Docs Home
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.7.1 published on Wednesday, Aug 13, 2025 by Pulumi
azure-native.compute.DiskEncryptionSet
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.7.1 published on Wednesday, Aug 13, 2025 by Pulumi
disk encryption set resource.
Uses Azure REST API version 2024-03-02. In version 2.x of the Azure Native provider, it used API version 2022-07-02.
Other available API versions: 2022-07-02, 2023-01-02, 2023-04-02, 2023-10-02, 2025-01-02. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native compute [ApiVersion]. See the version guide for details.
Example Usage
create a disk encryption set with key vault from a different subscription.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
{
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
DiskEncryptionSetName = "myDiskEncryptionSet",
EncryptionType = AzureNative.Compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = AzureNative.Compute.DiskEncryptionSetIdentityType.SystemAssigned,
},
Location = "West US",
ResourceGroupName = "myResourceGroup",
});
});
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
KeyUrl: pulumi.String("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"),
},
DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
EncryptionType: pulumi.String(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String(compute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.KeyForDiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.EncryptionSetIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
.activeKey(KeyForDiskEncryptionSetArgs.builder()
.keyUrl("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}")
.build())
.diskEncryptionSetName("myDiskEncryptionSet")
.encryptionType("EncryptionAtRestWithCustomerKey")
.identity(EncryptionSetIdentityArgs.builder()
.type("SystemAssigned")
.build())
.location("West US")
.resourceGroupName("myResourceGroup")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
diskEncryptionSetName: "myDiskEncryptionSet",
encryptionType: azure_native.compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
identity: {
type: azure_native.compute.DiskEncryptionSetIdentityType.SystemAssigned,
},
location: "West US",
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
active_key={
"key_url": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
disk_encryption_set_name="myDiskEncryptionSet",
encryption_type=azure_native.compute.DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY,
identity={
"type": azure_native.compute.DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED,
},
location="West US",
resource_group_name="myResourceGroup")
resources:
diskEncryptionSet:
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}
diskEncryptionSetName: myDiskEncryptionSet
encryptionType: EncryptionAtRestWithCustomerKey
identity:
type: SystemAssigned
location: West US
resourceGroupName: myResourceGroup
create a disk encryption set.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
{
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "https://myvmvault.vault-int.azure-int.net/keys/{key}",
SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
DiskEncryptionSetName = "myDiskEncryptionSet",
EncryptionType = AzureNative.Compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = AzureNative.Compute.DiskEncryptionSetIdentityType.SystemAssigned,
},
Location = "West US",
ResourceGroupName = "myResourceGroup",
});
});
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
KeyUrl: pulumi.String("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
SourceVault: &compute.SourceVaultArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
},
DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
EncryptionType: pulumi.String(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String(compute.DiskEncryptionSetIdentityTypeSystemAssigned),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.KeyForDiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.SourceVaultArgs;
import com.pulumi.azurenative.compute.inputs.EncryptionSetIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
.activeKey(KeyForDiskEncryptionSetArgs.builder()
.keyUrl("https://myvmvault.vault-int.azure-int.net/keys/{key}")
.sourceVault(SourceVaultArgs.builder()
.id("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault")
.build())
.build())
.diskEncryptionSetName("myDiskEncryptionSet")
.encryptionType("EncryptionAtRestWithCustomerKey")
.identity(EncryptionSetIdentityArgs.builder()
.type("SystemAssigned")
.build())
.location("West US")
.resourceGroupName("myResourceGroup")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
activeKey: {
keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/{key}",
sourceVault: {
id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
diskEncryptionSetName: "myDiskEncryptionSet",
encryptionType: azure_native.compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
identity: {
type: azure_native.compute.DiskEncryptionSetIdentityType.SystemAssigned,
},
location: "West US",
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
active_key={
"key_url": "https://myvmvault.vault-int.azure-int.net/keys/{key}",
"source_vault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
disk_encryption_set_name="myDiskEncryptionSet",
