Docs
Packagesazure-native.compute.DiskEncryptionSet
Explore with Pulumi AI
disk encryption set resource. Azure REST API version: 2022-07-02. Prior API version in Azure Native 1.x: 2020-12-01
Example Usage
Create a disk encryption set with key vault from a different subscription.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
{
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
DiskEncryptionSetName = "myDiskEncryptionSet",
EncryptionType = "EncryptionAtRestWithCustomerKey",
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = "SystemAssigned",
},
Location = "West US",
ResourceGroupName = "myResourceGroup",
});
});
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/compute/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
KeyUrl: pulumi.String("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"),
},
DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
EncryptionType: pulumi.String("EncryptionAtRestWithCustomerKey"),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
.activeKey(Map.of("keyUrl", "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"))
.diskEncryptionSetName("myDiskEncryptionSet")
.encryptionType("EncryptionAtRestWithCustomerKey")
.identity(Map.of("type", "SystemAssigned"))
.location("West US")
.resourceGroupName("myResourceGroup")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
active_key=azure_native.compute.KeyForDiskEncryptionSetArgs(
key_url="https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
),
disk_encryption_set_name="myDiskEncryptionSet",
encryption_type="EncryptionAtRestWithCustomerKey",
identity=azure_native.compute.EncryptionSetIdentityArgs(
type="SystemAssigned",
),
location="West US",
resource_group_name="myResourceGroup")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
activeKey: {
keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
},
diskEncryptionSetName: "myDiskEncryptionSet",
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: {
type: "SystemAssigned",
},
location: "West US",
resourceGroupName: "myResourceGroup",
});
resources:
diskEncryptionSet:
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}
diskEncryptionSetName: myDiskEncryptionSet
encryptionType: EncryptionAtRestWithCustomerKey
identity:
type: SystemAssigned
location: West US
resourceGroupName: myResourceGroup
Create a disk encryption set.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
{
ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
{
KeyUrl = "https://myvmvault.vault-int.azure-int.net/keys/{key}",
SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
DiskEncryptionSetName = "myDiskEncryptionSet",
EncryptionType = "EncryptionAtRestWithCustomerKey",
Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
{
Type = "SystemAssigned",
},
Location = "West US",
ResourceGroupName = "myResourceGroup",
});
});
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/compute/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
ActiveKey: compute.KeyForDiskEncryptionSetResponse{
KeyUrl: pulumi.String("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
SourceVault: &compute.SourceVaultArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
},
},
DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
EncryptionType: pulumi.String("EncryptionAtRestWithCustomerKey"),
Identity: &compute.EncryptionSetIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
.activeKey(Map.ofEntries(
Map.entry("keyUrl", "https://myvmvault.vault-int.azure-int.net/keys/{key}"),
Map.entry("sourceVault", Map.of("id", "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"))
))
.diskEncryptionSetName("myDiskEncryptionSet")
.encryptionType("EncryptionAtRestWithCustomerKey")
.identity(Map.of("type", "SystemAssigned"))
.location("West US")
.resourceGroupName("myResourceGroup")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
active_key=azure_native.compute.KeyForDiskEncryptionSetResponseArgs(
key_url="https://myvmvault.vault-int.azure-int.net/keys/{key}",
source_vault=azure_native.compute.SourceVaultArgs(
id="/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
),
),
disk_encryption_set_name="myDiskEncryptionSet",
encryption_type="EncryptionAtRestWithCustomerKey",
identity=azure_native.compute.EncryptionSetIdentityArgs(
type="SystemAssigned",
),
location="West US",
resource_group_name="myResourceGroup")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
activeKey: {
keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/{key}",
sourceVault: {
id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
},
},
diskEncryptionSetName: "myDiskEncryptionSet",
encryptionType: "EncryptionAtRestWithCustomerKey",
identity: {
type: "SystemAssigned",
},
location: "West US",
resourceGroupName: "myResourceGroup",
});
resources:
diskEncryptionSet:
type: azure-native:compute:DiskEncryptionSet
properties:
activeKey:
keyUrl: https://myvmvault.vault-int.azure-int.net/keys/{key}
sourceVault:
id: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault
diskEncryptionSetName: myDiskEncryptionSet
encryptionType: EncryptionAtRestWithCustomerKey
identity:
type: SystemAssigned
location: West US
resourceGroupName: myResourceGroup
Create DiskEncryptionSet Resource
new DiskEncryptionSet(name: string, args: DiskEncryptionSetArgs, opts?: CustomResourceOptions);@overload
def DiskEncryptionSet(resource_name: str,
opts: Optional[ResourceOptions] = None,
active_key: Optional[KeyForDiskEncryptionSetArgs] = None,
disk_encryption_set_name: Optional[str] = None,
encryption_type: Optional[Union[str, DiskEncryptionSetType]] = None,
federated_client_id: Optional[str] = None,
identity: Optional[EncryptionSetIdentityArgs] = None,
location: Optional[str] = None,
resource_group_name: Optional[str] = None,
rotation_to_latest_key_version_enabled: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def DiskEncryptionSet(resource_name: str,
args: DiskEncryptionSetArgs,
opts: Optional[ResourceOptions] = None)func NewDiskEncryptionSet(ctx *Context, name string, args DiskEncryptionSetArgs, opts ...ResourceOption) (*DiskEncryptionSet, error)public DiskEncryptionSet(string name, DiskEncryptionSetArgs args, CustomResourceOptions? opts = null)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args, CustomResourceOptions options)
type: azure-native:compute:DiskEncryptionSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DiskEncryptionSetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
DiskEncryptionSet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DiskEncryptionSet resource accepts the following input properties:
- Resource
Group stringName The name of the resource group.
