1. Packages
  2. Azure Native
  3. API Docs
  4. storage
  5. EncryptionScope
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi

azure-native.storage.EncryptionScope

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi

    The Encryption Scope resource. Azure REST API version: 2022-09-01. Prior API version in Azure Native 1.x: 2021-02-01.

    Other available API versions: 2023-01-01.

    Example Usage

    StorageAccountPutEncryptionScope

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
        {
            AccountName = "{storage-account-name}",
            EncryptionScopeName = "{encryption-scope-name}",
            ResourceGroupName = "resource-group-name",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/storage/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
    			AccountName:         pulumi.String("{storage-account-name}"),
    			EncryptionScopeName: pulumi.String("{encryption-scope-name}"),
    			ResourceGroupName:   pulumi.String("resource-group-name"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.storage.EncryptionScope;
    import com.pulumi.azurenative.storage.EncryptionScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()        
                .accountName("{storage-account-name}")
                .encryptionScopeName("{encryption-scope-name}")
                .resourceGroupName("resource-group-name")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
        account_name="{storage-account-name}",
        encryption_scope_name="{encryption-scope-name}",
        resource_group_name="resource-group-name")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
        accountName: "{storage-account-name}",
        encryptionScopeName: "{encryption-scope-name}",
        resourceGroupName: "resource-group-name",
    });
    
    resources:
      encryptionScope:
        type: azure-native:storage:EncryptionScope
        properties:
          accountName: '{storage-account-name}'
          encryptionScopeName: '{encryption-scope-name}'
          resourceGroupName: resource-group-name
    

    StorageAccountPutEncryptionScopeWithInfrastructureEncryption

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
        {
            AccountName = "{storage-account-name}",
            EncryptionScopeName = "{encryption-scope-name}",
            RequireInfrastructureEncryption = true,
            ResourceGroupName = "resource-group-name",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/storage/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
    			AccountName:                     pulumi.String("{storage-account-name}"),
    			EncryptionScopeName:             pulumi.String("{encryption-scope-name}"),
    			RequireInfrastructureEncryption: pulumi.Bool(true),
    			ResourceGroupName:               pulumi.String("resource-group-name"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.storage.EncryptionScope;
    import com.pulumi.azurenative.storage.EncryptionScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()        
                .accountName("{storage-account-name}")
                .encryptionScopeName("{encryption-scope-name}")
                .requireInfrastructureEncryption(true)
                .resourceGroupName("resource-group-name")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
        account_name="{storage-account-name}",
        encryption_scope_name="{encryption-scope-name}",
        require_infrastructure_encryption=True,
        resource_group_name="resource-group-name")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
        accountName: "{storage-account-name}",
        encryptionScopeName: "{encryption-scope-name}",
        requireInfrastructureEncryption: true,
        resourceGroupName: "resource-group-name",
    });
    
    resources:
      encryptionScope:
        type: azure-native:storage:EncryptionScope
        properties:
          accountName: '{storage-account-name}'
          encryptionScopeName: '{encryption-scope-name}'
          requireInfrastructureEncryption: true
          resourceGroupName: resource-group-name
    

    Create EncryptionScope Resource

    new EncryptionScope(name: string, args: EncryptionScopeArgs, opts?: CustomResourceOptions);
    @overload
    def EncryptionScope(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        account_name: Optional[str] = None,
                        encryption_scope_name: Optional[str] = None,
                        key_vault_properties: Optional[EncryptionScopeKeyVaultPropertiesArgs] = None,
                        require_infrastructure_encryption: Optional[bool] = None,
                        resource_group_name: Optional[str] = None,
                        source: Optional[Union[str, EncryptionScopeSource]] = None,
                        state: Optional[Union[str, EncryptionScopeState]] = None)
    @overload
    def EncryptionScope(resource_name: str,
                        args: EncryptionScopeArgs,
                        opts: Optional[ResourceOptions] = None)
    func NewEncryptionScope(ctx *Context, name string, args EncryptionScopeArgs, opts ...ResourceOption) (*EncryptionScope, error)
    public EncryptionScope(string name, EncryptionScopeArgs args, CustomResourceOptions? opts = null)
    public EncryptionScope(String name, EncryptionScopeArgs args)
    public EncryptionScope(String name, EncryptionScopeArgs args, CustomResourceOptions options)
    
    type: azure-native:storage:EncryptionScope
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args EncryptionScopeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args EncryptionScopeArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args EncryptionScopeArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args EncryptionScopeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args EncryptionScopeArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    EncryptionScope Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The EncryptionScope resource accepts the following input properties:

