Updates (patches) a disk encryption set.
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}?api-version=2025-01-02
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
diskEncryptionSetName
|
path |
True
|
string
|
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
|
|
resourceGroupName
|
path |
True
|
string
minLength: 1 maxLength: 90
|
The name of the resource group. The name is case insensitive.
|
|
subscriptionId
|
path |
True
|
string
minLength: 1
|
The ID of the target subscription.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
The API version to use for this operation.
|
Request Body
| Name |
Type |
Description |
|
identity
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
properties.federatedClientId
|
string
|
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
|
|
tags
|
object
|
Resource tags
|
Responses
| Name |
Type |
Description |
|
200 OK
|
DiskEncryptionSet
|
Azure operation completed successfully.
|
|
202 Accepted
|
DiskEncryptionSet
|
The request has been accepted for processing, but processing has not yet completed.
Headers
- Location: string
- Retry-After: integer
|
|
Other Status Codes
|
CloudError
|
An unexpected error response.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file:
* 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
*/
/**
* Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded.
*
* @param manager Entry point to ComputeManager.
*/
public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded(
com.azure.resourcemanager.compute.ComputeManager manager) {
manager.serviceClient().getDiskEncryptionSets().update("myResourceGroup", "myDiskEncryptionSet",
new DiskEncryptionSetUpdate()
.withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
.withRotationToLatestKeyVersionEnabled(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"identity": {"type": "SystemAssigned"},
"properties": {
"activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": True,
},
},
).result()
print(response)
# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)
// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Identity: &armcompute.EncryptionSetIdentity{
Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
RotationToLatestKeyVersionEnabled: to.Ptr(true),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcompute.DiskEncryptionSetsClientUpdateResponse{
// DiskEncryptionSet: armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
// Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// RotationToLatestKeyVersionEnabled: to.Ptr(true),
// ProvisioningState: to.Ptr("Succeeded"),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079872+00:00"); return t}()),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to updates (patches) a disk encryption set.
*
* @summary updates (patches) a disk encryption set.
* x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
*/
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
const credential = new DefaultAzureCredential();
const subscriptionId = "{subscription-id}";
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.update("myResourceGroup", "myDiskEncryptionSet", {
identity: { type: "SystemAssigned" },
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
rotationToLatestKeyVersionEnabled: true,
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Identity = new ManagedServiceIdentity("SystemAssigned"),
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true,
"provisioningState": "Succeeded",
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
}
}
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
}
}
update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file:
* 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.
* json
*/
/**
* Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating.
*
* @param manager Entry point to ComputeManager.
*/
public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating(
com.azure.resourcemanager.compute.ComputeManager manager) {
manager.serviceClient().getDiskEncryptionSets().update("myResourceGroup", "myDiskEncryptionSet",
new DiskEncryptionSetUpdate()
.withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
.withRotationToLatestKeyVersionEnabled(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled_in_progress.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"identity": {"type": "SystemAssigned"},
"properties": {
"activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": True,
},
},
).result()
print(response)
# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)
// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Identity: &armcompute.EncryptionSetIdentity{
Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
RotationToLatestKeyVersionEnabled: to.Ptr(true),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcompute.DiskEncryptionSetsClientUpdateResponse{
// DiskEncryptionSet: armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
// Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// RotationToLatestKeyVersionEnabled: to.Ptr(true),
// PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
// {
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
// },
// },
// ProvisioningState: to.Ptr("Updating"),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079872+00:00"); return t}()),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to updates (patches) a disk encryption set.
*
* @summary updates (patches) a disk encryption set.
* x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
*/
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
const credential = new DefaultAzureCredential();
const subscriptionId = "{subscription-id}";
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.update("myResourceGroup", "myDiskEncryptionSet", {
identity: { type: "SystemAssigned" },
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
rotationToLatestKeyVersionEnabled: true,
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Identity = new ManagedServiceIdentity("SystemAssigned"),
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true,
"previousKeys": [
{
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
}
],
"provisioningState": "Updating",
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
}
}
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
}
}
update a disk encryption set.
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey"
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import com.azure.resourcemanager.compute.models.SourceVault;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
*/
/**
* Sample code: update a disk encryption set.
*
* @param manager Entry point to ComputeManager.
*/
public static void updateADiskEncryptionSet(com.azure.resourcemanager.compute.ComputeManager manager) {
manager.serviceClient().getDiskEncryptionSets().update("myResourceGroup", "myDiskEncryptionSet",
new DiskEncryptionSetUpdate().withTags(mapOf("department", "Development", "project", "Encryption"))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withSourceVault(new SourceVault().withId(
"/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
.withKeyUrl("fakeTokenPlaceholder")),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"properties": {
"activeKey": {
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
},
"tags": {"department": "Development", "project": "Encryption"},
},
).result()
print(response)
# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)
// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSet() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
SourceVault: &armcompute.SourceVault{
ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
},
Tags: map[string]*string{
"department": to.Ptr("Development"),
"project": to.Ptr("Encryption"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcompute.DiskEncryptionSetsClientUpdateResponse{
// DiskEncryptionSet: armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// SourceVault: &armcompute.SourceVault{
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
// },
// KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
// },
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079872+00:00"); return t}()),
// },
// Tags: map[string]*string{
// "department": to.Ptr("Development"),
// "project": to.Ptr("Encryption"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to updates (patches) a disk encryption set.
*
* @summary updates (patches) a disk encryption set.
