---|
error |
Api error. |
DiskEncryptionSet
disk encryption set resource.
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
identity |
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks. |
|
location |
string |
Resource location |
name |
string |
Resource name |
properties.activeKey |
The key vault key which is currently used by this disk encryption set. |
|
properties.autoKeyRotationError |
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed. |
|
properties.encryptionType |
The type of key used to encrypt the data of the disk. |
|
properties.federatedClientId |
string |
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property. |
properties.lastKeyRotationTimestamp |
string |
The time when the active key of this disk encryption set was updated. |
properties.previousKeys |
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation. |
|
properties.provisioningState |
string |
The disk encryption set provisioning state. |
properties.rotationToLatestKeyVersionEnabled |
boolean |
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. |
tags |
object |
Resource tags |
type |
string |
Resource type |
DiskEncryptionSetIdentityType
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
Name | Type | Description |
---|---|---|
None |
string |
|
SystemAssigned |
string |
|
SystemAssigned, UserAssigned |
string |
|
UserAssigned |
string |
DiskEncryptionSetList
The List disk encryption set operation response.
Name | Type | Description |
---|---|---|
nextLink |
string |
The uri to fetch the next page of disk encryption sets. Call ListNext() with this to fetch the next page of disk encryption sets. |
value |
A list of disk encryption sets. |
DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
Name | Type | Description |
---|---|---|
ConfidentialVmEncryptedWithCustomerKey |
string |
Confidential VM supported disk and VM guest state would be encrypted with customer managed key. |
EncryptionAtRestWithCustomerKey |
string |
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer. |
EncryptionAtRestWithPlatformAndCustomerKeys |
string |
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed. |
EncryptionSetIdentity
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
Name | Type | Description |
---|---|---|
principalId |
string |
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity |
tenantId |
string |
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity |
type |
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys. |
|
userAssignedIdentities |
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
InnerError
Inner error details.
Name | Type | Description |
---|---|---|
errordetail |
string |
The internal error message or exception dump. |
exceptiontype |
string |
The exception type. |
KeyForDiskEncryptionSet
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
Name | Type | Description |
---|---|---|
keyUrl |
string |
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value. |
sourceVault |
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription. |
SourceVault
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
UserAssignedIdentities
The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
Name | Type | Description |
---|---|---|
|