    AccountName string
    The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
    ResourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    EncryptionScopeName string
    The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
    KeyVaultProperties Pulumi.AzureNative.Storage.Inputs.EncryptionScopeKeyVaultProperties
    The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
    RequireInfrastructureEncryption bool
    A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
    Source string | Pulumi.AzureNative.Storage.EncryptionScopeSource
    The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
    State string | Pulumi.AzureNative.Storage.EncryptionScopeState
    The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
    AccountName string
    The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
    ResourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    EncryptionScopeName string
    The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
    KeyVaultProperties EncryptionScopeKeyVaultPropertiesArgs
    The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
    RequireInfrastructureEncryption bool
    A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
    Source string | EncryptionScopeSource
    The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
    State string | EncryptionScopeStateEnum
    The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
    accountName String
    The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
    resourceGroupName String
    The name of the resource group within the user's subscription. The name is case insensitive.
    encryptionScopeName String
    The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
    keyVaultProperties EncryptionScopeKeyVaultProperties
    The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
    requireInfrastructureEncryption Boolean
    A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
    source String | EncryptionScopeSource
    The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
    state String | EncryptionScopeState
    The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
    accountName string
    The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
    resourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    encryptionScopeName string
    The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
    keyVaultProperties EncryptionScopeKeyVaultProperties
    The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
    requireInfrastructureEncryption boolean
    A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
    source string | EncryptionScopeSource
    The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
    state string | EncryptionScopeState
    The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
    account_name str
    The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
    resource_group_name str
    The name of the resource group within the user's subscription. The name is case insensitive.
    encryption_scope_name str
    The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
    key_vault_properties EncryptionScopeKeyVaultPropertiesArgs
    The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
    require_infrastructure_encryption bool
    A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
    source str | EncryptionScopeSource
    The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
    state str | EncryptionScopeState
    The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
    accountName String
    The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
    resourceGroupName String
    The name of the resource group within the user's subscription. The name is case insensitive.
    encryptionScopeName String
    The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
    keyVaultProperties Property Map
    The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
    requireInfrastructureEncryption Boolean
    A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
    source String | "Microsoft.Storage" | "Microsoft.KeyVault"
    The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
    state String | "Enabled" | "Disabled"
    The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the EncryptionScope resource produces the following output properties:

    CreationTime string
    Gets the creation date and time of the encryption scope in UTC.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedTime string
    Gets the last modification date and time of the encryption scope in UTC.
    Name string
    The name of the resource
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    CreationTime string
    Gets the creation date and time of the encryption scope in UTC.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedTime string
    Gets the last modification date and time of the encryption scope in UTC.
    Name string
    The name of the resource
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    creationTime String
    Gets the creation date and time of the encryption scope in UTC.
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedTime String
    Gets the last modification date and time of the encryption scope in UTC.
    name String
    The name of the resource
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    creationTime string
    Gets the creation date and time of the encryption scope in UTC.
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedTime string
    Gets the last modification date and time of the encryption scope in UTC.
    name string
    The name of the resource
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    creation_time str
    Gets the creation date and time of the encryption scope in UTC.
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_time str
    Gets the last modification date and time of the encryption scope in UTC.
    name str
    The name of the resource
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    creationTime String
    Gets the creation date and time of the encryption scope in UTC.
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedTime String
    Gets the last modification date and time of the encryption scope in UTC.
    name String
    The name of the resource
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    Supporting Types

    EncryptionScopeKeyVaultProperties, EncryptionScopeKeyVaultPropertiesArgs

    KeyUri string
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    KeyUri string
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    keyUri String
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    keyUri string
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    key_uri str
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    keyUri String
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

    EncryptionScopeKeyVaultPropertiesResponse, EncryptionScopeKeyVaultPropertiesResponseArgs

    CurrentVersionedKeyIdentifier string
    The object identifier of the current versioned Key Vault Key in use.
    LastKeyRotationTimestamp string
    Timestamp of last rotation of the Key Vault Key.
    KeyUri string
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    CurrentVersionedKeyIdentifier string
    The object identifier of the current versioned Key Vault Key in use.
    LastKeyRotationTimestamp string
    Timestamp of last rotation of the Key Vault Key.
    KeyUri string
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    currentVersionedKeyIdentifier String
    The object identifier of the current versioned Key Vault Key in use.
    lastKeyRotationTimestamp String
    Timestamp of last rotation of the Key Vault Key.
    keyUri String
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    currentVersionedKeyIdentifier string
    The object identifier of the current versioned Key Vault Key in use.
    lastKeyRotationTimestamp string
    Timestamp of last rotation of the Key Vault Key.
    keyUri string
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    current_versioned_key_identifier str
    The object identifier of the current versioned Key Vault Key in use.
    last_key_rotation_timestamp str
    Timestamp of last rotation of the Key Vault Key.
    key_uri str
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
    currentVersionedKeyIdentifier String
    The object identifier of the current versioned Key Vault Key in use.
    lastKeyRotationTimestamp String
    Timestamp of last rotation of the Key Vault Key.
    keyUri String
    The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

    EncryptionScopeSource, EncryptionScopeSourceArgs

    Microsoft_Storage
    Microsoft.Storage
    Microsoft_KeyVault
    Microsoft.KeyVault
    EncryptionScopeSource_Microsoft_Storage
    Microsoft.Storage
    EncryptionScopeSource_Microsoft_KeyVault
    Microsoft.KeyVault
    Microsoft_Storage
    Microsoft.Storage
    Microsoft_KeyVault
    Microsoft.KeyVault
    Microsoft_Storage
    Microsoft.Storage
    Microsoft_KeyVault
    Microsoft.KeyVault
    MICROSOFT_STORAGE
    Microsoft.Storage
    MICROSOFT_KEY_VAULT
    Microsoft.KeyVault
    "Microsoft.Storage"
    Microsoft.Storage
    "Microsoft.KeyVault"
    Microsoft.KeyVault

    EncryptionScopeState, EncryptionScopeStateArgs

    Enabled
    Enabled
    Disabled
    Disabled
    EncryptionScopeStateEnabled
    Enabled
    EncryptionScopeStateDisabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    ENABLED
    Enabled
    DISABLED
    Disabled
    "Enabled"
    Enabled
    "Disabled"
    Disabled

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:storage:EncryptionScope {encryption-scope-name} /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/encryptionScopes/{encryptionScopeName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi