Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
az disk-encryption-set
Disk Encryption Set resource.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az disk-encryption-set create |
Create a disk encryption set. |
Core | GA |
| az disk-encryption-set delete |
Delete a disk encryption set. |
Core | GA |
| az disk-encryption-set identity |
Manage identities of a disk encryption set. |
Core | GA |
| az disk-encryption-set identity assign |
Add managed identities to an existing disk encryption set. |
Core | GA |
| az disk-encryption-set identity remove |
Remove managed identities from an existing disk encryption set. |
Core | GA |
| az disk-encryption-set identity show |
Display managed identities of a disk encryption set. |
Core | GA |
| az disk-encryption-set list |
List disk encryption sets. |
Core | GA |
| az disk-encryption-set list-associated-resources |
List all resources that are encrypted with this disk encryption set. |
Core | GA |
| az disk-encryption-set show |
Get information about a disk encryption set. |
Core | GA |
| az disk-encryption-set update |
Update a disk encryption set. |
Core | GA |
| az disk-encryption-set wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az disk-encryption-set create
Create a disk encryption set.
az disk-encryption-set create --disk-encryption-set-name --name
--key-url
--resource-group
[--acquire-policy-token]
[--auto-rotation --enable-auto-key-rotation {0, 1, f, false, n, no, t, true, y, yes}]
[--change-reference]
[--encryption-type {ConfidentialVmEncryptedWithCustomerKey, EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys}]
[--federated-client-id]
[--location]
[--mi-system-assigned {0, 1, f, false, n, no, t, true, y, yes}]
[--mi-user-assigned]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--source-vault]
[--tags]Examples
Create a disk encryption set
az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVaultCreate a disk encryption set with a system assigned identity.
az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --mi-system-assignedCreate a disk encryption set with a user assigned identity.
az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --mi-user-assigned myAssignedIdCreate a disk encryption set with system assigned identity and a user assigned identity.
az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --mi-system-assigned --mi-user-assigned myAssignedIdCreate a disk encryption set with multi-tenant application client id to access key vault in a different tenant.
az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --federated-client-id myFederatedClientIdCreate a disk encryption set.
az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --source-vault MyVault --encryption-type EncryptionAtRestWithPlatformAndCustomerKeysRequired Parameters
Name of disk encryption set.
URL pointing to a key or secret in KeyVault.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Enable automatic rotation of keys.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The type of key used to encrypt the data of the disk. EncryptionAtRestWithCustomerKey: Disk is encrypted at rest with Customer managed key that can be changed and revoked by a customer. EncryptionAtRestWithPlatformAndCustomerKeys: Disk is encrypted at rest with 2 layers of encryption. One of the keys is Customer managed and the other key is Platform managed. ConfidentialVmEncryptedWithCustomerKey: An additional encryption type accepted for confidential VM. Disk is encrypted at rest with Customer managed key.
| Property | Value |
|---|---|
| Accepted values: | ConfidentialVmEncryptedWithCustomerKey, EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys |
The federated client id used in cross tenant scenario.
Resource location When not specified, the location of the resource group will be used.
Provide this flag to use system assigned identity.
| Property | Value |
|---|---|
| Parameter group: | Managed Identity Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space separated resource IDs to add user-assigned identities. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Managed Identity Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of the KeyVault containing the key or secret.
Resource tags Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
az disk-encryption-set delete
Delete a disk encryption set.
az disk-encryption-set delete [--acquire-policy-token]
[--change-reference]
[--disk-encryption-set-name --name]
[--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Delete a disk encryption set.
az disk-encryption-set delete --name MyDiskEncryptionSet --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Name of disk encryption set.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
az disk-encryption-set list
List disk encryption sets.
az disk-encryption-set list [--max-items]
[--next-token]
[--resource-group]Examples
List all disk encryption sets in a subscription.
az disk-encryption-set listList all disk encryption sets in a resource group.
az disk-encryption-set list --resource-group myResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
az disk-encryption-set list-associated-resources
List all resources that are encrypted with this disk encryption set.
az disk-encryption-set list-associated-resources --disk-encryption-set-name --name
--resource-group
[--acquire-policy-token]
[--change-reference]
[--max-items]
[--next-token]Examples
List all resources that are encrypted with a disk encryption set.
az disk-encryption-set list-associated-resources --resource-group myResourceGroup --disk-encryption-set-name myDiskEncryptionSetRequired Parameters
Name of disk encryption set.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
az disk-encryption-set show
Get information about a disk encryption set.
az disk-encryption-set show [--disk-encryption-set-name --name]
[--ids]
[--resource-group]
[--subscription]Examples
Get information of a disk encryption sets
az disk-encryption-set show --name MyDiskEncryptionSet --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of disk encryption set.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
az disk-encryption-set update
Update a disk encryption set.
az disk-encryption-set update [--acquire-policy-token]
[--add]
[--auto-rotation --enable-auto-key-rotation {0, 1, f, false, n, no, t, true, y, yes}]
[--change-reference]
[--disk-encryption-set-name --name]
[--federated-client-id]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--key-url]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--set]
[--source-vault]
[--subscription]Examples
Update a disk encryption set.
az disk-encryption-set update --name MyDiskEncryptionSet --resource-group MyResourceGroup --key-url MyKey --source-vault MyVaultUpdate multi-tenant application client id of a disk encryption set.
az disk-encryption-set update --name MyDiskEncryptionSet --resource-group MyResourceGroup --key-url MyKey --source-vault MyVault --federated-client-id myFederatedClientIdClear multi-tenant application client id of a disk encryption set.
az disk-encryption-set update --name MyDiskEncryptionSet --resource-group MyResourceGroup --key-url MyKey --source-vault MyVault --federated-client-id NoneOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Enable automatic rotation of keys.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Name of disk encryption set.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The federated client id used in cross tenant scenario.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
URL pointing to a key or secret in KeyVault.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name or ID of the KeyVault containing the key or secret.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
az disk-encryption-set wait
Place the CLI in a waiting state until a condition is met.
az disk-encryption-set wait [--acquire-policy-token]
[--change-reference]
[--created]
[--custom]
[--deleted]
[--disk-encryption-set-name --name]
[--exists]
[--ids]
[--interval]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Name of disk encryption set.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Feedback
Was this page helpful?