Updates (patches) a disk encryption set.
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}?api-version=2024-03-02
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
diskEncryptionSetName
|
path |
True
|
string
|
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
|
|
resourceGroupName
|
path |
True
|
string
|
The name of the resource group.
|
|
subscriptionId
|
path |
True
|
string
|
Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
|
|
api-version
|
query |
True
|
string
|
Client Api Version.
|
Request Body
| Name |
Type |
Description |
|
identity
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
properties.federatedClientId
|
string
|
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
|
|
tags
|
object
|
Resource tags
|
Responses
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
Update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2024-03-02
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/
* diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
*/
/**
* Sample code: Update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
"myDiskEncryptionSet",
new DiskEncryptionSetUpdate()
.withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
.withRotationToLatestKeyVersionEnabled(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"identity": {"type": "SystemAssigned"},
"properties": {
"activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": True,
},
},
).result()
print(response)
# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/250861bb6a886b75255edfa0aa5ee2dd0d6e7a11/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Identity: &armcompute.EncryptionSetIdentity{
Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
RotationToLatestKeyVersionEnabled: to.Ptr(true),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
// ProvisioningState: to.Ptr("Succeeded"),
// RotationToLatestKeyVersionEnabled: to.Ptr(true),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Updates (patches) a disk encryption set.
*
* @summary Updates (patches) a disk encryption set.
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
*/
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
const diskEncryptionSetName = "myDiskEncryptionSet";
const diskEncryptionSet = {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: { type: "SystemAssigned" },
rotationToLatestKeyVersionEnabled: true,
};
const credential = new DefaultAzureCredential();
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.beginUpdateAndWait(
resourceGroupName,
diskEncryptionSetName,
diskEncryptionSet,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Identity = new ManagedServiceIdentity("SystemAssigned"),
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2024-03-02
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
}
}
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true,
"provisioningState": "Succeeded",
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
}
}
Update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2024-03-02
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/
* diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
*/
/**
* Sample code: Update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
"myDiskEncryptionSet",
new DiskEncryptionSetUpdate()
.withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
.withRotationToLatestKeyVersionEnabled(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled_in_progress.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"identity": {"type": "SystemAssigned"},
"properties": {
"activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": True,
},
},
).result()
print(response)
# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/250861bb6a886b75255edfa0aa5ee2dd0d6e7a11/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Identity: &armcompute.EncryptionSetIdentity{
Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
RotationToLatestKeyVersionEnabled: to.Ptr(true),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
// PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
// {
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
// }},
// ProvisioningState: to.Ptr("Succeeded"),
// RotationToLatestKeyVersionEnabled: to.Ptr(true),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Updates (patches) a disk encryption set.
*
* @summary Updates (patches) a disk encryption set.
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
*/
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
const diskEncryptionSetName = "myDiskEncryptionSet";
const diskEncryptionSet = {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: { type: "SystemAssigned" },
rotationToLatestKeyVersionEnabled: true,
};
const credential = new DefaultAzureCredential();
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.beginUpdateAndWait(
resourceGroupName,
diskEncryptionSetName,
diskEncryptionSet,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Identity = new ManagedServiceIdentity("SystemAssigned"),
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2024-03-02
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
}
}
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true,
"previousKeys": [
{
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
}
],
"provisioningState": "Updating",
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
}
}
Update a disk encryption set.
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2024-03-02
{
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey"
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import com.azure.resourcemanager.compute.models.SourceVault;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/
* diskEncryptionSetExamples/DiskEncryptionSet_Update.json
*/
/**
* Sample code: Update a disk encryption set.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void updateADiskEncryptionSet(com.azure.resourcemanager.AzureResourceManager azure) {
azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
"myDiskEncryptionSet",
new DiskEncryptionSetUpdate().withTags(mapOf("department", "Development", "project", "Encryption"))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withSourceVault(new SourceVault().withId(
"/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
.withKeyUrl("fakeTokenPlaceholder")),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"properties": {
"activeKey": {
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
},
"tags": {"department": "Development", "project": "Encryption"},
},
).result()
print(response)
# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/250861bb6a886b75255edfa0aa5ee2dd0d6e7a11/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSet() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
SourceVault: &armcompute.SourceVault{
ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
},
Tags: map[string]*string{
"department": to.Ptr("Development"),
"project": to.Ptr("Encryption"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Tags: map[string]*string{
// "department": to.Ptr("Development"),
// "project": to.Ptr("Encryption"),
// },
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
// SourceVault: &armcompute.SourceVault{
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
// },
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
// PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Updates (patches) a disk encryption set.
