Azure Native

v1.78.0 published on Wednesday, Sep 14, 2022 by Pulumi

EncryptionScope

The Encryption Scope resource. API Version: 2021-02-01.

Example Usage

StorageAccountPutEncryptionScope

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
    {
        AccountName = "{storage-account-name}",
        EncryptionScopeName = "{encryption-scope-name}",
        ResourceGroupName = "resource-group-name",
    });

});
package main

import (
	storage "github.com/pulumi/pulumi-azure-native/sdk/go/azure/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
			AccountName:         pulumi.String("{storage-account-name}"),
			EncryptionScopeName: pulumi.String("{encryption-scope-name}"),
			ResourceGroupName:   pulumi.String("resource-group-name"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.EncryptionScope;
import com.pulumi.azurenative.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()        
            .accountName("{storage-account-name}")
            .encryptionScopeName("{encryption-scope-name}")
            .resourceGroupName("resource-group-name")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
    account_name="{storage-account-name}",
    encryption_scope_name="{encryption-scope-name}",
    resource_group_name="resource-group-name")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
    accountName: "{storage-account-name}",
    encryptionScopeName: "{encryption-scope-name}",
    resourceGroupName: "resource-group-name",
});
resources:
  encryptionScope:
    type: azure-native:storage:EncryptionScope
    properties:
      accountName: '{storage-account-name}'
      encryptionScopeName: '{encryption-scope-name}'
      resourceGroupName: resource-group-name

StorageAccountPutEncryptionScopeWithInfrastructureEncryption

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
    {
        AccountName = "{storage-account-name}",
        EncryptionScopeName = "{encryption-scope-name}",
        RequireInfrastructureEncryption = true,
        ResourceGroupName = "resource-group-name",
    });

});
package main

import (
	storage "github.com/pulumi/pulumi-azure-native/sdk/go/azure/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
			AccountName:                     pulumi.String("{storage-account-name}"),
			EncryptionScopeName:             pulumi.String("{encryption-scope-name}"),
			RequireInfrastructureEncryption: pulumi.Bool(true),
			ResourceGroupName:               pulumi.String("resource-group-name"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.EncryptionScope;
import com.pulumi.azurenative.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()        
            .accountName("{storage-account-name}")
            .encryptionScopeName("{encryption-scope-name}")
            .requireInfrastructureEncryption(true)
            .resourceGroupName("resource-group-name")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
    account_name="{storage-account-name}",
    encryption_scope_name="{encryption-scope-name}",
    require_infrastructure_encryption=True,
    resource_group_name="resource-group-name")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
    accountName: "{storage-account-name}",
    encryptionScopeName: "{encryption-scope-name}",
    requireInfrastructureEncryption: true,
    resourceGroupName: "resource-group-name",
});
resources:
  encryptionScope:
    type: azure-native:storage:EncryptionScope
    properties:
      accountName: '{storage-account-name}'
      encryptionScopeName: '{encryption-scope-name}'
      requireInfrastructureEncryption: true
      resourceGroupName: resource-group-name

Create a EncryptionScope Resource

new EncryptionScope(name: string, args: EncryptionScopeArgs, opts?: CustomResourceOptions);
@overload
def EncryptionScope(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    account_name: Optional[str] = None,
                    encryption_scope_name: Optional[str] = None,
                    key_vault_properties: Optional[EncryptionScopeKeyVaultPropertiesArgs] = None,
                    require_infrastructure_encryption: Optional[bool] = None,
                    resource_group_name: Optional[str] = None,
                    source: Optional[Union[str, EncryptionScopeSource]] = None,
                    state: Optional[Union[str, EncryptionScopeState]] = None)
@overload
def EncryptionScope(resource_name: str,
                    args: EncryptionScopeArgs,
                    opts: Optional[ResourceOptions] = None)
func NewEncryptionScope(ctx *Context, name string, args EncryptionScopeArgs, opts ...ResourceOption) (*EncryptionScope, error)
public EncryptionScope(string name, EncryptionScopeArgs args, CustomResourceOptions? opts = null)
public EncryptionScope(String name, EncryptionScopeArgs args)
public EncryptionScope(String name, EncryptionScopeArgs args, CustomResourceOptions options)
type: azure-native:storage:EncryptionScope
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args EncryptionScopeArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args EncryptionScopeArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args EncryptionScopeArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args EncryptionScopeArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args EncryptionScopeArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

EncryptionScope Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The EncryptionScope resource accepts the following input properties:

AccountName string

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

ResourceGroupName string

The name of the resource group within the user's subscription. The name is case insensitive.

EncryptionScopeName string

The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.

KeyVaultProperties Pulumi.AzureNative.Storage.Inputs.EncryptionScopeKeyVaultPropertiesArgs

The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.

RequireInfrastructureEncryption bool

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

Source string | Pulumi.AzureNative.Storage.EncryptionScopeSource

The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.

State string | Pulumi.AzureNative.Storage.EncryptionScopeState

The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

AccountName string

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

ResourceGroupName string

The name of the resource group within the user's subscription. The name is case insensitive.

EncryptionScopeName string

The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.

KeyVaultProperties EncryptionScopeKeyVaultPropertiesArgs

The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.

RequireInfrastructureEncryption bool

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

Source string | EncryptionScopeSource

The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.