* x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
*/
async function updateADiskEncryptionSet() {
const credential = new DefaultAzureCredential();
const subscriptionId = "{subscription-id}";
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.update("myResourceGroup", "myDiskEncryptionSet", {
activeKey: {
sourceVault: {
id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
tags: { department: "Development", project: "Encryption" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Tags =
{
["department"] = "Development",
["project"] = "Encryption"
},
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"))
{
SourceVaultId = new ResourceIdentifier("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"name": "myDiskEncryptionSet",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": [],
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"name": "myDiskEncryptionSet",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
Definitions
| Name |
Description |
|
ApiError
|
Api error.
|
|
ApiErrorBase
|
Api error base.
|
|
CloudError
|
An error response from the Compute service.
|
|
Common.UserAssignedIdentitiesValue
|
|
|
createdByType
|
The type of identity that created the resource.
|
|
DiskEncryptionSet
|
disk encryption set resource.
|
|
DiskEncryptionSetIdentityType
|
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
|
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
DiskEncryptionSetUpdate
|
disk encryption set update resource.
|
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
InnerError
|
Inner error details.
|
|
KeyForDiskEncryptionSet
|
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
|
|
SourceVault
|
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
|
|
systemData
|
Metadata pertaining to creation and last modification of the resource.
|
ApiError
Object
Api error.
| Name |
Type |
Description |
|
code
|
string
|
The error code.
|
|
details
|
ApiErrorBase[]
|
The Api error details
|
|
innererror
|
InnerError
|
The Api inner error
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The target of the particular error.
|
ApiErrorBase
Object
Api error base.
| Name |
Type |
Description |
|
code
|
string
|
The error code.
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The target of the particular error.
|
CloudError
Object
An error response from the Compute service.
| Name |
Type |
Description |
|
error
|
ApiError
|
Api error.
|
Common.UserAssignedIdentitiesValue
Object
| Name |
Type |
Description |
|
clientId
|
string
|
The client id of user assigned identity.
|
|
principalId
|
string
|
The principal id of user assigned identity.
|
createdByType
Enumeration
The type of identity that created the resource.
| Value |
Description |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
DiskEncryptionSet
Object
disk encryption set resource.
| Name |
Type |
Description |
|
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
location
|
string
|
The geo-location where the resource lives
|
|
name
|
string
|
The name of the resource
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
The key vault key which is currently used by this disk encryption set.
|
|
properties.autoKeyRotationError
|
ApiError
|
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
properties.federatedClientId
|
string
|
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
|
|
properties.lastKeyRotationTimestamp
|
string
(date-time)
|
The time when the active key of this disk encryption set was updated.
|
|
properties.previousKeys
|
KeyForDiskEncryptionSet[]
|
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
|
|
properties.provisioningState
|
string
|
The disk encryption set provisioning state.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
|
|
systemData
|
systemData
|
Azure Resource Manager metadata containing createdBy and modifiedBy information.
|
|
tags
|
object
|
Resource tags.
|
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
DiskEncryptionSetIdentityType
Enumeration
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
| Value |
Description |
|
SystemAssigned
|
|
|
UserAssigned
|
|
|
SystemAssigned, UserAssigned
|
|
|
None
|
|
DiskEncryptionSetType
Enumeration
The type of key used to encrypt the data of the disk.
| Value |
Description |
|
EncryptionAtRestWithCustomerKey
|
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
|
|
EncryptionAtRestWithPlatformAndCustomerKeys
|
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
|
|
ConfidentialVmEncryptedWithCustomerKey
|
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
|
DiskEncryptionSetUpdate
Object
disk encryption set update resource.
| Name |
Type |
Description |
|
identity
|
EncryptionSetIdentity
|
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
The type of key used to encrypt the data of the disk.
|
|
properties.federatedClientId
|
string
|
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
|
|
tags
|
object
|
Resource tags
|
EncryptionSetIdentity
Object
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
| Name |
Type |
Description |
|
principalId
|
string
|
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
|
|
tenantId
|
string
|
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
|
|
type
|
DiskEncryptionSetIdentityType
|
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
|
|
userAssignedIdentities
|
<string,
Common.UserAssignedIdentitiesValue>
|
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
InnerError
Object
Inner error details.
| Name |
Type |
Description |
|
errordetail
|
string
|
The internal error message or exception dump.
|
|
exceptiontype
|
string
|
The exception type.
|
KeyForDiskEncryptionSet
Object
Key Vault Key Url to be used for server side encryption of Managed Disks and Snapshots
| Name |
Type |
Description |
|
keyUrl
|
string
|
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
|
|
sourceVault
|
SourceVault
|
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
|
SourceVault
Object
The vault id is an Azure Resource Manager Resource id in the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
| Name |
Type |
Description |
|
id
|
string
|
Resource Id
|
systemData
Object
Metadata pertaining to creation and last modification of the resource.
| Name |
Type |
Description |
|
createdAt
|
string
(date-time)
|
The timestamp of resource creation (UTC).
|
|
createdBy
|
string
|
The identity that created the resource.
|
|
createdByType
|
createdByType
|
The type of identity that created the resource.
|
|
lastModifiedAt
|
string
(date-time)
|
The timestamp of resource last modification (UTC)
|
|
lastModifiedBy
|
string
|
The identity that last modified the resource.
|
|
lastModifiedByType
|
createdByType
|
The type of identity that last modified the resource.
|