azure-native.compute.DiskEncryptionSet
Explore with Pulumi AI
disk encryption set resource. API Version: 2020-12-01.
Example Usage
Create a disk encryption set with key vault from a different subscription.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
{
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
DiskEncryptionSetName = "myDiskEncryptionSet",
EncryptionType = "EncryptionAtRestWithCustomerKey",
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = "SystemAssigned",
},
Location = "West US",
ResourceGroupName = "myResourceGroup",
});
});
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
KeyUrl: pulumi.String("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"),
},
DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
EncryptionType: pulumi.String("EncryptionAtRestWithCustomerKey"),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
.activeKey(Map.of("keyUrl", "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"))
.diskEncryptionSetName("myDiskEncryptionSet")
.encryptionType("EncryptionAtRestWithCustomerKey")
.identity(Map.of("type", "SystemAssigned"))
.location("West US")
.resourceGroupName("myResourceGroup")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
active_key=azure_native.compute.KeyForDiskEncryptionSetArgs(
key_url="https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
),
disk_encryption_set_name="myDiskEncryptionSet",
encryption_type="EncryptionAtRestWithCustomerKey",
identity=azure_native.compute.EncryptionSetIdentityArgs(
type="SystemAssigned",
),
location="West US",
resource_group_name="myResourceGroup")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
diskEncryptionSetName: "myDiskEncryptionSet",
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: {
type: "SystemAssigned",
},
location: "West US",
resourceGroupName: "myResourceGroup",
});
resources:
diskEncryptionSet:
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}
diskEncryptionSetName: myDiskEncryptionSet
encryptionType: EncryptionAtRestWithCustomerKey
identity:
type: SystemAssigned
location: West US
resourceGroupName: myResourceGroup
Create a disk encryption set.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
{
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "https://myvmvault.vault-int.azure-int.net/keys/{key}",
SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
DiskEncryptionSetName = "myDiskEncryptionSet",
EncryptionType = "EncryptionAtRestWithCustomerKey",
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = "SystemAssigned",
},
Location = "West US",
ResourceGroupName = "myResourceGroup",
});
});
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
ActiveKey: compute.KeyForDiskEncryptionSetResponse{
KeyUrl: pulumi.String("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
SourceVault: &compute.SourceVaultArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
},
DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
EncryptionType: pulumi.String("EncryptionAtRestWithCustomerKey"),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
.activeKey(Map.ofEntries(
Map.entry("keyUrl", "https://myvmvault.vault-int.azure-int.net/keys/{key}"),
Map.entry("sourceVault", Map.of("id", "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
))
.diskEncryptionSetName("myDiskEncryptionSet")
.encryptionType("EncryptionAtRestWithCustomerKey")
.identity(Map.of("type", "SystemAssigned"))
.location("West US")
.resourceGroupName("myResourceGroup")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
active_key=azure_native.compute.KeyForDiskEncryptionSetResponseArgs(
key_url="https://myvmvault.vault-int.azure-int.net/keys/{key}",
source_vault=azure_native.compute.SourceVaultArgs(
id="/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
),
),
disk_encryption_set_name="myDiskEncryptionSet",
encryption_type="EncryptionAtRestWithCustomerKey",
identity=azure_native.compute.EncryptionSetIdentityArgs(
type="SystemAssigned",
),
location="West US",
resource_group_name="myResourceGroup")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
activeKey: {
keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/{key}",
sourceVault: {
id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
diskEncryptionSetName: "myDiskEncryptionSet",
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: {
type: "SystemAssigned",
},
location: "West US",
resourceGroupName: "myResourceGroup",
});
resources:
diskEncryptionSet:
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: https://myvmvault.vault-int.azure-int.net/keys/{key}
sourceVault:
id: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault
diskEncryptionSetName: myDiskEncryptionSet
encryptionType: EncryptionAtRestWithCustomerKey
identity:
type: SystemAssigned
location: West US
resourceGroupName: myResourceGroup
Create DiskEncryptionSet Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DiskEncryptionSet(name: string, args: DiskEncryptionSetArgs, opts?: CustomResourceOptions);
@overload
def DiskEncryptionSet(resource_name: str,
args: DiskEncryptionSetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DiskEncryptionSet(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
active_key: Optional[KeyForDiskEncryptionSetArgs] = None,
disk_encryption_set_name: Optional[str] = None,
encryption_type: Optional[Union[str, DiskEncryptionSetType]] = None,
identity: Optional[EncryptionSetIdentityArgs] = None,
location: Optional[str] = None,
rotation_to_latest_key_version_enabled: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None)
func NewDiskEncryptionSet(ctx *Context, name string, args DiskEncryptionSetArgs, opts ...ResourceOption) (*DiskEncryptionSet, error)
public DiskEncryptionSet(string name, DiskEncryptionSetArgs args, CustomResourceOptions? opts = null)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args, CustomResourceOptions options)