- Active
Key Pulumi.Azure Native. Compute. Inputs. Key For Disk Encryption Set The key vault key which is currently used by this disk encryption set.
- Disk
Encryption stringSet Name The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- Encryption
Type string | Pulumi.Azure Native. Compute. Disk Encryption Set Type The type of key used to encrypt the data of the disk.
- Federated
Client stringId Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- Identity
Pulumi.
Azure Native. Compute. Inputs. Encryption Set Identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- Location string
Resource location
- Rotation
To boolLatest Key Version Enabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Dictionary<string, string>
Resource tags
- Resource
Group stringName The name of the resource group.
- Active
Key KeyFor Disk Encryption Set Args The key vault key which is currently used by this disk encryption set.
- Disk
Encryption stringSet Name The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- Encryption
Type string | DiskEncryption Set Type The type of key used to encrypt the data of the disk.
- Federated
Client stringId Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- Identity
Encryption
Set Identity Args The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- Location string
Resource location
- Rotation
To boolLatest Key Version Enabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- map[string]string
Resource tags
- resource
Group StringName The name of the resource group.
- active
Key KeyFor Disk Encryption Set The key vault key which is currently used by this disk encryption set.
- disk
Encryption StringSet Name The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption
Type String | DiskEncryption Set Type The type of key used to encrypt the data of the disk.
- federated
Client StringId Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity
Encryption
Set Identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location String
Resource location
- rotation
To BooleanLatest Key Version Enabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Map<String,String>
Resource tags
- resource
Group stringName The name of the resource group.
- active
Key KeyFor Disk Encryption Set The key vault key which is currently used by this disk encryption set.
- disk
Encryption stringSet Name The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption
Type string | DiskEncryption Set Type The type of key used to encrypt the data of the disk.
- federated
Client stringId Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity
Encryption
Set Identity The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location string
Resource location
- rotation
To booleanLatest Key Version Enabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- {[key: string]: string}
Resource tags
- resource_
group_ strname The name of the resource group.
- active_
key KeyFor Disk Encryption Set Args The key vault key which is currently used by this disk encryption set.
- disk_
encryption_ strset_ name The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption_
type str | DiskEncryption Set Type The type of key used to encrypt the data of the disk.
- federated_
client_ strid Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity
Encryption
Set Identity Args The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location str
Resource location
- rotation_
to_ boollatest_ key_ version_ enabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Mapping[str, str]
Resource tags
- resource
Group StringName The name of the resource group.
- active
Key Property Map The key vault key which is currently used by this disk encryption set.
- disk
Encryption StringSet Name The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
- encryption
Type String | "EncryptionAt Rest With Customer Key" | "Encryption At Rest With Platform And Customer Keys" | "Confidential Vm Encrypted With Customer Key" The type of key used to encrypt the data of the disk.
- federated
Client StringId Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
- identity Property Map
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
- location String
Resource location
- rotation
To BooleanLatest Key Version Enabled Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
- Map<String>
Resource tags
Outputs
All input properties are implicitly available as output properties. Additionally, the DiskEncryptionSet resource produces the following output properties:
- Auto
Key Pulumi.Rotation Error Azure Native. Compute. Outputs. Api Error Response The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Key stringRotation Timestamp The time when the active key of this disk encryption set was updated.
- Name string
Resource name
- Previous
Keys List<Pulumi.Azure Native. Compute. Outputs. Key For Disk Encryption Set Response> A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- Provisioning
State string The disk encryption set provisioning state.
- Type string
Resource type
- Auto
Key ApiRotation Error Error Response The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Key stringRotation Timestamp The time when the active key of this disk encryption set was updated.