*
* @summary Updates (patches) a disk encryption set.
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
*/
async function updateADiskEncryptionSet() {
const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
const diskEncryptionSetName = "myDiskEncryptionSet";
const diskEncryptionSet = {
activeKey: {
keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
sourceVault: {
id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
encryptionType: "EncryptionAtRestWithCustomerKey",
tags: { department: "Development", project: "Encryption" },
};
const credential = new DefaultAzureCredential();
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.beginUpdateAndWait(
resourceGroupName,
diskEncryptionSetName,
diskEncryptionSet,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2024-03-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Tags =
{
["department"] = "Development",
["project"] = "Encryption"
},
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"))
{
SourceVaultId = new ResourceIdentifier("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2024-03-02
{
"name": "myDiskEncryptionSet",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
{
"name": "myDiskEncryptionSet",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": [],
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
Definitions
| Name |
Description |
|
ApiError
|
Api error.
|
|
ApiErrorBase
|
Api error base.
|
|
CloudError
|
An error response from the Compute service.
|
|
DiskEncryptionSet
|
disk encryption set resource.
|
|
DiskEncryptionSetIdentityType
|
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
|
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
DiskEncryptionSetUpdate
|
disk encryption set update resource.
|
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
InnerError
|
Inner error details.
|
|
KeyForDiskEncryptionSet
|
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
|
|
SourceVault
|
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
|
|
UserAssignedIdentities
|
The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
ApiError
Object
Api error.
| Name |
Type |
Description |
|
code
|
string
|
The error code.
|
|
details
|
ApiErrorBase[]
|
The Api error details
|
|
innererror
|
InnerError
|
The Api inner error
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The target of the particular error.
|
ApiErrorBase
Object
Api error base.
| Name |
Type |
Description |
|
code
|
string
|
The error code.
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The target of the particular error.
|
CloudError
Object
An error response from the Compute service.
| Name |
Type |
Description |
|
error
|
ApiError
|
Api error.
|
DiskEncryptionSet
Object
disk encryption set resource.
| Name |
Type |
Description |
|
id
|
string
|
Resource Id
|
|
identity
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
location
|
string
|
Resource location
|
|
name
|
string
|
Resource name
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
The key vault key which is currently used by this disk encryption set.
|
|
properties.autoKeyRotationError
|
ApiError
|
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
properties.federatedClientId
|
string
|
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
|
|
properties.lastKeyRotationTimestamp
|
string
(date-time)
|
The time when the active key of this disk encryption set was updated.
|
|
properties.previousKeys
|
KeyForDiskEncryptionSet[]
|
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
|
|
properties.provisioningState
|
string
|
The disk encryption set provisioning state.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
|
|
tags
|
object
|
Resource tags
|
|
type
|
string
|
Resource type
|
DiskEncryptionSetIdentityType
Enumeration
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
| Value |
Description |
|
None
|
|
|
SystemAssigned
|
|
|
SystemAssigned, UserAssigned
|
|
|
UserAssigned
|
|
DiskEncryptionSetType
Enumeration
The type of key used to encrypt the data of the disk.
| Value |
Description |
|
ConfidentialVmEncryptedWithCustomerKey
|
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
|
|
EncryptionAtRestWithCustomerKey
|
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
|
|
EncryptionAtRestWithPlatformAndCustomerKeys
|
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
|
DiskEncryptionSetUpdate
Object
disk encryption set update resource.
| Name |
Type |
Description |
|
identity
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
properties.federatedClientId
|
string
|
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
|
|
tags
|
object
|
Resource tags
|
EncryptionSetIdentity
Object
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
| Name |
Type |
Description |
|
principalId
|
string
|
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
|
|
tenantId
|
string
|
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
|
|
type
|
DiskEncryptionSetIdentityType
|
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
InnerError
Object
Inner error details.
| Name |
Type |
Description |
|
errordetail
|
string
|
The internal error message or exception dump.
|
|
exceptiontype
|
string
|
The exception type.
|
KeyForDiskEncryptionSet
Object
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
| Name |
Type |
Description |
|
keyUrl
|
string
|
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
|
|
sourceVault
|
SourceVault
|
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
|
SourceVault
Object
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
| Name |
Type |
Description |
|
id
|
string
|
Resource Id
|
UserAssignedIdentities
Object
The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.