type: azure-native:compute:DiskEncryptionSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var diskEncryptionSetResource = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSetResource", new()
{
ResourceGroupName = "string",
ActiveKey =
{
{ "keyUrl", "string" },
{ "sourceVault",
{
{ "id", "string" },
} },
},
DiskEncryptionSetName = "string",
EncryptionType = "string",
Identity =
{
{ "type", "string" },
},
Location = "string",
RotationToLatestKeyVersionEnabled = false,
Tags =
{
{ "string", "string" },
},
});
example, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSetResource", &compute.DiskEncryptionSetArgs{
ResourceGroupName: "string",
ActiveKey: map[string]interface{}{
"keyUrl": "string",
"sourceVault": map[string]interface{}{
"id": "string",
},
},
DiskEncryptionSetName: "string",
EncryptionType: "string",
Identity: map[string]interface{}{
"type": "string",
},
Location: "string",
RotationToLatestKeyVersionEnabled: false,
Tags: map[string]interface{}{
"string": "string",
},
})
var diskEncryptionSetResource = new DiskEncryptionSet("diskEncryptionSetResource", DiskEncryptionSetArgs.builder()
.resourceGroupName("string")
.activeKey(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.diskEncryptionSetName("string")
.encryptionType("string")
.identity(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.location("string")
.rotationToLatestKeyVersionEnabled(false)
.tags(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build());
disk_encryption_set_resource = azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource",
resource_group_name=string,
active_key={
keyUrl: string,
sourceVault: {
id: string,
},
},
disk_encryption_set_name=string,
encryption_type=string,
identity={
type: string,
},
location=string,
rotation_to_latest_key_version_enabled=False,
tags={
string: string,
})
const diskEncryptionSetResource = new azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource", {
resourceGroupName: "string",
activeKey: {
keyUrl: "string",
sourceVault: {
id: "string",
},
},
diskEncryptionSetName: "string",
encryptionType: "string",
identity: {
type: "string",
},
location: "string",
rotationToLatestKeyVersionEnabled: false,
tags: {
string: "string",
},
});
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: string
sourceVault:
id: string
diskEncryptionSetName: string
encryptionType: string
identity:
type: string
location: string
resourceGroupName: string
rotationToLatestKeyVersionEnabled: false
tags:
string: string
DiskEncryptionSet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DiskEncryptionSet resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group.
- Active
Key Pulumi.Azure Native. Compute. Inputs. Key For Disk Encryption Set - The key vault key which is currently used by this disk encryption set.
- Disk
Encryption stringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
- Encryption
Type string | Pulumi.Azure Native. Compute. Disk Encryption Set Type - The type of key used to encrypt the data of the disk.
- Identity
Pulumi.
Azure Native. Compute. Inputs. Encryption Set Identity - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- Location string
- Resource location
- Rotation
To boolLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Dictionary<string, string>
- Resource tags
- Resource
Group stringName - The name of the resource group.
- Active
Key KeyFor Disk Encryption Set Args - The key vault key which is currently used by this disk encryption set.
- Disk
Encryption stringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
- Encryption
Type string | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- Identity
Encryption
Set Identity Args - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- Location string
- Resource location
- Rotation
To boolLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- map[string]string
- Resource tags
- resource
Group StringName - The name of the resource group.
- active
Key KeyFor Disk Encryption Set - The key vault key which is currently used by this disk encryption set.
- disk
Encryption StringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
- encryption
Type String | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- identity
Encryption
Set Identity - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location String
- Resource location
- rotation
To BooleanLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Map<String,String>
- Resource tags
- resource
Group stringName - The name of the resource group.
- active
Key KeyFor Disk Encryption Set - The key vault key which is currently used by this disk encryption set.
- disk
Encryption stringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
- encryption
Type string | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- identity
Encryption
Set Identity - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location string
- Resource location
- rotation
To booleanLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- {[key: string]: string}
- Resource tags
- resource_
group_ strname - The name of the resource group.
- active_
key KeyFor Disk Encryption Set Args - The key vault key which is currently used by this disk encryption set.
- disk_
encryption_ strset_ name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
- encryption_
type str | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- identity
Encryption
Set Identity Args - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location str
- Resource location
- rotation_
to_ boollatest_ key_ version_ enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Mapping[str, str]
- Resource tags
- resource
Group StringName - The name of the resource group.
