Hiermee wordt een schijfversleutelingsset bijgewerkt (gepatcht).
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}?api-version=2025-01-02
URI-parameters
| Name |
In |
Vereist |
Type |
Description |
|
diskEncryptionSetName
|
path |
True
|
string
|
De naam van de schijfversleutelingsset die wordt gemaakt. De naam kan niet worden gewijzigd nadat de schijfversleutelingsset is gemaakt. Ondersteunde tekens voor de naam zijn a-z, A-Z, 0-9, _ en -. De naam kan maximaal 80 tekens lang zijn.
|
|
resourceGroupName
|
path |
True
|
string
minLength: 1
maxLength: 90
|
De naam van de resourcegroep. De naam is hoofdletterongevoelig.
|
|
subscriptionId
|
path |
True
|
string
minLength: 1
|
De id van het doelabonnement.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
De API-versie die voor deze bewerking moet worden gebruikt.
|
Aanvraagbody
| Name |
Type |
Description |
|
identity
|
EncryptionSetIdentity
|
De beheerde identiteit voor de schijfversleutelingsset. Deze moet worden gemachtigd voor de sleutelkluis voordat deze kan worden gebruikt voor het versleutelen van schijven.
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
Key Vault Key-URL die moet worden gebruikt voor versleuteling aan de serverzijde van beheerde schijven en snapshots
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
Het type sleutel dat wordt gebruikt om de gegevens van de schijf te versleutelen.
|
|
properties.federatedClientId
|
string
|
Client-id voor toepassing met meerdere tenants voor toegang tot de sleutelkluis in een andere tenant. Als u de waarde instelt op 'Geen', wordt de eigenschap gewist.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Stel deze vlag in op true om automatisch bijwerken van deze schijfversleuteling in te schakelen op de meest recente sleutelversie.
|
|
tags
|
object
|
Resourcetags
|
Antwoorden
| Name |
Type |
Description |
|
200 OK
|
DiskEncryptionSet
|
Azure-bewerking is voltooid.
|
|
202 Accepted
|
DiskEncryptionSet
|
De aanvraag is geaccepteerd voor verwerking, maar de verwerking is nog niet voltooid.
Kopteksten
- Location: string
- Retry-After: integer
|
|
Other Status Codes
|
CloudError
|
Een onverwachte foutreactie.
|
Beveiliging
azure_auth
OAuth2-stroom voor Azure Active Directory.
Type:
oauth2
Stroom:
implicit
Autorisatie-URL:
https://login.microsoftonline.com/common/oauth2/authorize
Bereiken
| Name |
Description |
|
user_impersonation
|
Uw gebruikersaccount imiteren
|
Voorbeelden
update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded
Voorbeeldaanvraag
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/
* diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
*/
/**
* Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Succeeded.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
"myDiskEncryptionSet",
new DiskEncryptionSetUpdate()
.withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
.withRotationToLatestKeyVersionEnabled(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"identity": {"type": "SystemAssigned"},
"properties": {
"activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": True,
},
},
).result()
print(response)
# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7033e85e1f80ef5cd9ca664b538ed193a8fd815b/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Identity: &armcompute.EncryptionSetIdentity{
Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
RotationToLatestKeyVersionEnabled: to.Ptr(true),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
// ProvisioningState: to.Ptr("Succeeded"),
// RotationToLatestKeyVersionEnabled: to.Ptr(true),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Updates (patches) a disk encryption set.
*
* @summary Updates (patches) a disk encryption set.
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
*/
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueSucceeded() {
const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
const diskEncryptionSetName = "myDiskEncryptionSet";
const diskEncryptionSet = {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: { type: "SystemAssigned" },
rotationToLatestKeyVersionEnabled: true,
};
const credential = new DefaultAzureCredential();
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.beginUpdateAndWait(
resourceGroupName,
diskEncryptionSetName,
diskEncryptionSet,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabled.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Identity = new ManagedServiceIdentity("SystemAssigned"),
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/KeyVersion2"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true,
"provisioningState": "Succeeded",
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
}
}
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
}
}
update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating
Voorbeeldaanvraag
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetIdentityType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.EncryptionSetIdentity;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/
* diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
*/
/**
* Sample code: update a disk encryption set with rotationToLatestKeyVersionEnabled set to true - Updating.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
"myDiskEncryptionSet",
new DiskEncryptionSetUpdate()
.withIdentity(new EncryptionSetIdentity().withType(DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withKeyUrl("fakeTokenPlaceholder"))
.withRotationToLatestKeyVersionEnabled(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update_with_rotation_to_latest_key_version_enabled_in_progress.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"identity": {"type": "SystemAssigned"},
"properties": {
"activeKey": {"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": True,
},
},
).result()
print(response)
# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7033e85e1f80ef5cd9ca664b538ed193a8fd815b/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Identity: &armcompute.EncryptionSetIdentity{
Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
RotationToLatestKeyVersionEnabled: to.Ptr(true),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"),
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
// PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
// {
// KeyURL: to.Ptr("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"),
// }},
// ProvisioningState: to.Ptr("Succeeded"),
// RotationToLatestKeyVersionEnabled: to.Ptr(true),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Updates (patches) a disk encryption set.