encryption_type=azure_native.compute.DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY,
identity={
"type": azure_native.compute.DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED,
},
location="West US",
resource_group_name="myResourceGroup")
resources:
diskEncryptionSet:
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: https://myvmvault.vault-int.azure-int.net/keys/{key}
sourceVault:
id: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault
diskEncryptionSetName: myDiskEncryptionSet
encryptionType: EncryptionAtRestWithCustomerKey
identity:
type: SystemAssigned
location: West US
resourceGroupName: myResourceGroup
Create DiskEncryptionSet Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DiskEncryptionSet(name: string, args: DiskEncryptionSetArgs, opts?: CustomResourceOptions);@overload
def DiskEncryptionSet(resource_name: str,
args: DiskEncryptionSetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DiskEncryptionSet(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
active_key: Optional[KeyForDiskEncryptionSetArgs] = None,
disk_encryption_set_name: Optional[str] = None,
encryption_type: Optional[Union[str, DiskEncryptionSetType]] = None,
federated_client_id: Optional[str] = None,
identity: Optional[EncryptionSetIdentityArgs] = None,
location: Optional[str] = None,
rotation_to_latest_key_version_enabled: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None)func NewDiskEncryptionSet(ctx *Context, name string, args DiskEncryptionSetArgs, opts ...ResourceOption) (*DiskEncryptionSet, error)public DiskEncryptionSet(string name, DiskEncryptionSetArgs args, CustomResourceOptions? opts = null)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args, CustomResourceOptions options)
type: azure-native:compute:DiskEncryptionSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var diskEncryptionSetResource = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSetResource", new()
{
ResourceGroupName = "string",
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "string",
SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
{
Id = "string",
},
},
DiskEncryptionSetName = "string",
EncryptionType = "string",
FederatedClientId = "string",
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = "string",
UserAssignedIdentities = new[]
{
"string",
},
},
Location = "string",
RotationToLatestKeyVersionEnabled = false,
Tags =
{
{ "string", "string" },
},
});
example, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSetResource", &compute.DiskEncryptionSetArgs{
ResourceGroupName: pulumi.String("string"),
ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
KeyUrl: pulumi.String("string"),
SourceVault: &compute.SourceVaultArgs{
Id: pulumi.String("string"),
},
},
DiskEncryptionSetName: pulumi.String("string"),
EncryptionType: pulumi.String("string"),
FederatedClientId: pulumi.String("string"),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String("string"),
UserAssignedIdentities: pulumi.StringArray{
pulumi.String("string"),
},
},
Location: pulumi.String("string"),
RotationToLatestKeyVersionEnabled: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var diskEncryptionSetResource = new DiskEncryptionSet("diskEncryptionSetResource", DiskEncryptionSetArgs.builder()
.resourceGroupName("string")
.activeKey(KeyForDiskEncryptionSetArgs.builder()
.keyUrl("string")
.sourceVault(SourceVaultArgs.builder()
.id("string")
.build())
.build())
.diskEncryptionSetName("string")
.encryptionType("string")
.federatedClientId("string")
.identity(EncryptionSetIdentityArgs.builder()
.type("string")
.userAssignedIdentities("string")
.build())
.location("string")
.rotationToLatestKeyVersionEnabled(false)
.tags(Map.of("string", "string"))
.build());
disk_encryption_set_resource = azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource",
resource_group_name="string",
active_key={
"key_url": "string",
"source_vault": {
"id": "string",
},
},
disk_encryption_set_name="string",
encryption_type="string",
federated_client_id="string",
identity={
"type": "string",
"user_assigned_identities": ["string"],
},
location="string",
rotation_to_latest_key_version_enabled=False,
tags={
"string": "string",
})
const diskEncryptionSetResource = new azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource", {
resourceGroupName: "string",
activeKey: {
keyUrl: "string",
sourceVault: {
id: "string",
},
},
diskEncryptionSetName: "string",
encryptionType: "string",
federatedClientId: "string",
identity: {
type: "string",
userAssignedIdentities: ["string"],
},
location: "string",
rotationToLatestKeyVersionEnabled: false,
tags: {
string: "string",
},
});
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: string
sourceVault:
id: string
diskEncryptionSetName: string
encryptionType: string
federatedClientId: string
identity:
type: string
userAssignedIdentities:
- string
location: string
resourceGroupName: string
rotationToLatestKeyVersionEnabled: false
tags:
string: string
DiskEncryptionSet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DiskEncryptionSet resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Active
Key Pulumi.Azure Native. Compute. Inputs. Key For Disk Encryption Set - The key vault key which is currently used by this disk encryption set.
- Disk
Encryption stringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- Encryption
Type string | Pulumi.Azure Native. Compute. Disk Encryption Set Type - The type of key used to encrypt the data of the disk.
- Federated
Client stringId - Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- Identity
Pulumi.
Azure Native. Compute. Inputs. Encryption Set Identity - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- Location string
- The geo-location where the resource lives
- Rotation
To boolLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Dictionary<string, string>
- Resource tags.
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Active
Key KeyFor Disk Encryption Set Args - The key vault key which is currently used by this disk encryption set.
- Disk
Encryption stringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- Encryption
Type string | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- Federated
Client stringId - Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- Identity
Encryption
Set Identity Args - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- Location string
- The geo-location where the resource lives
- Rotation
To boolLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- map[string]string
- Resource tags.
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- active
Key KeyFor Disk Encryption Set - The key vault key which is currently used by this disk encryption set.
- disk
Encryption StringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption
Type String | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- federated
Client StringId - Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity
Encryption
Set Identity - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location String
- The geo-location where the resource lives
- rotation
To BooleanLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Map<String,String>
- Resource tags.
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- active
Key KeyFor Disk Encryption Set - The key vault key which is currently used by this disk encryption set.
- disk
Encryption stringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption
Type string | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- federated
Client stringId - Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity
Encryption
Set Identity - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location string
- The geo-location where the resource lives
- rotation
To booleanLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- {[key: string]: string}
- Resource tags.
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- active_
key KeyFor Disk Encryption Set Args - The key vault key which is currently used by this disk encryption set.
- disk_
encryption_ strset_ name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption_
type str | DiskEncryption Set Type - The type of key used to encrypt the data of the disk.
- federated_
client_ strid - Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity
Encryption
Set Identity Args - The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location str
- The geo-location where the resource lives
- rotation_
to_ boollatest_ key_ version_ enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Mapping[str, str]
- Resource tags.
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- active
Key Property Map - The key vault key which is currently used by this disk encryption set.
- disk
Encryption StringSet Name - The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption
Type String | "EncryptionAt Rest With Customer Key" | "Encryption At Rest With Platform And Customer Keys" | "Confidential Vm Encrypted With Customer Key" - The type of key used to encrypt the data of the disk.
- federated
Client StringId - Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity Property Map
- The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location String
- The geo-location where the resource lives
- rotation
To BooleanLatest Key Version Enabled - Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Map<String>
- Resource tags.
Outputs
All input properties are implicitly available as output properties. Additionally, the DiskEncryptionSet resource produces the following output properties:
- Auto
Key Pulumi.Rotation Error Azure Native. Compute. Outputs. Api Error Response - The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Key stringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- Name string
- The name of the resource
- Previous
Keys List<Pulumi.Azure Native. Compute. Outputs. Key For Disk Encryption Set Response> - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- Provisioning
State string - The disk encryption set provisioning state.
- System
Data Pulumi.Azure Native. Compute. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Auto
Key ApiRotation Error Error Response - The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Key stringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- Name string
- The name of the resource
- Previous
Keys []KeyFor Disk Encryption Set Response - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- Provisioning
State string - The disk encryption set provisioning state.
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- auto
Key ApiRotation Error Error Response - The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Key StringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- name String
- The name of the resource
- previous
Keys List<KeyFor Disk Encryption Set Response> - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State String - The disk encryption set provisioning state.
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- auto
Key ApiRotation Error Error Response - The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- azure
Api stringVersion - The Azure API version of the resource.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Key stringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- name string
- The name of the resource
- previous
Keys KeyFor Disk Encryption Set Response[] - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State string - The disk encryption set provisioning state.
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- auto_
key_ Apirotation_ error Error Response - The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- azure_
api_ strversion - The Azure API version of the resource.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
key_ strrotation_ timestamp - The time when the active key of this disk encryption set was updated.
- name str
- The name of the resource
- previous_
keys Sequence[KeyFor Disk Encryption Set Response] - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning_
state str - The disk encryption set provisioning state.
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- auto
Key Property MapRotation Error - The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Key StringRotation Timestamp - The time when the active key of this disk encryption set was updated.
- name String
- The name of the resource
- previous
Keys List<Property Map> - A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State String - The disk encryption set provisioning state.
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Supporting Types
ApiErrorBaseResponse, ApiErrorBaseResponseArgs
ApiErrorResponse, ApiErrorResponseArgs
- Code string
- The error code.
- Details
List<Pulumi.
Azure Native. Compute. Inputs. Api Error Base Response> - The Api error details
- Innererror
Pulumi.
Azure Native. Compute. Inputs. Inner Error Response - The Api inner error
- Message string
- The error message.
- Target string
- The target of the particular error.
- Code string
- The error code.
- Details
[]Api
Error Base Response - The Api error details
- Innererror
Inner
Error Response - The Api inner error
- Message string
- The error message.
- Target string
- The target of the particular error.
- code String
- The error code.
- details
List<Api
Error Base Response> - The Api error details
- innererror
Inner
Error Response - The Api inner error
- message String
- The error message.
- target String
- The target of the particular error.
- code string
- The error code.
- details
Api
Error Base Response[] - The Api error details
- innererror
Inner
Error Response - The Api inner error
- message string
- The error message.
- target string
- The target of the particular error.
- code str
- The error code.
- details
Sequence[Api
Error Base Response] - The Api error details
- innererror
Inner
Error Response - The Api inner error
- message str
- The error message.
- target str
- The target of the particular error.
- code String
- The error code.
- details List<Property Map>
- The Api error details
- innererror Property Map
- The Api inner error
- message String
- The error message.
- target String
- The target of the particular error.
DiskEncryptionSetIdentityType, DiskEncryptionSetIdentityTypeArgs
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- Disk
Encryption Set Identity Type System Assigned - SystemAssigned
- Disk
Encryption Set Identity Type User Assigned - UserAssigned
- Disk
Encryption Set Identity Type_System Assigned_User Assigned - SystemAssigned, UserAssigned
- Disk
Encryption Set Identity Type None - None
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- SYSTEM_ASSIGNED
- SystemAssigned
- USER_ASSIGNED
- UserAssigned
- SYSTEM_ASSIGNED_USER_ASSIGNED
- SystemAssigned, UserAssigned
- NONE
- None
- "System
Assigned" - SystemAssigned
- "User
Assigned" - UserAssigned
- "System
Assigned, User Assigned" - SystemAssigned, UserAssigned
- "None"
- None
DiskEncryptionSetType, DiskEncryptionSetTypeArgs
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Confidential
Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
- Disk
Encryption Set Type Encryption At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Disk
Encryption Set Type Encryption At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Disk
Encryption Set Type Confidential Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Confidential
Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Confidential
Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
- ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY
- EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- ENCRYPTION_AT_REST_WITH_PLATFORM_AND_CUSTOMER_KEYS
- EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- CONFIDENTIAL_VM_ENCRYPTED_WITH_CUSTOMER_KEY
- ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
- "Encryption
At Rest With Customer Key" - EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- "Encryption
At Rest With Platform And Customer Keys" - EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- "Confidential
Vm Encrypted With Customer Key" - ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
EncryptionSetIdentity, EncryptionSetIdentityArgs
- Type
string | Pulumi.
Azure Native. Compute. Disk Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned List<string>Identities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Type
string | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned []stringIdentities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
String | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned List<String>Identities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
string | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned string[]Identities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
str | Disk
Encryption Set Identity Type - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user_
assigned_ Sequence[str]identities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
String | "System
Assigned" | "User Assigned" | "System Assigned, User Assigned" | "None" - The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned List<String>Identities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
EncryptionSetIdentityResponse, EncryptionSetIdentityResponseArgs
- Principal
Id string - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Tenant
Id string - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Type string
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned Dictionary<string, Pulumi.Identities Azure Native. Compute. Inputs. User Assigned Identities Value Response> - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Principal
Id string - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Tenant
Id string - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Type string
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned map[string]UserIdentities Assigned Identities Value Response - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id String - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id String - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type String
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned Map<String,UserIdentities Assigned Identities Value Response> - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id string - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id string - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type string
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned {[key: string]: UserIdentities Assigned Identities Value Response} - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal_
id str - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant_
id str - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type str
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user_
assigned_ Mapping[str, Useridentities Assigned Identities Value Response] - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id String - The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id String - The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type String
- The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned Map<Property Map>Identities - The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
InnerErrorResponse, InnerErrorResponseArgs
- Errordetail string
- The internal error message or exception dump.
- Exceptiontype string
- The exception type.
- Errordetail string
- The internal error message or exception dump.
- Exceptiontype string
- The exception type.
- errordetail String
- The internal error message or exception dump.
- exceptiontype String
- The exception type.
- errordetail string
- The internal error message or exception dump.
- exceptiontype string
- The exception type.
- errordetail str
- The internal error message or exception dump.
- exceptiontype str
- The exception type.
- errordetail String
- The internal error message or exception dump.
- exceptiontype String
- The exception type.
KeyForDiskEncryptionSet, KeyForDiskEncryptionSetArgs
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault Pulumi.Azure Native. Compute. Inputs. Source Vault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key_
url str - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source_
vault SourceVault - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault Property Map - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
KeyForDiskEncryptionSetResponse, KeyForDiskEncryptionSetResponseArgs
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault Pulumi.Azure Native. Compute. Inputs. Source Vault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- Key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url string - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key_
url str - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source_
vault SourceVault Response - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String - Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault Property Map - Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
SourceVault, SourceVaultArgs
- Id string
- Resource Id
- Id string
- Resource Id
- id String
- Resource Id
- id string
- Resource Id
- id str
- Resource Id
- id String
- Resource Id
SourceVaultResponse, SourceVaultResponseArgs
- Id string
- Resource Id
- Id string
- Resource Id
- id String
- Resource Id
- id string
- Resource Id
- id str
- Resource Id
- id String
- Resource Id
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
UserAssignedIdentitiesValueResponse, UserAssignedIdentitiesValueResponseArgs
- Client
Id string - The client id of user assigned identity.
- Principal
Id string - The principal id of user assigned identity.
- Client
Id string - The client id of user assigned identity.
- Principal
Id string - The principal id of user assigned identity.
- client
Id String - The client id of user assigned identity.
- principal
Id String - The principal id of user assigned identity.
- client
Id string - The client id of user assigned identity.
- principal
Id string - The principal id of user assigned identity.
- client_
id str - The client id of user assigned identity.
- principal_
id str - The principal id of user assigned identity.
- client
Id String - The client id of user assigned identity.
- principal
Id String - The principal id of user assigned identity.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:compute:DiskEncryptionSet myDiskEncryptionSet /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.7.1 published on Wednesday, Aug 13, 2025 by Pulumi