Disk Encryption Sets - Get

服務:

Compute

API 版本:

2025-01-02

取得磁碟加密集的相關資訊。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}?api-version=2025-01-02

URI 參數

名稱	位於	必要	類型	Description
diskEncryptionSetName	path	True	string	正在建立的磁碟加密集名稱。 建立磁碟加密集之後，就無法變更名稱。 名稱的支援字元為 a-z、A-Z、0-9、_ 和 -。 最大名稱長度為 80 個字元。
resourceGroupName	path	True	string minLength: 1 maxLength: 90	資源群組的名稱。 名稱不區分大小寫。
subscriptionId	path	True	string minLength: 1	目標訂用帳戶的標識碼。
api-version	query	True	string minLength: 1	用於此作業的 API 版本。

回應

名稱	類型	Description
200 OK	DiskEncryptionSet	Azure 運作順利完成。
Other Status Codes	CloudError	未預期的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow.

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

get information about a disk encryption set when auto-key rotation failed.

get information about a disk encryption set.

get information about a disk encryption set when auto-key rotation failed.

範例要求

HTTP

GET https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

Java

/**
 * Samples for DiskEncryptionSets GetByResourceGroup.
 */
public final class Main {
    /*
     * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get_WithAutoKeyRotationError.json
     */
    /**
     * Sample code: get information about a disk encryption set when auto-key rotation failed.
     * 
     * @param manager Entry point to ComputeManager.
     */
    public static void getInformationAboutADiskEncryptionSetWhenAutoKeyRotationFailed(
        com.azure.resourcemanager.compute.ComputeManager manager) {
        manager.serviceClient().getDiskEncryptionSets().getByResourceGroupWithResponse("myResourceGroup",
            "myDiskEncryptionSet", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_get_with_auto_key_rotation_error.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.disk_encryption_sets.get(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
    )
    print(response)


# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get_WithAutoKeyRotationError.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)

// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get_WithAutoKeyRotationError.json
func ExampleDiskEncryptionSetsClient_Get_getInformationAboutADiskEncryptionSetWhenAutoKeyRotationFailed() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDiskEncryptionSetsClient().Get(ctx, "myResourceGroup", "myDiskEncryptionSet", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armcompute.DiskEncryptionSetsClientGetResponse{
	// 	DiskEncryptionSet: &armcompute.DiskEncryptionSet{
	// 		Identity: &armcompute.EncryptionSetIdentity{
	// 			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 		},
	// 		Properties: &armcompute.EncryptionSetProperties{
	// 			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 				SourceVault: &armcompute.SourceVault{
	// 					ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
	// 				},
	// 				KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
	// 			},
	// 			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 			PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
	// 			},
	// 			RotationToLatestKeyVersionEnabled: to.Ptr(true),
	// 			ProvisioningState: to.Ptr("Succeeded"),
	// 			AutoKeyRotationError: &armcompute.APIError{
	// 				Code: to.Ptr("ManagedServiceIdentityNotFound"),
	// 				Message: to.Ptr("Auto-key rotation was disabled as managed service identity associated with DiskEncryptionSet 'myDiskEncryptionSet' was not found. Please update the resource with correct identity to re-enable auto-key rotation."),
	// 			},
	// 		},
	// 		Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
	// 		Location: to.Ptr("westus"),
	// 		Tags: map[string]*string{
	// 			"department": to.Ptr("Development"),
	// 			"project": to.Ptr("Encryption"),
	// 		},
	// 		ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
	// 		Name: to.Ptr("myDiskEncryptionSet"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to gets information about a disk encryption set.
 *
 * @summary gets information about a disk encryption set.
 * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get_WithAutoKeyRotationError.json
 */
async function getInformationAboutADiskEncryptionSetWhenAutoKeyRotationFailed() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "{subscription-id}";
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.get("myResourceGroup", "myDiskEncryptionSet");
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Get_WithAutoKeyRotationError.json
// this example is just showing the usage of "DiskEncryptionSets_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetResource result = await diskEncryptionSet.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/{key}"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": [],
    "rotationToLatestKeyVersionEnabled": true,
    "provisioningState": "Succeeded",
    "autoKeyRotationError": {
      "code": "ManagedServiceIdentityNotFound",
      "message": "Auto-key rotation was disabled as managed service identity associated with DiskEncryptionSet 'myDiskEncryptionSet' was not found. Please update the resource with correct identity to re-enable auto-key rotation."
    }
  },
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "westus",
  "tags": {
    "department": "Development",
    "project": "Encryption"
  },
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "name": "myDiskEncryptionSet"
}

get information about a disk encryption set.

