Microsoft.Storage storageAccounts/encryptionScopes template reference

Template format

To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following JSON to the resources section of your template.

  "name": "string",
  "type": "Microsoft.Storage/storageAccounts/encryptionScopes",
  "apiVersion": "2019-06-01",
  "properties": {
    "source": "string",
    "state": "string",
    "keyVaultProperties": {
      "keyUri": "string"

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Storage/storageAccounts/encryptionScopes object

Name Type Required Value
name string Yes The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
type enum Yes encryptionScopes

See Set name and type for child resources.
apiVersion enum Yes 2019-06-01
properties object Yes Properties of the encryption scope. - EncryptionScopeProperties object

EncryptionScopeProperties object

Name Type Required Value
source enum No The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. - Microsoft.Storage or Microsoft.KeyVault
state enum No The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. - Enabled or Disabled
keyVaultProperties object No The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. - EncryptionScopeKeyVaultProperties object

EncryptionScopeKeyVaultProperties object

Name Type Required Value
keyUri string No The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.