- Name string
Resource name
- Previous
Keys []KeyFor Disk Encryption Set Response A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- Provisioning
State string The disk encryption set provisioning state.
- Type string
Resource type
- auto
Key ApiRotation Error Error Response The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- id String
The provider-assigned unique ID for this managed resource.
- last
Key StringRotation Timestamp The time when the active key of this disk encryption set was updated.
- name String
Resource name
- previous
Keys List<KeyFor Disk Encryption Set Response> A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State String The disk encryption set provisioning state.
- type String
Resource type
- auto
Key ApiRotation Error Error Response The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- id string
The provider-assigned unique ID for this managed resource.
- last
Key stringRotation Timestamp The time when the active key of this disk encryption set was updated.
- name string
Resource name
- previous
Keys KeyFor Disk Encryption Set Response[] A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State string The disk encryption set provisioning state.
- type string
Resource type
- auto_
key_ Apirotation_ error Error Response The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- id str
The provider-assigned unique ID for this managed resource.
- last_
key_ strrotation_ timestamp The time when the active key of this disk encryption set was updated.
- name str
Resource name
- previous_
keys Sequence[KeyFor Disk Encryption Set Response] A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning_
state str The disk encryption set provisioning state.
- type str
Resource type
- auto
Key Property MapRotation Error The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
- id String
The provider-assigned unique ID for this managed resource.
- last
Key StringRotation Timestamp The time when the active key of this disk encryption set was updated.
- name String
Resource name
- previous
Keys List<Property Map> A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
- provisioning
State String The disk encryption set provisioning state.
- type String
Resource type
Supporting Types
ApiErrorBaseResponse, ApiErrorBaseResponseArgs
ApiErrorResponse, ApiErrorResponseArgs
- Code string
The error code.
- Details
List<Pulumi.
Azure Native. Compute. Inputs. Api Error Base Response> The Api error details
- Innererror
Pulumi.
Azure Native. Compute. Inputs. Inner Error Response The Api inner error
- Message string
The error message.
- Target string
The target of the particular error.
- Code string
The error code.
- Details
[]Api
Error Base Response The Api error details
- Innererror
Inner
Error Response The Api inner error
- Message string
The error message.
- Target string
The target of the particular error.
- code String
The error code.
- details
List<Api
Error Base Response> The Api error details
- innererror
Inner
Error Response The Api inner error
- message String
The error message.
- target String
The target of the particular error.
- code string
The error code.
- details
Api
Error Base Response[] The Api error details
- innererror
Inner
Error Response The Api inner error
- message string
The error message.
- target string
The target of the particular error.
- code str
The error code.
- details
Sequence[Api
Error Base Response] The Api error details
- innererror
Inner
Error Response The Api inner error
- message str
The error message.
- target str
The target of the particular error.
- code String
The error code.
- details List<Property Map>
The Api error details
- innererror Property Map
The Api inner error
- message String
The error message.
- target String
The target of the particular error.
DiskEncryptionSetIdentityType, DiskEncryptionSetIdentityTypeArgs
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- Disk
Encryption Set Identity Type System Assigned - SystemAssigned
- Disk
Encryption Set Identity Type User Assigned - UserAssigned
- Disk
Encryption Set Identity Type_System Assigned_User Assigned - SystemAssigned, UserAssigned
- Disk
Encryption Set Identity Type None - None
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- SYSTEM_ASSIGNED
- SystemAssigned
- USER_ASSIGNED
- UserAssigned
- SYSTEM_ASSIGNED_USER_ASSIGNED
- SystemAssigned, UserAssigned
- NONE
- None
- "System
Assigned" - SystemAssigned
- "User
Assigned" - UserAssigned
- "System
Assigned, User Assigned" - SystemAssigned, UserAssigned
- "None"
- None
DiskEncryptionSetType, DiskEncryptionSetTypeArgs
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKey
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeys
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Confidential
Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKey
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
- Disk
Encryption Set Type Encryption At Rest With Customer Key - EncryptionAtRestWithCustomerKey
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Disk
Encryption Set Type Encryption At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeys
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Disk
Encryption Set Type Confidential Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKey
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKey
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeys
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Confidential
Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKey
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
- Encryption
At Rest With Customer Key - EncryptionAtRestWithCustomerKey
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- Encryption
At Rest With Platform And Customer Keys - EncryptionAtRestWithPlatformAndCustomerKeys
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- Confidential
Vm Encrypted With Customer Key - ConfidentialVmEncryptedWithCustomerKey
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
- ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY
- EncryptionAtRestWithCustomerKey
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- ENCRYPTION_AT_REST_WITH_PLATFORM_AND_CUSTOMER_KEYS
- EncryptionAtRestWithPlatformAndCustomerKeys
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- CONFIDENTIAL_VM_ENCRYPTED_WITH_CUSTOMER_KEY
- ConfidentialVmEncryptedWithCustomerKey
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
- "Encryption
At Rest With Customer Key" - EncryptionAtRestWithCustomerKey
Resource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
- "Encryption
At Rest With Platform And Customer Keys" - EncryptionAtRestWithPlatformAndCustomerKeys
Resource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
- "Confidential
Vm Encrypted With Customer Key" - ConfidentialVmEncryptedWithCustomerKey
Confidential VM supported disk and VM guest state would be encrypted with customer managed key.