範例要求

HTTP

GET https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet?api-version=2025-01-02

Java

/**
 * Samples for DiskEncryptionSets GetByResourceGroup.
 */
public final class Main {
    /*
     * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get.json
     */
    /**
     * Sample code: get information about a disk encryption set.
     * 
     * @param manager Entry point to ComputeManager.
     */
    public static void getInformationAboutADiskEncryptionSet(com.azure.resourcemanager.compute.ComputeManager manager) {
        manager.serviceClient().getDiskEncryptionSets().getByResourceGroupWithResponse("myResourceGroup",
            "myDiskEncryptionSet", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential

from azure.mgmt.compute import ComputeManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-compute
# USAGE
    python disk_encryption_set_get.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ComputeManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.disk_encryption_sets.get(
        resource_group_name="myResourceGroup",
        disk_encryption_set_name="myDiskEncryptionSet",
    )
    print(response)


# x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcompute_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v8"
)

// Generated from example definition: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get.json
func ExampleDiskEncryptionSetsClient_Get_getInformationAboutADiskEncryptionSet() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcompute.NewClientFactory("{subscription-id}", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDiskEncryptionSetsClient().Get(ctx, "myResourceGroup", "myDiskEncryptionSet", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armcompute.DiskEncryptionSetsClientGetResponse{
	// 	DiskEncryptionSet: &armcompute.DiskEncryptionSet{
	// 		Identity: &armcompute.EncryptionSetIdentity{
	// 			Type: to.Ptr(armcompute.DiskEncryptionSetIdentityTypeSystemAssigned),
	// 		},
	// 		Properties: &armcompute.EncryptionSetProperties{
	// 			ActiveKey: &armcompute.KeyForDiskEncryptionSet{
	// 				SourceVault: &armcompute.SourceVault{
	// 					ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
	// 				},
	// 				KeyURL: to.Ptr("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
	// 			},
	// 			EncryptionType: to.Ptr(armcompute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
	// 			PreviousKeys: []*armcompute.KeyForDiskEncryptionSet{
	// 			},
	// 			ProvisioningState: to.Ptr("Succeeded"),
	// 		},
	// 		Type: to.Ptr("Microsoft.Compute/diskEncryptionSets"),
	// 		Location: to.Ptr("westus"),
	// 		Tags: map[string]*string{
	// 			"department": to.Ptr("Development"),
	// 			"project": to.Ptr("Encryption"),
	// 		},
	// 		ID: to.Ptr("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet"),
	// 		Name: to.Ptr("myDiskEncryptionSet"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ComputeManagementClient } = require("@azure/arm-compute");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to gets information about a disk encryption set.
 *
 * @summary gets information about a disk encryption set.
 * x-ms-original-file: 2025-01-02/diskEncryptionSetExamples/DiskEncryptionSet_Get.json
 */
async function getInformationAboutADiskEncryptionSet() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "{subscription-id}";
  const client = new ComputeManagementClient(credential, subscriptionId);
  const result = await client.diskEncryptionSets.get("myResourceGroup", "myDiskEncryptionSet");
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Compute.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Compute;

// Generated from example definition: specification/compute/resource-manager/Microsoft.Compute/Compute/stable/2025-01-02/examples/diskEncryptionSetExamples/DiskEncryptionSet_Get.json
// this example is just showing the usage of "DiskEncryptionSets_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DiskEncryptionSetResource created on azure
// for more information of creating DiskEncryptionSetResource, please refer to the document of DiskEncryptionSetResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "myResourceGroup";
string diskEncryptionSetName = "myDiskEncryptionSet";
ResourceIdentifier diskEncryptionSetResourceId = DiskEncryptionSetResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, diskEncryptionSetName);
DiskEncryptionSetResource diskEncryptionSet = client.GetDiskEncryptionSetResource(diskEncryptionSetResourceId);

// invoke the operation
DiskEncryptionSetResource result = await diskEncryptionSet.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DiskEncryptionSetData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "activeKey": {
      "sourceVault": {
        "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"
      },
      "keyUrl": "https://myvmvault.vault-int.azure-int.net/keys/{key}"
    },
    "encryptionType": "EncryptionAtRestWithCustomerKey",
    "previousKeys": [],
    "provisioningState": "Succeeded"
  },
  "type": "Microsoft.Compute/diskEncryptionSets",
  "location": "westus",
  "tags": {
    "department": "Development",
    "project": "Encryption"
  },
  "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/myDiskEncryptionSet",
  "name": "myDiskEncryptionSet"
}

定義

名稱	Description
ApiError	Api 錯誤。
ApiErrorBase	Api 錯誤基底。
CloudError	來自計算服務的錯誤回應。
Common.UserAssignedIdentitiesValue
createdByType	建立資源的身分識別類型。
DiskEncryptionSet	磁碟加密集資源。
DiskEncryptionSetIdentityType	DiskEncryptionSet 所使用的受控識別類型。 新建立僅支援 SystemAssigned。 磁碟加密集可在訂閱遷移至新 Azure Active Directory 租戶時更新為 Identity Type（無）;這會導致加密資源失去對金鑰的存取權。
DiskEncryptionSetType	用來加密磁碟數據的金鑰類型。
EncryptionSetIdentity	磁碟加密集的受控識別。 它應該授與金鑰保存庫的許可權，才能用來加密磁碟。
InnerError	內部錯誤詳細數據。
KeyForDiskEncryptionSet	要用於受控磁碟和快照集伺服器端加密的 Key Vault 金鑰 URL
SourceVault	保存庫標識符是 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName} 格式的 Azure Resource Manager 資源標識符
systemData	與建立和上次修改資源相關的元數據。

ApiError

Object

Api 錯誤。

名稱	類型	Description
code	string	錯誤碼。
details	ApiErrorBase[]	Api 錯誤詳細資料
innererror	InnerError	Api 內部錯誤
message	string	錯誤訊息。
target	string	特定錯誤的目標。

ApiErrorBase

Object

Api 錯誤基底。

名稱	類型	Description
code	string	錯誤碼。
message	string	錯誤訊息。
target	string	特定錯誤的目標。

CloudError

Object

來自計算服務的錯誤回應。

名稱	類型	Description
error	ApiError	Api 錯誤。

Common.UserAssignedIdentitiesValue

Object

名稱	類型	Description
clientId	string	使用者指派身分識別的用戶端標識碼。
principalId	string	使用者指派身分識別的主體標識碼。

createdByType

列舉型別

建立資源的身分識別類型。

值	Description
User
Application
ManagedIdentity
Key

DiskEncryptionSet

Object

磁碟加密集資源。

名稱	類型	Description
id	string	資源的完整資源標識碼。 例如 - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	EncryptionSetIdentity	磁碟加密集的受控識別。 它應該授與金鑰保存庫的許可權，才能用來加密磁碟。
location	string	資源所在的地理位置
name	string	資源的名稱
properties.activeKey	KeyForDiskEncryptionSet	此磁碟加密集目前使用的金鑰保存庫金鑰。
properties.autoKeyRotationError	ApiError	自動金鑰輪替期間遇到的錯誤。 如果存在錯誤，則在修復此磁碟加密集上的錯誤之前，不會嘗試自動金鑰輪替。
properties.encryptionType	DiskEncryptionSetType	用來加密磁碟數據的金鑰類型。
properties.federatedClientId	string	多租使用者應用程式用戶端識別碼，以存取不同租使用者中的密鑰保存庫。 將值設定為 『None』 將會清除 屬性。
properties.lastKeyRotationTimestamp	string (date-time)	此磁碟加密集的作用中金鑰更新的時間。
properties.previousKeys	KeyForDiskEncryptionSet[]	此磁碟加密集先前在金鑰輪替進行時使用的金鑰保存庫金鑰的唯讀集合。 如果沒有持續的按鍵輪換，它將是空的。
properties.provisioningState	string	磁碟加密集佈建狀態。
properties.rotationToLatestKeyVersionEnabled	boolean	將此旗標設定為 true，以啟用此磁碟加密設定為最新密鑰版本的自動更新。
systemData	systemData	Azure Resource Manager 包含 createdBy 與 modifiedBy 資訊的元資料。
tags	object	資源標籤。
type	string	資源的類型。 例如：「Microsoft。運算/虛擬機器」或「Microsoft」。儲存/儲存帳號」