*
* @summary Updates (patches) a disk encryption set.
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
*/
async function updateADiskEncryptionSetWithRotationToLatestKeyVersionEnabledSetToTrueUpdating() {
const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
const diskEncryptionSetName = "myDiskEncryptionSet";
const diskEncryptionSet = {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1",
},
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: { type: "SystemAssigned" },
rotationToLatestKeyVersionEnabled: true,
};
const credential = new DefaultAzureCredential();
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.beginUpdateAndWait(
resourceGroupName,
diskEncryptionSetName,
diskEncryptionSet,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update_WithRotationToLatestKeyVersionEnabledInProgress.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Identity = new ManagedServiceIdentity("SystemAssigned"),
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1")),
RotationToLatestKeyVersionEnabled = true,
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion2"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"rotationToLatestKeyVersionEnabled": true,
"previousKeys": [
{
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
}
],
"provisioningState": "Updating",
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
}
}
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"name": "myDiskEncryptionSet",
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"keyUrl": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/keyName/keyVersion1"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
}
}
update a disk encryption set.
Voorbeeldaanvraag
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey"
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
import com.azure.resourcemanager.compute.models.DiskEncryptionSetType;
import com.azure.resourcemanager.compute.models.DiskEncryptionSetUpdate;
import com.azure.resourcemanager.compute.models.KeyForDiskEncryptionSet;
import com.azure.resourcemanager.compute.models.SourceVault;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for DiskEncryptionSets Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/
* diskEncryptionSetExamples/DiskEncryptionSet_Update.json
*/
/**
* Sample code: update a disk encryption set.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void updateADiskEncryptionSet(com.azure.resourcemanager.AzureResourceManager azure) {
azure.virtualMachines().manager().serviceClient().getDiskEncryptionSets().update("myResourceGroup",
"myDiskEncryptionSet",
new DiskEncryptionSetUpdate().withTags(mapOf("department", "Development", "project", "Encryption"))
.withEncryptionType(DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY)
.withActiveKey(new KeyForDiskEncryptionSet().withSourceVault(new SourceVault().withId(
"/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
.withKeyUrl("fakeTokenPlaceholder")),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-compute
# USAGE
python disk_encryption_set_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ComputeManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.disk_encryption_sets.begin_update(
resource_group_name="myResourceGroup",
disk_encryption_set_name="myDiskEncryptionSet",
disk_encryption_set={
"properties": {
"activeKey": {
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
},
"tags": {"department": "Development", "project": "Encryption"},
},
).result()
print(response)
# x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcompute_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7033e85e1f80ef5cd9ca664b538ed193a8fd815b/specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
func ExampleDiskEncryptionSetsClient_BeginUpdate_updateADiskEncryptionSet() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcompute.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewDiskEncryptionSetsClient().BeginUpdate(ctx, "myResourceGroup", "myDiskEncryptionSet", armcompute.DiskEncryptionSetUpdate{
Properties: &armcompute.DiskEncryptionSetUpdateProperties{
ActiveKey: &armcompute.KeyForDiskEncryptionSet{
KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
SourceVault: &armcompute.SourceVault{
ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
},
EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
},
Tags: map[string]*string{
"department": to.Ptr("Development"),
"project": to.Ptr("Encryption"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DiskEncryptionSet = armcompute.DiskEncryptionSet{
// Name: to.Ptr("myDiskEncryptionSet"),
// Location: to.Ptr("West US"),
// Tags: map[string]*string{
// "department": to.Ptr("Development"),
// "project": to.Ptr("Encryption"),
// },
// Identity: &armcompute.EncryptionSetIdentity{
// Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
// },
// Properties: &armcompute.EncryptionSetProperties{
// ActiveKey: &armcompute.KeyForDiskEncryptionSet{
// KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"),
// SourceVault: &armcompute.SourceVault{
// ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
// },
// },
// EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-04-01T04:41:35.079Z"); return t}()),
// PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Updates (patches) a disk encryption set.