EncryptionSetIdentity, EncryptionSetIdentityArgs
- Type
string | Pulumi.
Azure Native. Compute. Disk Encryption Set Identity Type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned List<string>Identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Type
string | Disk
Encryption Set Identity Type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned []stringIdentities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
String | Disk
Encryption Set Identity Type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned List<String>Identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
string | Disk
Encryption Set Identity Type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned string[]Identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
str | Disk
Encryption Set Identity Type The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user_
assigned_ Sequence[str]identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
String | "System
Assigned" | "User Assigned" | "System Assigned, User Assigned" | "None" The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned List<String>Identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
EncryptionSetIdentityResponse, EncryptionSetIdentityResponseArgs
- Principal
Id string The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Tenant
Id string The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Type string
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned Dictionary<string, Pulumi.Identities Azure Native. Compute. Inputs. User Assigned Identities Response User Assigned Identities> The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Principal
Id string The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Tenant
Id string The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- Type string
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- User
Assigned map[string]UserIdentities Assigned Identities Response User Assigned Identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id String The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id String The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type String
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned Map<String,UserIdentities Assigned Identities Response User Assigned Identities> The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id string The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id string The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type string
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned {[key: string]: UserIdentities Assigned Identities Response User Assigned Identities} The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal_
id str The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant_
id str The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type str
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user_
assigned_ Mapping[str, Useridentities Assigned Identities Response User Assigned Identities] The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id String The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- tenant
Id String The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
- type String
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
- user
Assigned Map<Property Map>Identities The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
InnerErrorResponse, InnerErrorResponseArgs
- Errordetail string
The internal error message or exception dump.
- Exceptiontype string
The exception type.
- Errordetail string
The internal error message or exception dump.
- Exceptiontype string
The exception type.
- errordetail String
The internal error message or exception dump.
- exceptiontype String
The exception type.
- errordetail string
The internal error message or exception dump.
- exceptiontype string
The exception type.
- errordetail str
The internal error message or exception dump.
- exceptiontype str
The exception type.
- errordetail String
The internal error message or exception dump.
- exceptiontype String
The exception type.
KeyForDiskEncryptionSet, KeyForDiskEncryptionSetArgs
- Key
Url string Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault Pulumi.Azure Native. Compute. Inputs. Source Vault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- Key
Url string Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault SourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url string Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key_
url str Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source_
vault SourceVault Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault Property Map Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
KeyForDiskEncryptionSetResponse, KeyForDiskEncryptionSetResponseArgs
- Key
Url string Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault Pulumi.Azure Native. Compute. Inputs. Source Vault Response Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- Key
Url string Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- Source
Vault SourceVault Response Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Response Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url string Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault SourceVault Response Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key_
url str Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source_
vault SourceVault Response Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
- key
Url String Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
- source
Vault Property Map Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
SourceVault, SourceVaultArgs
- Id string
Resource Id
- Id string
Resource Id
- id String
Resource Id
- id string
Resource Id
- id str
Resource Id
- id String
Resource Id
SourceVaultResponse, SourceVaultResponseArgs
- Id string
Resource Id
- Id string
Resource Id
- id String
Resource Id
- id string
Resource Id
- id str
Resource Id
- id String
Resource Id
UserAssignedIdentitiesResponseUserAssignedIdentities, UserAssignedIdentitiesResponseUserAssignedIdentitiesArgs
- Client
Id string The client id of user assigned identity.
- Principal
Id string The principal id of user assigned identity.
- Client
Id string The client id of user assigned identity.
- Principal
Id string The principal id of user assigned identity.
- client
Id String The client id of user assigned identity.
- principal
Id String The principal id of user assigned identity.
- client
Id string The client id of user assigned identity.
- principal
Id string The principal id of user assigned identity.
- client_
id str The client id of user assigned identity.
- principal_
id str The principal id of user assigned identity.
- client
Id String The client id of user assigned identity.
- principal
Id String The principal id of user assigned identity.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:compute:DiskEncryptionSet myDiskEncryptionSet /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0