Set-AzDiskKeyEncryptionKey

Reference

Module:: Az.Compute

Sets the key encryption key properties on a disk object.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Set-AzDiskKeyEncryptionKey
   [-Disk] <PSDisk>
   [[-KeyUrl] <String>]
   [[-SourceVaultId] <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzDiskKeyEncryptionKey cmdlet sets the key encryption key properties on a disk object.

Examples

Example 1

$diskconfig = New-AzDiskConfig -Location 'Central US' -DiskSizeGB 5 -SkuName StandardLRS -OsType Windows -CreateOption Empty -EncryptionSettingsEnabled $true;
$secretUrl = https://myvault.vault-int.azure-int.net/secrets/123/;
$secretId = '/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup01/providers/Microsoft.KeyVault/vaults/TestVault123';
$keyUrl = https://myvault.vault-int.azure-int.net/keys/456;
$keyId = '/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup01/providers/Microsoft.KeyVault/vaults/TestVault456';
$diskconfig = Set-AzDiskDiskEncryptionKey -Disk $diskconfig -SecretUrl $secretUrl -SourceVaultId $secretId;
$diskconfig = Set-AzDiskKeyEncryptionKey -Disk $diskconfig -KeyUrl $keyUrl -SourceVaultId $keyId;
$diskconfig.EncryptionSettingsCollection.EncryptionSettingsVersion = '1.1';
New-AzDisk -ResourceGroupName 'ResourceGroup01' -DiskName 'Disk01' -Disk $diskconfig;

The first command creates a local empty disk object with size 5GB in Standard_LRS storage account type. It also sets Windows OS type and enables encryption settings. The second and third commands set the disk encryption key and key encryption key settings for the disk object. The last command takes the disk object and creates a disk with name 'Disk01' in resource group 'ResourceGroup01'.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Disk

Specifies a local disk object.

Type:	PSDisk
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-KeyUrl

Specifies the key Url.

Type:	String
Position:	1
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-SourceVaultId

Specifies the source vault ID.

Type:	String
Position:	2
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

PSDisk

String

Outputs

PSDisk