DiskEncryptionSetIdentityType

列舉型別

DiskEncryptionSet 所使用的受控識別類型。 新建立僅支援 SystemAssigned。 磁碟加密集可在訂閱遷移至新 Azure Active Directory 租戶時更新為 Identity Type（無）;這會導致加密資源失去對金鑰的存取權。

值	Description
SystemAssigned
UserAssigned
SystemAssigned, UserAssigned
None

DiskEncryptionSetType

列舉型別

用來加密磁碟數據的金鑰類型。

值	Description
EncryptionAtRestWithCustomerKey	使用 diskEncryptionSet 的資源會在待用時使用客戶管理的金鑰進行加密，客戶可以變更和撤銷。
EncryptionAtRestWithPlatformAndCustomerKeys	使用 diskEncryptionSet 的資源會在靜態時使用兩層加密進行加密。 其中一個金鑰是客戶管理，另一個金鑰是平臺管理。
ConfidentialVmEncryptedWithCustomerKey	機密 VM 支援的磁碟和 VM 客體狀態會使用客戶自控金鑰進行加密。

EncryptionSetIdentity

Object

磁碟加密集的受控識別。 它應該授與金鑰保存庫的許可權，才能用來加密磁碟。

名稱	類型	Description
principalId	string	受控識別資源的物件識別碼。 如果資源具有 systemAssigned（隱含） 身分識別，則會透過 PUT 要求中的 x-ms-identity-principal-id 標頭從 ARM 傳送至 RP
tenantId	string	受控識別資源的租用戶識別碼。 如果資源具有 systemAssigned （隱含） 身分識別，則會透過 PUT 要求中的 x-ms-client-tenant-id 標頭從 ARM 傳送至 RP
type	DiskEncryptionSetIdentityType	DiskEncryptionSet 所使用的受控識別類型。 新建立僅支援 SystemAssigned。 磁碟加密集可在訂閱遷移至新 Azure Active Directory 租戶時更新為 Identity Type（無）;這會導致加密資源失去對金鑰的存取權。
userAssignedIdentities	<string,  Common.UserAssignedIdentitiesValue>	與磁碟加密集相關聯的使用者身分識別清單。 使用者身份字典的金鑰參考會是 ARM 資源 ID，格式為：'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft。ManagedIdentity/userAssignedIdentities/{identityName}'.

InnerError

Object

內部錯誤詳細數據。

名稱	類型	Description
errordetail	string	內部錯誤訊息或異常狀況傾出。
exceptiontype	string	例外狀況型別。

KeyForDiskEncryptionSet

Object

要用於受控磁碟和快照集伺服器端加密的 Key Vault 金鑰 URL

名稱	類型	Description
keyUrl	string	指向 KeyVault 中金鑰的完整版本金鑰 URL。 不論 rotationToLatestKeyVersionEnabled 值為何，都需要 URL 的版本區段。
sourceVault	SourceVault	包含金鑰或秘密之 KeyVault 的資源識別碼。 此屬性是選擇性的，如果 KeyVault 訂用帳戶與磁碟加密集訂用帳戶不同，則無法使用此屬性。

SourceVault

Object

保存庫標識符是 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName} 格式的 Azure Resource Manager 資源標識符

名稱	類型	Description
id	string	資源標識碼

systemData

Object

與建立和上次修改資源相關的元數據。

名稱	類型	Description
createdAt	string (date-time)	資源建立的時間戳（UTC）。
createdBy	string	建立資源的身分識別。
createdByType	createdByType	建立資源的身分識別類型。
lastModifiedAt	string (date-time)	資源上次修改的時間戳記 （UTC）
lastModifiedBy	string	上次修改資源的身分識別。
lastModifiedByType	createdByType	上次修改資源的身分識別類型。