Disk Encryption Sets - List

Service:

Compute

API Version:

2023-10-02

Lists all the disk encryption sets under a subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/diskEncryptionSets?api-version=2023-10-02

URI Parameters

Name	In	Required	Type	Description
subscriptionId	path	True	string	Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version	query	True	string	Client Api Version.

Responses

Name	Type	Description
200 OK	DiskEncryptionSetList	OK
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List all disk encryption sets in a subscription.

Sample Request

HTTP

GET https://management.azure.com/subscriptions/{subscription-id}/providers/Microsoft.Compute/diskEncryptionSets?api-version=2023-10-02

Java

/**
 * Samples for DiskEncryptionSets List.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2023-10-02/examples/
     * diskEncryptionSetExamples/DiskEncryptionSet_ListBySubscription.json
     */
    /**
     * Sample code: List all disk encryption sets in a subscription.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void listAllDiskEncryptionSetsInASubscription(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets()
            .list(com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/92de53a5f1e0e03c94b40475d2135d97148ed014/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2023-10-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_ListBySubscription.json
func ExampleDiskEncryptionSetsClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDiskEncryptionSetsClient().NewListPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DiskEncryptionSetList = armcompute.DiskEncryptionSetList{
		// 	Value: []*armcompute.DiskEncryptionSet{
		// 		{
		// 			Name: to.Ptr("myDiskEncryptionSet"),
		// 			Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
		// 			ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
		// 			Location: to.Ptr("westus"),
		// 			Tags: map[string]*string{
		// 				"department": to.Ptr("Development"),
		// 				"project": to.Ptr("Encryption"),
		// 			},
		// 			Identity: &armcompute.EncryptionSetIdentity{
		// 				Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
		// 			},
		// 			Properties: &armcompute.EncryptionSetProperties{
		// 				ActiveKey: &armcompute.KeyForDiskEncryptionSet{
		// 					KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
		// 					SourceVault: &armcompute.SourceVault{
		// 						ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
		// 					},
		// 				},
		// 				EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
		// 				PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
		// 				},
		// 				ProvisioningState: to.Ptr("Succeeded"),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("myDiskEncryptionSet2"),
		// 			Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
		// 			ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/mySecondResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet2"),
		// 			Location: to.Ptr("westus"),
		// 			Tags: map[string]*string{
		// 				"department": to.Ptr("Development"),
		// 				"project": to.Ptr("Encryption"),
		// 			},
		// 			Identity: &armcompute.EncryptionSetIdentity{
		// 				Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
		// 			},
		// 			Properties: &armcompute.EncryptionSetProperties{
		// 				ActiveKey: &armcompute.KeyForDiskEncryptionSet{
		// 					KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
		// 					SourceVault: &armcompute.SourceVault{
		// 						ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/mySecondResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault2"),
		// 					},
		// 				},
		// 				EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
		// 				PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
		// 				},
		// 				ProvisioningState: to.Ptr("Succeeded"),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Lists all the disk encryption sets under a subscription.
 *
 * @summary Lists all the disk encryption sets under a subscription.
 * x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2023-10-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_ListBySubscription.json
 */
async function listAllDiskEncryptionSetsInASubscription() {
  const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const credential = new DefaultAzureCredential();
  const client = new ComputeManagementClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.diskEncryptionSets.list()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Compute;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2023-10-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_ListBySubscription.json
// this example is just showing the usage of "DiskEncryptionSets_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "{subscription-id}";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
await foreach (DiskEncryptionSetResource item in subscriptionResource.GetDiskEncryptionSetsAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    DiskEncryptionSetData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "activeKey": {
          "sourceVault": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
          },
          "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/{key}"
        },
        "encryptionType": "EncryptionAtRestWithCustomerKey",
        "previousKeys": [],
        "provisioningState": "Succeeded"
      },
      "type": "Microsoft.Compute/diskEncryptionSets",
      "location": "westus",
      "tags": {
        "department": "Development",
        "project": "Encryption"
      },
      "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
      "name": "myDiskEncryptionSet"
    },
    {
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "activeKey": {
          "sourceVault": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/mySecondResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault2"
          },
          "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/{key}"
        },
        "encryptionType": "EncryptionAtRestWithCustomerKey",
        "previousKeys": [],
        "provisioningState": "Succeeded"
      },
      "type": "Microsoft.Compute/diskEncryptionSets",
      "location": "westus",
      "tags": {
        "department": "Development",
        "project": "Encryption"
      },
      "id": "/subscriptions/{subscriptionId}/resourceGroups/mySecondResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet2",
      "name": "myDiskEncryptionSet2"
    }
  ],
  "nextLink": "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/diskEncryptionSets?$skiptoken={token}"
}