*
* @summary Updates (patches) a disk encryption set.
* x-ms-original-file: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
*/
async function updateADiskEncryptionSet() {
const subscriptionId = process.env["COMPUTE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["COMPUTE_RESOURCE_GROUP"] || "myResourceGroup";
const diskEncryptionSetName = "myDiskEncryptionSet";
const diskEncryptionSet = {
activeKey: {
keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion",
sourceVault: {
id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
encryptionType: "EncryptionAtRestWithCustomerKey",
tags: { department: "Development", project: "Encryption" },
};
const credential = new DefaultAzureCredential();
const client = new ComputeManagementClient(credential, subscriptionId);
const result = await client.diskEncryptionSets.beginUpdateAndWait(
resourceGroupName,
diskEncryptionSetName,
diskEncryptionSet,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;
// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/DiskRP/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Update.json
// this example is just showing the usage of "DiskEncryptionSets_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);
// invoke the operation
DiskEncryptionSetPatch patch = new DiskEncryptionSetPatch
{
Tags =
{
["department"] = "Development",
["project"] = "Encryption"
},
EncryptionType = DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
ActiveKey = new KeyForDiskEncryptionSet(new Uri("https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"))
{
SourceVaultId = new ResourceIdentifier("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
};
ArmOperation<DiskEncryptionSetResource> lro = await diskEncryptionSet.UpdateAsync(WaitUntil.Completed, patch);
DiskEncryptionSetResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "myDiskEncryptionSet",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": [],
"lastKeyRotationTimestamp": "2021-04-01T04:41:35.079872+00:00"
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
Location: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02
{
"name": "myDiskEncryptionSet",
"location": "West US",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"activeKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
},
"keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/keyName/keyVersion"
},
"encryptionType": "EncryptionAtRestWithCustomerKey",
"previousKeys": []
},
"tags": {
"department": "Development",
"project": "Encryption"
}
}
Definities
| Name |
Description |
|
ApiError
|
Api-fout.
|
|
ApiErrorBase
|
Api-foutbasis.
|
|
CloudError
|
Een foutreactie van de Compute-service.
|
|
createdByType
|
Het type identiteit waarmee de resource is gemaakt.
|
|
DiskEncryptionSet
|
Resource voor schijfversleutelingsset.
|
|
DiskEncryptionSetIdentityType
|
Het type beheerde identiteit dat wordt gebruikt door de DiskEncryptionSet. Alleen SystemAssigned wordt ondersteund voor nieuwe creaties. Schijfversleutelingssets kunnen worden bijgewerkt met identiteitstype Geen tijdens de migratie van het abonnement naar een nieuwe Azure Active Directory-tenant; dit zorgt ervoor dat de versleutelde resources geen toegang meer hebben tot de sleutels.
|
|
DiskEncryptionSetType
|
Het type sleutel dat wordt gebruikt om de gegevens van de schijf te versleutelen.
|
|
DiskEncryptionSetUpdate
|
Resource voor het bijwerken van de set voor schijfversleuteling.
|
|
EncryptionSetIdentity
|
De beheerde identiteit voor de schijfversleutelingsset. Deze moet worden gemachtigd voor de sleutelkluis voordat deze kan worden gebruikt voor het versleutelen van schijven.
|
|
InnerError
|
Interne foutdetails.
|
|
KeyForDiskEncryptionSet
|
Key Vault Key-URL die moet worden gebruikt voor versleuteling aan de serverzijde van beheerde schijven en snapshots
|
|
SourceVault
|
De kluis-id is een Azure Resource Manager-resource-id in de vorm /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
|
|
systemData
|
Metagegevens met betrekking tot het maken en de laatste wijziging van de resource.
|
|
UserAssignedIdentitiesValue
|
|
ApiError
Object
Api-fout.
| Name |
Type |
Description |
|
code
|
string
|
De foutcode.
|
|
details
|
ApiErrorBase[]
|
Details van de Api-fout
|
|
innererror
|
InnerError
|
De innerlijke fout van de Api
|
|
message
|
string
|
Het foutbericht.
|
|
target
|
string
|
Het doel van de specifieke fout.
|
ApiErrorBase
Object
Api-foutbasis.
| Name |
Type |
Description |
|
code
|
string
|
De foutcode.
|
|
message
|
string
|
Het foutbericht.
|
|
target
|
string
|
Het doel van de specifieke fout.
|
CloudError
Object
Een foutreactie van de Compute-service.
| Name |
Type |
Description |
|
error
|
ApiError
|
Api-fout.
