Azure Native

Pulumi Official
Package maintained by Pulumi
v1.68.2 published on Tuesday, Aug 16, 2022 by Pulumi

DiskEncryptionSet

disk encryption set resource. API Version: 2020-12-01.

Example Usage

Create a disk encryption set with key vault from a different subscription.

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
    {
        ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
        {
            KeyUrl = "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
        },
        DiskEncryptionSetName = "myDiskEncryptionSet",
        EncryptionType = "EncryptionAtRestWithCustomerKey",
        Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
        {
            Type = "SystemAssigned",
        },
        Location = "West US",
        ResourceGroupName = "myResourceGroup",
    });

});
package main

import (
	compute "github.com/pulumi/pulumi-azure-native/sdk/go/azure/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
			ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
				KeyUrl: pulumi.String("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"),
			},
			DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
			EncryptionType:        pulumi.String("EncryptionAtRestWithCustomerKey"),
			Identity: &compute.EncryptionSetIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
			Location:          pulumi.String("West US"),
			ResourceGroupName: pulumi.String("myResourceGroup"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()        
            .activeKey(Map.of("keyUrl", "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"))
            .diskEncryptionSetName("myDiskEncryptionSet")
            .encryptionType("EncryptionAtRestWithCustomerKey")
            .identity(Map.of("type", "SystemAssigned"))
            .location("West US")
            .resourceGroupName("myResourceGroup")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
    active_key=azure_native.compute.KeyForDiskEncryptionSetArgs(
        key_url="https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
    ),
    disk_encryption_set_name="myDiskEncryptionSet",
    encryption_type="EncryptionAtRestWithCustomerKey",
    identity=azure_native.compute.EncryptionSetIdentityArgs(
        type="SystemAssigned",
    ),
    location="West US",
    resource_group_name="myResourceGroup")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
    activeKey: {
        keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
    },
    diskEncryptionSetName: "myDiskEncryptionSet",
    encryptionType: "EncryptionAtRestWithCustomerKey",
    identity: {
        type: "SystemAssigned",
    },
    location: "West US",
    resourceGroupName: "myResourceGroup",
});
resources:
  diskEncryptionSet:
    type: azure-native:compute:DiskEncryptionSet
    properties:
      activeKey:
        keyUrl: https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}
      diskEncryptionSetName: myDiskEncryptionSet
      encryptionType: EncryptionAtRestWithCustomerKey
      identity:
        type: SystemAssigned
      location: West US
      resourceGroupName: myResourceGroup

Create a disk encryption set.

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
    {
        ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
        {
            KeyUrl = "https://myvmvault.vault-int.azure-int.net/keys/{key}",
            SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
            {
                Id = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
            },
        },
        DiskEncryptionSetName = "myDiskEncryptionSet",
        EncryptionType = "EncryptionAtRestWithCustomerKey",
        Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
        {
            Type = "SystemAssigned",
        },
        Location = "West US",
        ResourceGroupName = "myResourceGroup",
    });

});
package main

import (
	compute "github.com/pulumi/pulumi-azure-native/sdk/go/azure/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
			ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
				KeyUrl: pulumi.String("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
				SourceVault: &compute.SourceVaultArgs{
					Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
				},
			},
			DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
			EncryptionType:        pulumi.String("EncryptionAtRestWithCustomerKey"),
			Identity: &compute.EncryptionSetIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
			Location:          pulumi.String("West US"),
			ResourceGroupName: pulumi.String("myResourceGroup"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()        
            .activeKey(Map.ofEntries(
                Map.entry("keyUrl", "https://myvmvault.vault-int.azure-int.net/keys/{key}"),
                Map.entry("sourceVault", Map.of("id", "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
            ))
            .diskEncryptionSetName("myDiskEncryptionSet")
            .encryptionType("EncryptionAtRestWithCustomerKey")
            .identity(Map.of("type", "SystemAssigned"))
            .location("West US")
            .resourceGroupName("myResourceGroup")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
    active_key=azure_native.compute.KeyForDiskEncryptionSetArgs(
        key_url="https://myvmvault.vault-int.azure-int.net/keys/{key}",
        source_vault=azure_native.compute.SourceVaultArgs(
            id="/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
        ),
    ),
    disk_encryption_set_name="myDiskEncryptionSet",
    encryption_type="EncryptionAtRestWithCustomerKey",
    identity=azure_native.compute.EncryptionSetIdentityArgs(
        type="SystemAssigned",
    ),
    location="West US",
    resource_group_name="myResourceGroup")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
    activeKey: {
        keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/{key}",
        sourceVault: {
            id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
        },
    },
    diskEncryptionSetName: "myDiskEncryptionSet",
    encryptionType: "EncryptionAtRestWithCustomerKey",
    identity: {
        type: "SystemAssigned",
    },
    location: "West US",
    resourceGroupName: "myResourceGroup",
});
resources:
  diskEncryptionSet:
    type: azure-native:compute:DiskEncryptionSet
    properties:
      activeKey:
        keyUrl: https://myvmvault.vault-int.azure-int.net/keys/{key}
        sourceVault:
          id: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault
      diskEncryptionSetName: myDiskEncryptionSet
      encryptionType: EncryptionAtRestWithCustomerKey
      identity:
        type: SystemAssigned
      location: West US
      resourceGroupName: myResourceGroup