Definitions

Name	Description
ApiError	Api error.
ApiErrorBase	Api error base.
CloudError	An error response from the Compute service.
DiskEncryptionSet	disk encryption set resource.
DiskEncryptionSetIdentityType	The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
DiskEncryptionSetList	The List disk encryption set operation response.
DiskEncryptionSetType	The type of key used to encrypt the data of the disk.
EncryptionSetIdentity	The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
InnerError	Inner error details.
KeyForDiskEncryptionSet	Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
SourceVault	The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
UserAssignedIdentities	The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ApiError

Api error.

Name	Type	Description
code	string	The error code.
details	ApiErrorBase[]	The Api error details
innererror	InnerError	The Api inner error
message	string	The error message.
target	string	The target of the particular error.

ApiErrorBase

Api error base.

Name	Type	Description
code	string	The error code.
message	string	The error message.
target	string	The target of the particular error.

CloudError

An error response from the Compute service.

Name	Type	Description
error	ApiError	Api error.

DiskEncryptionSet

disk encryption set resource.

Name	Type	Description
id	string	Resource Id
identity	EncryptionSetIdentity	The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
location	string	Resource location
name	string	Resource name
properties.activeKey	KeyForDiskEncryptionSet	The key vault key which is currently used by this disk encryption set.
properties.autoKeyRotationError	ApiError	The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
properties.encryptionType	DiskEncryptionSetType	The type of key used to encrypt the data of the disk.
properties.federatedClientId	string	Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
properties.lastKeyRotationTimestamp	string	The time when the active key of this disk encryption set was updated.
properties.previousKeys	KeyForDiskEncryptionSet[]	A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
properties.provisioningState	string	The disk encryption set provisioning state.
properties.rotationToLatestKeyVersionEnabled	boolean	Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
tags	object	Resource tags
type	string	Resource type

DiskEncryptionSetIdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

Name	Type	Description
None	string
SystemAssigned	string
SystemAssigned, UserAssigned	string
UserAssigned	string

DiskEncryptionSetList

The List disk encryption set operation response.

Name	Type	Description
nextLink	string	The uri to fetch the next page of disk encryption sets. Call ListNext() with this to fetch the next page of disk encryption sets.
value	DiskEncryptionSet[]	A list of disk encryption sets.

DiskEncryptionSetType

The type of key used to encrypt the data of the disk.

Name	Type	Description
ConfidentialVmEncryptedWithCustomerKey	string	Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
EncryptionAtRestWithCustomerKey	string	Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
EncryptionAtRestWithPlatformAndCustomerKeys	string	Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

EncryptionSetIdentity

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

Name	Type	Description
principalId	string	The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
tenantId	string	The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
type	DiskEncryptionSetIdentityType	The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities	UserAssignedIdentities	The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

InnerError

Inner error details.

Name	Type	Description
errordetail	string	The internal error message or exception dump.
exceptiontype	string	The exception type.

KeyForDiskEncryptionSet

Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots

Name	Type	Description
keyUrl	string	Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault	SourceVault	Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

SourceVault

The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}

Name	Type	Description
id	string	Resource Id

UserAssignedIdentities

The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

Name	Type	Description