|
createdByType
Opsomming
Het type identiteit waarmee de resource is gemaakt.
| Waarde |
Description |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
DiskEncryptionSet
Object
Resource voor schijfversleutelingsset.
| Name |
Type |
Description |
|
id
|
string
|
Volledig gekwalificeerde resource-id voor de resource. Vb.: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
EncryptionSetIdentity
|
De beheerde identiteit voor de schijfversleutelingsset. Deze moet worden gemachtigd voor de sleutelkluis voordat deze kan worden gebruikt voor het versleutelen van schijven.
|
|
location
|
string
|
De geografische locatie waar de resource zich bevindt
|
|
name
|
string
|
De naam van de resource
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
De sleutelkluissleutel die momenteel wordt gebruikt door deze schijfversleutelingsset.
|
|
properties.autoKeyRotationError
|
ApiError
|
De fout die optrad tijdens het draaien van de automatische toets. Als er een fout aanwezig is, wordt niet geprobeerd de automatische sleutel te roteren totdat de fout op deze schijfcoderingsset is verholpen.
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
Het type sleutel dat wordt gebruikt om de gegevens van de schijf te versleutelen.
|
|
properties.federatedClientId
|
string
|
Client-id voor toepassing met meerdere tenants voor toegang tot de sleutelkluis in een andere tenant. Als u de waarde instelt op 'Geen', wordt de eigenschap gewist.
|
|
properties.lastKeyRotationTimestamp
|
string
(date-time)
|
Het tijdstip waarop de actieve sleutel van deze schijfversleutelingsset is bijgewerkt.
|
|
properties.previousKeys
|
KeyForDiskEncryptionSet[]
|
Een alleen-lezen verzameling sleutelkluissleutels die eerder door deze schijfversleutelingsset zijn gebruikt terwijl een sleutelrotatie bezig is. Het is leeg als er geen doorlopende toetsrotatie is.
|
|
properties.provisioningState
|
string
|
De inrichtingsstatus van de schijfversleutelingsset is ingesteld.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Stel deze vlag in op true om automatisch bijwerken van deze schijfversleuteling in te schakelen op de meest recente sleutelversie.
|
|
systemData
|
systemData
|
Azure Resource Manager-metagegevens met createdBy- en modifiedBy-gegevens.
|
|
tags
|
object
|
Resourcetags.
|
|
type
|
string
|
Het type bron. Bijvoorbeeld 'Microsoft.Compute/virtualMachines' of 'Microsoft.Storage/storageAccounts'
|
DiskEncryptionSetIdentityType
Opsomming
Het type beheerde identiteit dat wordt gebruikt door de DiskEncryptionSet. Alleen SystemAssigned wordt ondersteund voor nieuwe creaties. Schijfversleutelingssets kunnen worden bijgewerkt met identiteitstype Geen tijdens de migratie van het abonnement naar een nieuwe Azure Active Directory-tenant; dit zorgt ervoor dat de versleutelde resources geen toegang meer hebben tot de sleutels.
| Waarde |
Description |
|
SystemAssigned
|
|
|
UserAssigned
|
|
|
SystemAssigned, UserAssigned
|
|
|
None
|
|
DiskEncryptionSetType
Opsomming
Het type sleutel dat wordt gebruikt om de gegevens van de schijf te versleutelen.
| Waarde |
Description |
|
EncryptionAtRestWithCustomerKey
|
Een bron die gebruikmaakt van diskEncryptionSet wordt in rust versleuteld met een door de klant beheerde sleutel die door een klant kan worden gewijzigd en ingetrokken.
|
|
EncryptionAtRestWithPlatformAndCustomerKeys
|
Bron die diskEncryptionSet gebruikt, wordt in rust versleuteld met twee versleutelingslagen. Een van de sleutels is Customer managed en de andere key is Platform managed.
|
|
ConfidentialVmEncryptedWithCustomerKey
|
Vertrouwelijke VM-ondersteunde schijf en VM-gaststatus worden versleuteld met een door de klant beheerde sleutel.
|
DiskEncryptionSetUpdate
Object
Resource voor het bijwerken van de set voor schijfversleuteling.
| Name |
Type |
Description |
|
identity
|
EncryptionSetIdentity
|
De beheerde identiteit voor de schijfversleutelingsset. Deze moet worden gemachtigd voor de sleutelkluis voordat deze kan worden gebruikt voor het versleutelen van schijven.
