1. Packages
  2. Azure Native v1
  3. API Docs
  4. compute
  5. DiskEncryptionSet
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

azure-native.compute.DiskEncryptionSet

Explore with Pulumi AI

azure-native-v1 logo
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

    disk encryption set resource. API Version: 2020-12-01.

    Example Usage

    Create a disk encryption set with key vault from a different subscription.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
        {
            ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
            {
                KeyUrl = "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
            },
            DiskEncryptionSetName = "myDiskEncryptionSet",
            EncryptionType = "EncryptionAtRestWithCustomerKey",
            Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
            {
                Type = "SystemAssigned",
            },
            Location = "West US",
            ResourceGroupName = "myResourceGroup",
        });
    
    });
    
    package main
    
    import (
    	compute "github.com/pulumi/pulumi-azure-native-sdk/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
    			ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
    				KeyUrl: pulumi.String("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"),
    			},
    			DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
    			EncryptionType:        pulumi.String("EncryptionAtRestWithCustomerKey"),
    			Identity: &compute.EncryptionSetIdentityArgs{
    				Type: pulumi.String("SystemAssigned"),
    			},
    			Location:          pulumi.String("West US"),
    			ResourceGroupName: pulumi.String("myResourceGroup"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.compute.DiskEncryptionSet;
    import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()        
                .activeKey(Map.of("keyUrl", "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"))
                .diskEncryptionSetName("myDiskEncryptionSet")
                .encryptionType("EncryptionAtRestWithCustomerKey")
                .identity(Map.of("type", "SystemAssigned"))
                .location("West US")
                .resourceGroupName("myResourceGroup")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
        active_key=azure_native.compute.KeyForDiskEncryptionSetArgs(
            key_url="https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
        ),
        disk_encryption_set_name="myDiskEncryptionSet",
        encryption_type="EncryptionAtRestWithCustomerKey",
        identity=azure_native.compute.EncryptionSetIdentityArgs(
            type="SystemAssigned",
        ),
        location="West US",
        resource_group_name="myResourceGroup")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
        activeKey: {
            keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
        },
        diskEncryptionSetName: "myDiskEncryptionSet",
        encryptionType: "EncryptionAtRestWithCustomerKey",
        identity: {
            type: "SystemAssigned",
        },
        location: "West US",
        resourceGroupName: "myResourceGroup",
    });
    
    resources:
      diskEncryptionSet:
        type: azure-native:compute:DiskEncryptionSet
        properties:
          activeKey:
            keyUrl: https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}
          diskEncryptionSetName: myDiskEncryptionSet
          encryptionType: EncryptionAtRestWithCustomerKey
          identity:
            type: SystemAssigned
          location: West US
          resourceGroupName: myResourceGroup
    

    Create a disk encryption set.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
        {
            ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
            {
                KeyUrl = "https://myvmvault.vault-int.azure-int.net/keys/{key}",
                SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
                {
                    Id = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
                },
            },
            DiskEncryptionSetName = "myDiskEncryptionSet",
            EncryptionType = "EncryptionAtRestWithCustomerKey",
            Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
            {
                Type = "SystemAssigned",
            },
            Location = "West US",
            ResourceGroupName = "myResourceGroup",
        });
    
    });
    
    package main
    
    import (
    	compute "github.com/pulumi/pulumi-azure-native-sdk/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
    			ActiveKey: compute.KeyForDiskEncryptionSetResponse{
    				KeyUrl: pulumi.String("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
    				SourceVault: &compute.SourceVaultArgs{
    					Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
    				},
    			},
    			DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
    			EncryptionType:        pulumi.String("EncryptionAtRestWithCustomerKey"),
    			Identity: &compute.EncryptionSetIdentityArgs{
    				Type: pulumi.String("SystemAssigned"),
    			},
    			Location:          pulumi.String("West US"),
    			ResourceGroupName: pulumi.String("myResourceGroup"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.compute.DiskEncryptionSet;
    import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()        
                .activeKey(Map.ofEntries(
                    Map.entry("keyUrl", "https://myvmvault.vault-int.azure-int.net/keys/{key}"),
                    Map.entry("sourceVault", Map.of("id", "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
                ))
                .diskEncryptionSetName("myDiskEncryptionSet")
                .encryptionType("EncryptionAtRestWithCustomerKey")
                .identity(Map.of("type", "SystemAssigned"))
                .location("West US")
                .resourceGroupName("myResourceGroup")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
        active_key=azure_native.compute.KeyForDiskEncryptionSetResponseArgs(
            key_url="https://myvmvault.vault-int.azure-int.net/keys/{key}",
            source_vault=azure_native.compute.SourceVaultArgs(
                id="/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
            ),
        ),
        disk_encryption_set_name="myDiskEncryptionSet",
        encryption_type="EncryptionAtRestWithCustomerKey",
        identity=azure_native.compute.EncryptionSetIdentityArgs(
            type="SystemAssigned",
        ),
        location="West US",
        resource_group_name="myResourceGroup")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
        activeKey: {
            keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/{key}",
            sourceVault: {
                id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
            },
        },
        diskEncryptionSetName: "myDiskEncryptionSet",
        encryptionType: "EncryptionAtRestWithCustomerKey",
        identity: {
            type: "SystemAssigned",
        },
        location: "West US",
        resourceGroupName: "myResourceGroup",
    });
    