Create a DiskEncryptionSet Resource

new DiskEncryptionSet(name: string, args: DiskEncryptionSetArgs, opts?: CustomResourceOptions);
@overload
def DiskEncryptionSet(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      active_key: Optional[KeyForDiskEncryptionSetArgs] = None,
                      disk_encryption_set_name: Optional[str] = None,
                      encryption_type: Optional[Union[str, DiskEncryptionSetType]] = None,
                      identity: Optional[EncryptionSetIdentityArgs] = None,
                      location: Optional[str] = None,
                      resource_group_name: Optional[str] = None,
                      rotation_to_latest_key_version_enabled: Optional[bool] = None,
                      tags: Optional[Mapping[str, str]] = None)
@overload
def DiskEncryptionSet(resource_name: str,
                      args: DiskEncryptionSetArgs,
                      opts: Optional[ResourceOptions] = None)
func NewDiskEncryptionSet(ctx *Context, name string, args DiskEncryptionSetArgs, opts ...ResourceOption) (*DiskEncryptionSet, error)
public DiskEncryptionSet(string name, DiskEncryptionSetArgs args, CustomResourceOptions? opts = null)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args, CustomResourceOptions options)
type: azure-native:compute:DiskEncryptionSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DiskEncryptionSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DiskEncryptionSetArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DiskEncryptionSetArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DiskEncryptionSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DiskEncryptionSetArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

DiskEncryptionSet Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The DiskEncryptionSet resource accepts the following input properties:

ResourceGroupName string

The name of the resource group.

ActiveKey Pulumi.AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs

The key vault key which is currently used by this disk encryption set.

DiskEncryptionSetName string

The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.

EncryptionType string | Pulumi.AzureNative.Compute.DiskEncryptionSetType

The type of key used to encrypt the data of the disk.

Identity Pulumi.AzureNative.Compute.Inputs.EncryptionSetIdentityArgs

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

Location string

Resource location

RotationToLatestKeyVersionEnabled bool

Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.

Tags Dictionary<string, string>

Resource tags

ResourceGroupName string

The name of the resource group.

ActiveKey KeyForDiskEncryptionSetArgs

The key vault key which is currently used by this disk encryption set.

DiskEncryptionSetName string

The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.

EncryptionType string | DiskEncryptionSetType

The type of key used to encrypt the data of the disk.

Identity EncryptionSetIdentityArgs

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

Location string

Resource location

RotationToLatestKeyVersionEnabled bool

Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.

Tags map[string]string

Resource tags

resourceGroupName String

The name of the resource group.

activeKey KeyForDiskEncryptionSetArgs

The key vault key which is currently used by this disk encryption set.

diskEncryptionSetName String

The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.

encryptionType String | DiskEncryptionSetType

The type of key used to encrypt the data of the disk.

identity EncryptionSetIdentityArgs

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

location String

Resource location

rotationToLatestKeyVersionEnabled Boolean

Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.

tags Map<String,String>

Resource tags

resourceGroupName string

The name of the resource group.

activeKey KeyForDiskEncryptionSetArgs

The key vault key which is currently used by this disk encryption set.

diskEncryptionSetName string

The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.

encryptionType string | DiskEncryptionSetType

The type of key used to encrypt the data of the disk.

identity EncryptionSetIdentityArgs

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

location string

Resource location

rotationToLatestKeyVersionEnabled boolean

Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.

tags {[key: string]: string}

Resource tags

resource_group_name str

The name of the resource group.

active_key KeyForDiskEncryptionSetArgs

The key vault key which is currently used by this disk encryption set.

disk_encryption_set_name str

The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.

encryption_type str | DiskEncryptionSetType

The type of key used to encrypt the data of the disk.

identity EncryptionSetIdentityArgs

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

location str

Resource location

rotation_to_latest_key_version_enabled bool

Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.

tags Mapping[str, str]

Resource tags

resourceGroupName String

The name of the resource group.

activeKey Property Map

The key vault key which is currently used by this disk encryption set.

diskEncryptionSetName String

The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9 and _. The maximum name length is 80 characters.

encryptionType String | "EncryptionAtRestWithCustomerKey" | "EncryptionAtRestWithPlatformAndCustomerKeys"

The type of key used to encrypt the data of the disk.

identity Property Map

The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.

location String

Resource location

rotationToLatestKeyVersionEnabled Boolean

Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.

tags Map<String>

Resource tags

Outputs

All input properties are implicitly available as output properties. Additionally, the DiskEncryptionSet resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

LastKeyRotationTimestamp string

The time when the active key of this disk encryption set was updated.

Name string

Resource name

PreviousKeys List<Pulumi.AzureNative.Compute.Outputs.KeyForDiskEncryptionSetResponse>

A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.