|
|
properties.activeKey
|
KeyForDiskEncryptionSet
|
Key Vault Key-URL die moet worden gebruikt voor versleuteling aan de serverzijde van beheerde schijven en snapshots
|
|
properties.encryptionType
|
DiskEncryptionSetType
|
Het type sleutel dat wordt gebruikt om de gegevens van de schijf te versleutelen.
|
|
properties.federatedClientId
|
string
|
Client-id voor toepassing met meerdere tenants voor toegang tot de sleutelkluis in een andere tenant. Als u de waarde instelt op 'Geen', wordt de eigenschap gewist.
|
|
properties.rotationToLatestKeyVersionEnabled
|
boolean
|
Stel deze vlag in op true om automatisch bijwerken van deze schijfversleuteling in te schakelen op de meest recente sleutelversie.
|
|
tags
|
object
|
Resourcetags
|
EncryptionSetIdentity
Object
De beheerde identiteit voor de schijfversleutelingsset. Deze moet worden gemachtigd voor de sleutelkluis voordat deze kan worden gebruikt voor het versleutelen van schijven.
| Name |
Type |
Description |
|
principalId
|
string
|
De object-id van de beheerde identiteitsresource. Dit wordt vanuit ARM naar de RP verzonden via de header x-ms-identity-principal-id in het PUT-verzoek als de bron een systemAssigned(impliciete) identiteit heeft
|
|
tenantId
|
string
|
De tenant-id van de Managed Identity Resource. Dit wordt vanuit ARM naar de RP verzonden via de header x-ms-client-tenant-id in het PUT-verzoek als de bron een systemAssigned(impliciete) identiteit heeft
|
|
type
|
DiskEncryptionSetIdentityType
|
Het type beheerde identiteit dat wordt gebruikt door de DiskEncryptionSet. Alleen SystemAssigned wordt ondersteund voor nieuwe creaties. Schijfversleutelingssets kunnen worden bijgewerkt met identiteitstype Geen tijdens de migratie van het abonnement naar een nieuwe Azure Active Directory-tenant; dit zorgt ervoor dat de versleutelde resources geen toegang meer hebben tot de sleutels.
|
|
userAssignedIdentities
|
<string,
UserAssignedIdentitiesValue>
|
De lijst met gebruikersidentiteiten die zijn gekoppeld aan de schijfversleutelingsset. De sleutelverwijzingen voor de gebruikersidentiteitswoordenlijst zijn ARM-resource-id's in de vorm: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.
|
InnerError
Object
Interne foutdetails.
| Name |
Type |
Description |
|
errordetail
|
string
|
De interne foutmelding of uitzonderingsdump.
|
|
exceptiontype
|
string
|
Het uitzonderingstype.
|
KeyForDiskEncryptionSet
Object
Key Vault Key-URL die moet worden gebruikt voor versleuteling aan de serverzijde van beheerde schijven en snapshots
| Name |
Type |
Description |
|
keyUrl
|
string
|
Volledige versie van de sleutel-URL die verwijst naar een sleutel in KeyVault. Versiesegment van de URL is vereist, ongeacht de waarde rotationToLatestKeyVersionEnabled.
|
|
sourceVault
|
SourceVault
|
Resource-id van de KeyVault die de sleutel of het geheim bevat. Deze eigenschap is optioneel en kan niet worden gebruikt als het KeyVault-abonnement niet hetzelfde is als het abonnement schijfversleutelingsset.
|
SourceVault
Object
De kluis-id is een Azure Resource Manager-resource-id in de vorm /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
| Name |
Type |
Description |
|
id
|
string
|
Resource-id
|
systemData
Object
Metagegevens met betrekking tot het maken en de laatste wijziging van de resource.
| Name |
Type |
Description |
|
createdAt
|
string
(date-time)
|
De tijdstempel van het maken van resources (UTC).
|
|
createdBy
|
string
|
De identiteit waarmee de resource is gemaakt.
|
|
createdByType
|
createdByType
|
Het type identiteit waarmee de resource is gemaakt.
|
|
lastModifiedAt
|
string
(date-time)
|
De tijdstempel van de laatste wijziging van de resource (UTC)
|
|
lastModifiedBy
|
string
|
De identiteit die de resource voor het laatst heeft gewijzigd.
|
|
lastModifiedByType
|
createdByType
|
Het type identiteit dat de resource voor het laatst heeft gewijzigd.
|
UserAssignedIdentitiesValue
Object
| Name |
Type |
Description |
|
clientId
|
string
|
De client-id van de door de gebruiker toegewezen identiteit.
|
|
principalId
|
string
|
De principal-id van de door de gebruiker toegewezen identiteit.
|