State string | EncryptionScopeStateEnum

The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

accountName String

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

resourceGroupName String

The name of the resource group within the user's subscription. The name is case insensitive.

encryptionScopeName String

The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.

keyVaultProperties EncryptionScopeKeyVaultPropertiesArgs

The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.

requireInfrastructureEncryption Boolean

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

source String | EncryptionScopeSource

The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.

state String | EncryptionScopeState

The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

accountName string

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

resourceGroupName string

The name of the resource group within the user's subscription. The name is case insensitive.

encryptionScopeName string

The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.

keyVaultProperties EncryptionScopeKeyVaultPropertiesArgs

The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.

requireInfrastructureEncryption boolean

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

source string | EncryptionScopeSource

The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.

state string | EncryptionScopeState

The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

account_name str

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

resource_group_name str

The name of the resource group within the user's subscription. The name is case insensitive.

encryption_scope_name str

The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.

key_vault_properties EncryptionScopeKeyVaultPropertiesArgs

The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.

require_infrastructure_encryption bool

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

source str | EncryptionScopeSource

The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.

state str | EncryptionScopeState

The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

accountName String

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

resourceGroupName String

The name of the resource group within the user's subscription. The name is case insensitive.

encryptionScopeName String

The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.

keyVaultProperties Property Map

The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.

requireInfrastructureEncryption Boolean

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

source String | "Microsoft.Storage" | "Microsoft.KeyVault"

The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.

state String | "Enabled" | "Disabled"

The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.

Outputs

All input properties are implicitly available as output properties. Additionally, the EncryptionScope resource produces the following output properties:

CreationTime string

Gets the creation date and time of the encryption scope in UTC.

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedTime string

Gets the last modification date and time of the encryption scope in UTC.

Name string

The name of the resource

Type string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

CreationTime string

Gets the creation date and time of the encryption scope in UTC.

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedTime string

Gets the last modification date and time of the encryption scope in UTC.

Name string

The name of the resource

Type string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

creationTime String

Gets the creation date and time of the encryption scope in UTC.

id String

The provider-assigned unique ID for this managed resource.

lastModifiedTime String

Gets the last modification date and time of the encryption scope in UTC.

name String

The name of the resource

type String

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

creationTime string

Gets the creation date and time of the encryption scope in UTC.

id string

The provider-assigned unique ID for this managed resource.

lastModifiedTime string

Gets the last modification date and time of the encryption scope in UTC.

name string

The name of the resource

type string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

creation_time str

Gets the creation date and time of the encryption scope in UTC.

id str

The provider-assigned unique ID for this managed resource.

last_modified_time str

Gets the last modification date and time of the encryption scope in UTC.

name str

The name of the resource

type str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

creationTime String

Gets the creation date and time of the encryption scope in UTC.

id String

The provider-assigned unique ID for this managed resource.

lastModifiedTime String

Gets the last modification date and time of the encryption scope in UTC.

name String

The name of the resource

type String

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Supporting Types

EncryptionScopeKeyVaultProperties

KeyUri string

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

KeyUri string

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

keyUri String

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

keyUri string

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

key_uri str

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

keyUri String

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

EncryptionScopeKeyVaultPropertiesResponse

CurrentVersionedKeyIdentifier string

The object identifier of the current versioned Key Vault Key in use.

LastKeyRotationTimestamp string

Timestamp of last rotation of the Key Vault Key.

KeyUri string

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

CurrentVersionedKeyIdentifier string

The object identifier of the current versioned Key Vault Key in use.

LastKeyRotationTimestamp string

Timestamp of last rotation of the Key Vault Key.

KeyUri string

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

currentVersionedKeyIdentifier String

The object identifier of the current versioned Key Vault Key in use.

lastKeyRotationTimestamp String

Timestamp of last rotation of the Key Vault Key.

keyUri String

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

currentVersionedKeyIdentifier string

The object identifier of the current versioned Key Vault Key in use.

lastKeyRotationTimestamp string

Timestamp of last rotation of the Key Vault Key.

keyUri string

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

current_versioned_key_identifier str

The object identifier of the current versioned Key Vault Key in use.

last_key_rotation_timestamp str

Timestamp of last rotation of the Key Vault Key.

key_uri str

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

currentVersionedKeyIdentifier String

The object identifier of the current versioned Key Vault Key in use.

lastKeyRotationTimestamp String

Timestamp of last rotation of the Key Vault Key.

keyUri String

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

EncryptionScopeSource

Microsoft_Storage
Microsoft.Storage
Microsoft_KeyVault
Microsoft.KeyVault
EncryptionScopeSource_Microsoft_Storage
Microsoft.Storage
EncryptionScopeSource_Microsoft_KeyVault
Microsoft.KeyVault
Microsoft_Storage
Microsoft.Storage
Microsoft_KeyVault
Microsoft.KeyVault
Microsoft_Storage
Microsoft.Storage
Microsoft_KeyVault
Microsoft.KeyVault
MICROSOFT_STORAGE
Microsoft.Storage
MICROSOFT_KEY_VAULT
Microsoft.KeyVault
"Microsoft.Storage"
Microsoft.Storage
"Microsoft.KeyVault"
Microsoft.KeyVault

EncryptionScopeState

Enabled
Enabled
Disabled
Disabled
EncryptionScopeStateEnabled
Enabled
EncryptionScopeStateDisabled
Disabled
Enabled
Enabled
Disabled
Disabled
Enabled
Enabled
Disabled
Disabled
ENABLED
Enabled
DISABLED
Disabled
"Enabled"
Enabled
"Disabled"
Disabled

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:storage:EncryptionScope {encryption-scope-name} /subscriptions/{subscription-id}/resourceGroups/resource-group-name/providers/Microsoft.Storage/storageAccounts/{storage-account-name}/encryptionScopes/{encryption-scope-name} 

Package Details

Repository
https://github.com/pulumi/pulumi-azure-native
License
Apache-2.0