ProvisioningState string

The disk encryption set provisioning state.

Type string

Resource type

Id string

The provider-assigned unique ID for this managed resource.

LastKeyRotationTimestamp string

The time when the active key of this disk encryption set was updated.

Name string

Resource name

PreviousKeys []KeyForDiskEncryptionSetResponse

A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.

ProvisioningState string

The disk encryption set provisioning state.

Type string

Resource type

id String

The provider-assigned unique ID for this managed resource.

lastKeyRotationTimestamp String

The time when the active key of this disk encryption set was updated.

name String

Resource name

previousKeys List<KeyForDiskEncryptionSetResponse>

A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.

provisioningState String

The disk encryption set provisioning state.

type String

Resource type

id string

The provider-assigned unique ID for this managed resource.

lastKeyRotationTimestamp string

The time when the active key of this disk encryption set was updated.

name string

Resource name

previousKeys KeyForDiskEncryptionSetResponse[]

A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.

provisioningState string

The disk encryption set provisioning state.

type string

Resource type

id str

The provider-assigned unique ID for this managed resource.

last_key_rotation_timestamp str

The time when the active key of this disk encryption set was updated.

name str

Resource name

previous_keys Sequence[KeyForDiskEncryptionSetResponse]

A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.

provisioning_state str

The disk encryption set provisioning state.

type str

Resource type

id String

The provider-assigned unique ID for this managed resource.

lastKeyRotationTimestamp String

The time when the active key of this disk encryption set was updated.

name String

Resource name

previousKeys List<Property Map>

A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.

provisioningState String

The disk encryption set provisioning state.

type String

Resource type

Supporting Types

DiskEncryptionSetIdentityType

SystemAssigned
SystemAssigned
None
None
DiskEncryptionSetIdentityTypeSystemAssigned
SystemAssigned
DiskEncryptionSetIdentityTypeNone
None
SystemAssigned
SystemAssigned
None
None
SystemAssigned
SystemAssigned
None
None
SYSTEM_ASSIGNED
SystemAssigned
NONE
None
"SystemAssigned"
SystemAssigned
"None"
None

DiskEncryptionSetType

EncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKey

Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.

EncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeys

Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKey

Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.

DiskEncryptionSetTypeEncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeys

Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

EncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKey

Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.

EncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeys

Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

EncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKey

Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.

EncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeys

Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY
EncryptionAtRestWithCustomerKey

Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.

ENCRYPTION_AT_REST_WITH_PLATFORM_AND_CUSTOMER_KEYS
EncryptionAtRestWithPlatformAndCustomerKeys

Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

"EncryptionAtRestWithCustomerKey"
EncryptionAtRestWithCustomerKey

Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.

"EncryptionAtRestWithPlatformAndCustomerKeys"
EncryptionAtRestWithPlatformAndCustomerKeys

Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.

EncryptionSetIdentity

Type string | Pulumi.AzureNative.Compute.DiskEncryptionSetIdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

Type string | DiskEncryptionSetIdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

type String | DiskEncryptionSetIdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

type string | DiskEncryptionSetIdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

type str | DiskEncryptionSetIdentityType

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

type String | "SystemAssigned" | "None"

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

EncryptionSetIdentityResponse

PrincipalId string

The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity

TenantId string

The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity

Type string

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

PrincipalId string

The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity

TenantId string

The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity

Type string

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

principalId String

The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity

tenantId String

The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity

type String

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

principalId string

The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity

tenantId string

The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity

type string

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

principal_id str

The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity

tenant_id str

The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity

type str

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

principalId String

The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity

tenantId String

The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity

type String

The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.

KeyForDiskEncryptionSet

KeyUrl string

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

SourceVault Pulumi.AzureNative.Compute.Inputs.SourceVault

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

KeyUrl string

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

SourceVault SourceVault

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

keyUrl String

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

sourceVault SourceVault

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

keyUrl string

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

sourceVault SourceVault

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

key_url str

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

source_vault SourceVault

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

keyUrl String

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

sourceVault Property Map

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

KeyForDiskEncryptionSetResponse

KeyUrl string

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

SourceVault Pulumi.AzureNative.Compute.Inputs.SourceVaultResponse

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

KeyUrl string

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

SourceVault SourceVaultResponse

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

keyUrl String

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

sourceVault SourceVaultResponse

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

keyUrl string

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

sourceVault SourceVaultResponse

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

key_url str

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

source_vault SourceVaultResponse

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

keyUrl String

Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.

sourceVault Property Map

Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

SourceVault

Id string

Resource Id

Id string

Resource Id

id String

Resource Id

id string

Resource Id

id str

Resource Id

id String

Resource Id

SourceVaultResponse

Id string

Resource Id

Id string

Resource Id

id String

Resource Id

id string

Resource Id

id str

Resource Id

id String

Resource Id

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:compute:DiskEncryptionSet myDiskEncryptionSet /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName} 

Package Details

Repository
https://github.com/pulumi/pulumi-azure-native
License
Apache-2.0