Edit

Update-AzStorageEncryptionScope

  • Reference
Module:
Az.Storage

Modify an encryption scope for a Storage account.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Update-AzStorageEncryptionScope
      [-ResourceGroupName] <String>
      [-StorageAccountName] <String>
      -EncryptionScopeName <String>
      [-StorageEncryption]
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzStorageEncryptionScope
      [-ResourceGroupName] <String>
      [-StorageAccountName] <String>
      -EncryptionScopeName <String>
      [-KeyvaultEncryption]
      -KeyUri <String>
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzStorageEncryptionScope
      -StorageAccount <PSStorageAccount>
      -EncryptionScopeName <String>
      [-StorageEncryption]
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzStorageEncryptionScope
      -StorageAccount <PSStorageAccount>
      -EncryptionScopeName <String>
      [-KeyvaultEncryption]
      -KeyUri <String>
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzStorageEncryptionScope
      -InputObject <PSEncryptionScope>
      [-StorageEncryption]
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzStorageEncryptionScope
      -InputObject <PSEncryptionScope>
      [-KeyvaultEncryption]
      -KeyUri <String>
      [-State <String>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Update-AzStorageEncryptionScope cmdlet modifies an encryption scope for a Storage account.

Examples

Example 1: Disable an encryption scope

PS C:\> Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -State Disabled 

   ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                         
----      -----    ------            -------------- -------------------------------                                         
testscope Disabled Microsoft.Storage

This command disables an encryption scope.

Example 2: Enable an encryption scope

PS C:\> Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -State Enabled 

   ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                                                           
----      -----    ------            -------------- -------------------------------                                                                          
testscope Enabled  Microsoft.Storage

This command enables an encryption scope.

Example 3: Update an encryption scope to use Storage Encryption

PS C:\> Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount"  -EncryptionScopeName testscope -StorageEncryption

   ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source            KeyVaultKeyUri RequireInfrastructureEncryption                                          
----      -----    ------            -------------- -------------------------------                                         
testscope Enabled  Microsoft.Storage

This command updates an encryption scope to use Storage Encryption.

Example 4: Update an encryption scope to use Keyvault Encryption

PS C:\> Update-AzStorageEncryptionScope -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" -EncryptionScopeName testscope -KeyvaultEncryption -KeyUri "https://keyvalutname.vault.azure.net:443/keys/keyname/34a0ba563b4243d9a0ef2b1d3c0c7d57"

   ResourceGroupName: myresourcegroup, StorageAccountName: mystorageaccount

Name      State    Source             KeyVaultKeyUri                                                                          RequireInfrastructureEncryption 
----      -----    ------             --------------                                                                          -------------------------------
testscope Enabled  Microsoft.Keyvault https://keyvalutname.vault.azure.net:443/keys/keyname/34a0ba563b4243d9a0ef2b1d3c0c7d57

This command updtaes an encryption scope to use Keyvault Encryption. The Storage account Identity need have get,wrapkey,unwrapkey permissions to the keyvault key.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EncryptionScopeName

Azure Storage EncryptionScope name

Type:String
Aliases:Name
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputObject

EncryptionScope object

Type:PSEncryptionScope
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-KeyUri

The key Uri

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyvaultEncryption

Create encryption scope with keySource as Microsoft.Keyvault

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceGroupName

Resource Group Name.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-State

Update encryption scope State, Possible values include: 'Enabled', 'Disabled'.

Type:String
Accepted values:Enabled, Disabled
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StorageAccount

Storage account object

Type:PSStorageAccount
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-StorageAccountName

Storage Account Name.

Type:String
Aliases:AccountName
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StorageEncryption

Create encryption scope with keySource as Microsoft.Storage.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSStorageAccount

Outputs

PSEncryptionScope