Encrypt a Linux virtual machine in Azure
This script creates a secure Azure Key Vault, encryption keys, Azure Active Directory service principal, and a Linux virtual machine (VM). The VM is then encrypted using the encryption key from Key Vault and service principal credentials.
To run this sample, install the latest version of the Azure CLI. To start, run az login to create a connection with Azure.
Samples for the Azure CLI are written for the bash shell. To run this sample in Windows PowerShell or Command Prompt, you may need to change
elements of the script.
If you don't have an Azure subscription, create a free account before you begin.
Clean up deployment
Run the following command to remove the resource group, VM, and all related resources.
az group delete --name myResourceGroup
Script explanation
This script uses the following commands to create a resource group, Azure Key Vault, service principal, virtual machine, and all related resources. Each command in the table links to command specific documentation.
| Command | Notes |
|---|---|
| az group create | Creates a resource group in which all resources are stored. |
| az keyvault create | Creates an Azure Key Vault to store secure data such as encryption keys. |
| az keyvault key create | Creates an encryption key in Key Vault. |
| az ad sp create-for-rbac | Creates an Azure Active Directory service principal to securely authenticate and control access to encryption keys. |
| az keyvault set-policy | Sets permissions on the Key Vault to grant the service principal access to encryption keys. |
| az vm create | Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. This command also specifies the virtual machine image to be used, and administrative credentials. |
| az vm encryption enable | Enables encryption on a VM using the service principal credentials and encryption key. |
| az vm encryption show | Shows the status of the VM encryption process. |
| az group delete | Deletes a resource group including all nested resources. |
Next steps
For more information on the Azure CLI, see Azure CLI documentation.
Additional virtual machine CLI script samples can be found in the Azure Linux VM documentation.