- active
Key Property Map - The key vault key which is currently used by this disk encryption set.
- disk
Encryption StringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
- encryption
Type String | "EncryptionAt Rest With Customer Key" | "Encryption At Rest With Platform And Customer Keys" - The type of key used to encrypt the data of the disk.
- identity Property Map
- The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location String
- Resource location
- rotation
To BooleanLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Map<String>
- Resource tags
Outputs
All input properties are implicitly available as output properties. Additionally, the DiskEncryptionSet resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Key stringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- Name string
- Resource name
- Previous
Keys List<Pulumi.Azure Native. Compute. Outputs. Key For Disk Encryption Set Response> - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- Provisioning
State string - The disk encryption set provisioning state.
- Type string
- Resource type
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Key stringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- Name string
- Resource name
- Previous
Keys []KeyFor Disk Encryption Set Response - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- Provisioning
State string - The disk encryption set provisioning state.
- Type string
- Resource type
- id String
- The provider-assigned unique ID for this managed resource.
- last
Key StringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- name String
- Resource name
- previous
Keys List<KeyFor Disk Encryption Set Response> - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State String - The disk encryption set provisioning state.
- type String
- Resource type
- id string
- The provider-assigned unique ID for this managed resource.
- last
Key stringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- name string
- Resource name
- previous
Keys KeyFor Disk Encryption Set Response[] - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State string - The disk encryption set provisioning state.
- type string
- Resource type
- id str
- The provider-assigned unique ID for this managed resource.
- last_
key_ strrotation_ timestamp - The time when the active key of this disk encryption set was updated.
- name str
- Resource name
- previous_
keys Sequence[KeyFor Disk Encryption Set Response] - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning_
state str - The disk encryption set provisioning state.
- type str
- Resource type
- id String
- The provider-assigned unique ID for this managed resource.
- last
Key StringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- name String
- Resource name
- previous
Keys List<Property Map> - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State String - The disk encryption set provisioning state.
- type String
- Resource type
Supporting Types
DiskEncryptionSetIdentityType, DiskEncryptionSetIdentityTypeArgs
- System
Assigned - SystemAssigned
- None
- None
- Disk
Encryption Set Identity Type System Assigned - SystemAssigned
- Disk
Encryption Set Identity Type None - None
- System
Assigned - SystemAssigned
- None
- None
- System
Assigned - SystemAssigned
- None
- None
- SYSTEM_ASSIGNED
- SystemAssigned
- NONE
- None
- "System
Assigned" - SystemAssigned
- "None"
- None
DiskEncryptionSetType, DiskEncryptionSetTypeArgs
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Disk
Encryption Set Type Encryption At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Disk
Encryption Set Type Encryption At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY
- EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- ENCRYPTION_AT_REST_WITH_PLATFORM_AND_CUSTOMER_KEYS
- EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- "Encryption
At Rest With Customer Key" - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- "Encryption
At Rest With Platform And Customer Keys" - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
EncryptionSetIdentity, EncryptionSetIdentityArgs
- Type
string | Pulumi.
Azure Native. Compute. Disk Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- Type
string | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- type
String | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- type
string | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- type
str | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- type
String | "System
Assigned" | "None" - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
EncryptionSetIdentityResponse, EncryptionSetIdentityResponseArgs
- Principal
Id string - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Tenant
Id string - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Type string
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- Principal
Id string - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Tenant
Id string - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Type string
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- principal
Id String - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id String - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type String
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- principal
Id string - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id string - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type string
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- principal_
id str - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant_
id str - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type str
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- principal
Id String - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id String - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type String
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
KeyForDiskEncryptionSet, KeyForDiskEncryptionSetArgs
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault Pulumi.Azure Native. Compute. Inputs. Source Vault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key_
url str - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source_
vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault Property Map - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
KeyForDiskEncryptionSetResponse, KeyForDiskEncryptionSetResponseArgs
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault Pulumi.Azure Native. Compute. Inputs. Source Vault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key_
url str - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source_
vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault Property Map - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
SourceVault, SourceVaultArgs
- Id string
- Resource Id
- Id string
- Resource Id
- id String
- Resource Id
- id string
- Resource Id
- id str
- Resource Id
- id String
- Resource Id
SourceVaultResponse, SourceVaultResponseArgs
- Id string
- Resource Id
- Id string
- Resource Id
- id String
- Resource Id
- id string
- Resource Id
- id str
- Resource Id
- id String
- Resource Id
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:compute:DiskEncryptionSet myDiskEncryptionSet /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0