question

RSaw-3347 avatar image
0 Votes"
RSaw-3347 asked RSaw-3347 commented

How to convert azure secret value to bitlocker key for disk.

Hi,

I have a data disk of my windows VM with ADE encryption, which I'm looking to attach to a new VM when I try to open the disk it's asking for a BitLocker password which I'm not able to convert, I have the secret value, looking forward to a possible solution where I can convert my secret value to BitLocker key.

Most of my client VMs are windows based and we have enabled ADE for the same and in the future, we look to the attached possible data disks, the bottleneck here is to convert the secret values to BitLocker key.

Request to guide me, where we can convert these secret values to BitLocker keys.

Thanks,

azure-storage-accountsazure-disk-storage
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered RSaw-3347 commented

@RSaw-3347 Welcome to Microsoft Q&A, Thank you for posting your query here!

It's not possible to convert the secret values into a bit-locker key, so if you have a DATA disks encrypted in the VM A and then you want to move the DATA disk to a VM B, you cannot just move the DATA disk because is already encrypted . if you want to move the DATA disk to other VM, so you need to decrypt it first but also it's not possible with ADE decrypt a particular DATA disk, So you need to disable ADE in the whole VM and detach the disk and then encrypt it again

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Sumarigo-MSFT

Thanks for the update, I understand that we cant move vm1 data to vm2 which is already encrypted, to overcome this bottleneck we have now doing the below thing:

Once VM is ADE we collect the BIT locker recovery key for that VM and also get the BEK files from the hidden drive attached, later we save it to a secure location mapping the VM and disk name for future use.

Regards;

0 Votes 0 ·