    resources:
      diskEncryptionSet:
        type: azure-native:compute:DiskEncryptionSet
        properties:
          activeKey:
            keyUrl: https://myvmvault.vault-int.azure-int.net/keys/{key}
            sourceVault:
              id: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault
          diskEncryptionSetName: myDiskEncryptionSet
          encryptionType: EncryptionAtRestWithCustomerKey
          identity:
            type: SystemAssigned
          location: West US
          resourceGroupName: myResourceGroup
    

    Create DiskEncryptionSet Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DiskEncryptionSet(name: string, args: DiskEncryptionSetArgs, opts?: CustomResourceOptions);
    @overload
    def DiskEncryptionSet(resource_name: str,
                          args: DiskEncryptionSetArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def DiskEncryptionSet(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          resource_group_name: Optional[str] = None,
                          active_key: Optional[KeyForDiskEncryptionSetArgs] = None,
                          disk_encryption_set_name: Optional[str] = None,
                          encryption_type: Optional[Union[str, DiskEncryptionSetType]] = None,
                          identity: Optional[EncryptionSetIdentityArgs] = None,
                          location: Optional[str] = None,
                          rotation_to_latest_key_version_enabled: Optional[bool] = None,
                          tags: Optional[Mapping[str, str]] = None)
    func NewDiskEncryptionSet(ctx *Context, name string, args DiskEncryptionSetArgs, opts ...ResourceOption) (*DiskEncryptionSet, error)
    public DiskEncryptionSet(string name, DiskEncryptionSetArgs args, CustomResourceOptions? opts = null)
    public DiskEncryptionSet(String name, DiskEncryptionSetArgs args)
    public DiskEncryptionSet(String name, DiskEncryptionSetArgs args, CustomResourceOptions options)
    
    type: azure-native:compute:DiskEncryptionSet
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DiskEncryptionSetArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DiskEncryptionSetArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DiskEncryptionSetArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DiskEncryptionSetArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DiskEncryptionSetArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var diskEncryptionSetResource = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSetResource", new()
    {
        ResourceGroupName = "string",
        ActiveKey = 
        {
            { "keyUrl", "string" },
            { "sourceVault", 
            {
                { "id", "string" },
            } },
        },
        DiskEncryptionSetName = "string",
        EncryptionType = "string",
        Identity = 
        {
            { "type", "string" },
        },
        Location = "string",
        RotationToLatestKeyVersionEnabled = false,
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSetResource", &compute.DiskEncryptionSetArgs{
    	ResourceGroupName: "string",
    	ActiveKey: map[string]interface{}{
    		"keyUrl": "string",
    		"sourceVault": map[string]interface{}{
    			"id": "string",
    		},
    	},
    	DiskEncryptionSetName: "string",
    	EncryptionType:        "string",
    	Identity: map[string]interface{}{
    		"type": "string",
    	},
    	Location:                          "string",
    	RotationToLatestKeyVersionEnabled: false,
    	Tags: map[string]interface{}{
    		"string": "string",
    	},
    })
    
    var diskEncryptionSetResource = new DiskEncryptionSet("diskEncryptionSetResource", DiskEncryptionSetArgs.builder()
        .resourceGroupName("string")
        .activeKey(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .diskEncryptionSetName("string")
        .encryptionType("string")
        .identity(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .location("string")
        .rotationToLatestKeyVersionEnabled(false)
        .tags(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .build());
    
    disk_encryption_set_resource = azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource",
        resource_group_name=string,
        active_key={
            keyUrl: string,
            sourceVault: {
                id: string,
            },
        },
        disk_encryption_set_name=string,
        encryption_type=string,
        identity={
            type: string,
        },
        location=string,
        rotation_to_latest_key_version_enabled=False,
        tags={
            string: string,
        })
    
    const diskEncryptionSetResource = new azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource", {
        resourceGroupName: "string",
        activeKey: {
            keyUrl: "string",
            sourceVault: {
                id: "string",
            },
        },
        diskEncryptionSetName: "string",
        encryptionType: "string",
        identity: {
            type: "string",
        },
        location: "string",
        rotationToLatestKeyVersionEnabled: false,
        tags: {
            string: "string",
        },
    });
    
    type: azure-native:compute:DiskEncryptionSet
    properties:
        activeKey:
            keyUrl: string
            sourceVault:
                id: string
        diskEncryptionSetName: string
        encryptionType: string
        identity:
            type: string
        location: string
        resourceGroupName: string
        rotationToLatestKeyVersionEnabled: false
        tags:
            string: string
    

    DiskEncryptionSet Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DiskEncryptionSet resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group.
    ActiveKey Pulumi.AzureNative.Compute.Inputs.KeyForDiskEncryptionSet
    The key vault key which is currently used by this disk encryption set.
    DiskEncryptionSetName string
    The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
    EncryptionType string | Pulumi.AzureNative.Compute.DiskEncryptionSetType
    The type of key used to encrypt the data of the disk.
    Identity Pulumi.AzureNative.Compute.Inputs.EncryptionSetIdentity
    The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
    Location string
    Resource location
    RotationToLatestKeyVersionEnabled bool
    Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
    Tags Dictionary<string, string>
    Resource tags
    ResourceGroupName string
    The name of the resource group.
    ActiveKey KeyForDiskEncryptionSetArgs
    The key vault key which is currently used by this disk encryption set.
    DiskEncryptionSetName string
    The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
    EncryptionType string | DiskEncryptionSetType
    The type of key used to encrypt the data of the disk.
    Identity EncryptionSetIdentityArgs
    The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
    Location string
    Resource location
    RotationToLatestKeyVersionEnabled bool
    Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
    Tags map[string]string
    Resource tags
    resourceGroupName String
    The name of the resource group.
    activeKey KeyForDiskEncryptionSet
    The key vault key which is currently used by this disk encryption set.
    diskEncryptionSetName String
    The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
    encryptionType String | DiskEncryptionSetType
    The type of key used to encrypt the data of the disk.
    identity EncryptionSetIdentity
    The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
    location String
    Resource location
    rotationToLatestKeyVersionEnabled Boolean
    Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
    tags Map<String,String>
    Resource tags
    resourceGroupName string
    The name of the resource group.
    activeKey KeyForDiskEncryptionSet
    The key vault key which is currently used by this disk encryption set.
    diskEncryptionSetName string
    The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
    encryptionType string | DiskEncryptionSetType
    The type of key used to encrypt the data of the disk.
    identity EncryptionSetIdentity
    The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
    location string
    Resource location
    rotationToLatestKeyVersionEnabled boolean
    Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
    tags {[key: string]: string}
    Resource tags
    resource_group_name str
    The name of the resource group.
    active_key KeyForDiskEncryptionSetArgs
    The key vault key which is currently used by this disk encryption set.
    disk_encryption_set_name str
    The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
    encryption_type str | DiskEncryptionSetType
    The type of key used to encrypt the data of the disk.
    identity EncryptionSetIdentityArgs
    The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
    location str
    Resource location
    rotation_to_latest_key_version_enabled bool
    Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
    tags Mapping[str, str]
    Resource tags
    resourceGroupName String
    The name of the resource group.
    activeKey Property Map
    The key vault key which is currently used by this disk encryption set.
    diskEncryptionSetName String
    The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.
    encryptionType String | "EncryptionAtRestWithCustomerKey" | "EncryptionAtRestWithPlatformAndCustomerKeys"
    The type of key used to encrypt the data of the disk.
    identity Property Map
    The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
    location String
    Resource location
    rotationToLatestKeyVersionEnabled Boolean
    Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
    tags Map<String>
    Resource tags

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DiskEncryptionSet resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastKeyRotationTimestamp string
    The time when the active key of this disk encryption set was updated.
    Name string
    Resource name
    PreviousKeys List<Pulumi.AzureNative.Compute.Outputs.KeyForDiskEncryptionSetResponse>
    A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
    ProvisioningState string
    The disk encryption set provisioning state.
    Type string
    Resource type
    Id string
    The provider-assigned unique ID for this managed resource.
    LastKeyRotationTimestamp string
    The time when the active key of this disk encryption set was updated.
    Name string
    Resource name
    PreviousKeys []KeyForDiskEncryptionSetResponse
    A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
    ProvisioningState string
    The disk encryption set provisioning state.
    Type string
    Resource type
    id String
    The provider-assigned unique ID for this managed resource.
    lastKeyRotationTimestamp String
    The time when the active key of this disk encryption set was updated.
    name String
    Resource name
    previousKeys List<KeyForDiskEncryptionSetResponse>
    A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
    provisioningState String
    The disk encryption set provisioning state.
    type String
    Resource type
    id string
    The provider-assigned unique ID for this managed resource.
    lastKeyRotationTimestamp string
    The time when the active key of this disk encryption set was updated.
    name string
    Resource name
    previousKeys KeyForDiskEncryptionSetResponse[]
    A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
    provisioningState string
    The disk encryption set provisioning state.
    type string
    Resource type
    id str
    The provider-assigned unique ID for this managed resource.
    last_key_rotation_timestamp str
    The time when the active key of this disk encryption set was updated.
    name str
    Resource name
    previous_keys Sequence[KeyForDiskEncryptionSetResponse]
    A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
    provisioning_state str
    The disk encryption set provisioning state.
    type str
    Resource type
    id String
    The provider-assigned unique ID for this managed resource.
    lastKeyRotationTimestamp String
    The time when the active key of this disk encryption set was updated.
    name String
    Resource name
    previousKeys List<Property Map>
    A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
    provisioningState String
    The disk encryption set provisioning state.
    type String
    Resource type

    Supporting Types

    DiskEncryptionSetIdentityType, DiskEncryptionSetIdentityTypeArgs

    SystemAssigned
    SystemAssigned
    None
    None
    DiskEncryptionSetIdentityTypeSystemAssigned
    SystemAssigned
    DiskEncryptionSetIdentityTypeNone
    None
    SystemAssigned
    SystemAssigned
    None
    None
    SystemAssigned
    SystemAssigned
    None
    None
    SYSTEM_ASSIGNED
    SystemAssigned
    NONE
    None
    "SystemAssigned"
    SystemAssigned
    "None"
    None

    DiskEncryptionSetType, DiskEncryptionSetTypeArgs

    EncryptionAtRestWithCustomerKey
    EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
    EncryptionAtRestWithPlatformAndCustomerKeys
    EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
    DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey
    EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
    DiskEncryptionSetTypeEncryptionAtRestWithPlatformAndCustomerKeys
    EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
    EncryptionAtRestWithCustomerKey
    EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
    EncryptionAtRestWithPlatformAndCustomerKeys
    EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
    EncryptionAtRestWithCustomerKey
    EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
    EncryptionAtRestWithPlatformAndCustomerKeys
    EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
    ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY
    EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
    ENCRYPTION_AT_REST_WITH_PLATFORM_AND_CUSTOMER_KEYS
    EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
    "EncryptionAtRestWithCustomerKey"
    EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
    "EncryptionAtRestWithPlatformAndCustomerKeys"
    EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

    EncryptionSetIdentity, EncryptionSetIdentityArgs

    Type string | Pulumi.AzureNative.Compute.DiskEncryptionSetIdentityType
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    Type string | DiskEncryptionSetIdentityType
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    type String | DiskEncryptionSetIdentityType
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    type string | DiskEncryptionSetIdentityType
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    type str | DiskEncryptionSetIdentityType
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    type String | "SystemAssigned" | "None"
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

    EncryptionSetIdentityResponse, EncryptionSetIdentityResponseArgs

    PrincipalId string
    The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    TenantId string
    The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    Type string
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    PrincipalId string
    The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    TenantId string
    The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    Type string
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    principalId String
    The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    tenantId String
    The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    type String
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    principalId string
    The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    tenantId string
    The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    type string
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    principal_id str
    The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    tenant_id str
    The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    type str
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
    principalId String
    The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    tenantId String
    The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
    type String
    The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

    KeyForDiskEncryptionSet, KeyForDiskEncryptionSetArgs

    KeyUrl string
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    SourceVault Pulumi.AzureNative.Compute.Inputs.SourceVault
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    KeyUrl string
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    SourceVault SourceVault
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    keyUrl String
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    sourceVault SourceVault
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    keyUrl string
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    sourceVault SourceVault
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    key_url str
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    source_vault SourceVault
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    keyUrl String
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    sourceVault Property Map
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

    KeyForDiskEncryptionSetResponse, KeyForDiskEncryptionSetResponseArgs

    KeyUrl string
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    SourceVault Pulumi.AzureNative.Compute.Inputs.SourceVaultResponse
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    KeyUrl string
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    SourceVault SourceVaultResponse
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    keyUrl String
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    sourceVault SourceVaultResponse
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    keyUrl string
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    sourceVault SourceVaultResponse
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    key_url str
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    source_vault SourceVaultResponse
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
    keyUrl String
    Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
    sourceVault Property Map
    Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

    SourceVault, SourceVaultArgs

    Id string
    Resource Id
    Id string
    Resource Id
    id String
    Resource Id
    id string
    Resource Id
    id str
    Resource Id
    id String
    Resource Id

    SourceVaultResponse, SourceVaultResponseArgs

    Id string
    Resource Id
    Id string
    Resource Id
    id String
    Resource Id
    id string
    Resource Id
    id str
    Resource Id
    id String
    Resource Id

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:compute:DiskEncryptionSet myDiskEncryptionSet /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    azure-native-v1 pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native-v1 logo
    These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
    Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi