Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Azure Native
  3. API Docs
  4. compute
  5. DiskEncryptionSet
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi
pulumi/pulumi-azure-native

azure-native.compute.DiskEncryptionSet

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi
pulumi/pulumi-azure-native

disk encryption set resource.

Uses Azure REST API version 2024-03-02. In version 2.x of the Azure Native provider, it used API version 2022-07-02.

Other available API versions: 2022-07-02, 2023-01-02, 2023-04-02, 2023-10-02. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native compute [ApiVersion]. See the version guide for details.

Example Usage

Create a disk encryption set with key vault from a different subscription.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
    {
        ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
        {
            KeyUrl = "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
        },
        DiskEncryptionSetName = "myDiskEncryptionSet",
        EncryptionType = AzureNative.Compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
        Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
        {
            Type = AzureNative.Compute.DiskEncryptionSetIdentityType.SystemAssigned,
        },
        Location = "West US",
        ResourceGroupName = "myResourceGroup",
    });

});
Copy
package main

import (
	compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
			ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
				KeyUrl: pulumi.String("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}"),
			},
			DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
			EncryptionType:        pulumi.String(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
			Identity: &compute.EncryptionSetIdentityArgs{
				Type: pulumi.String(compute.DiskEncryptionSetIdentityTypeSystemAssigned),
			},
			Location:          pulumi.String("West US"),
			ResourceGroupName: pulumi.String("myResourceGroup"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.KeyForDiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.EncryptionSetIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
            .activeKey(KeyForDiskEncryptionSetArgs.builder()
                .keyUrl("https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}")
                .build())
            .diskEncryptionSetName("myDiskEncryptionSet")
            .encryptionType("EncryptionAtRestWithCustomerKey")
            .identity(EncryptionSetIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .location("West US")
            .resourceGroupName("myResourceGroup")
            .build());

    }
}
Copy
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
    activeKey: {
        keyUrl: "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
    },
    diskEncryptionSetName: "myDiskEncryptionSet",
    encryptionType: azure_native.compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    identity: {
        type: azure_native.compute.DiskEncryptionSetIdentityType.SystemAssigned,
    },
    location: "West US",
    resourceGroupName: "myResourceGroup",
});
Copy
import pulumi
import pulumi_azure_native as azure_native

disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
    active_key={
        "key_url": "https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}",
    },
    disk_encryption_set_name="myDiskEncryptionSet",
    encryption_type=azure_native.compute.DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY,
    identity={
        "type": azure_native.compute.DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED,
    },
    location="West US",
    resource_group_name="myResourceGroup")
Copy
resources:
  diskEncryptionSet:
    type: azure-native:compute:DiskEncryptionSet
    properties:
      activeKey:
        keyUrl: https://myvaultdifferentsub.vault-int.azure-int.net/keys/{key}
      diskEncryptionSetName: myDiskEncryptionSet
      encryptionType: EncryptionAtRestWithCustomerKey
      identity:
        type: SystemAssigned
      location: West US
      resourceGroupName: myResourceGroup
Copy

Create a disk encryption set.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var diskEncryptionSet = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSet", new()
    {
        ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
        {
            KeyUrl = "https://myvmvault.vault-int.azure-int.net/keys/{key}",
            SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
            {
                Id = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
            },
        },
        DiskEncryptionSetName = "myDiskEncryptionSet",
        EncryptionType = AzureNative.Compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
        Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
        {
            Type = AzureNative.Compute.DiskEncryptionSetIdentityType.SystemAssigned,
        },
        Location = "West US",
        ResourceGroupName = "myResourceGroup",
    });

});
Copy
package main

import (
	compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSet", &compute.DiskEncryptionSetArgs{
			ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
				KeyUrl: pulumi.String("https://myvmvault.vault-int.azure-int.net/keys/{key}"),
				SourceVault: &compute.SourceVaultArgs{
					Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault"),
				},
			},
			DiskEncryptionSetName: pulumi.String("myDiskEncryptionSet"),
			EncryptionType:        pulumi.String(compute.DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey),
			Identity: &compute.EncryptionSetIdentityArgs{
				Type: pulumi.String(compute.DiskEncryptionSetIdentityTypeSystemAssigned),
			},
			Location:          pulumi.String("West US"),
			ResourceGroupName: pulumi.String("myResourceGroup"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.DiskEncryptionSet;
import com.pulumi.azurenative.compute.DiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.KeyForDiskEncryptionSetArgs;
import com.pulumi.azurenative.compute.inputs.SourceVaultArgs;
import com.pulumi.azurenative.compute.inputs.EncryptionSetIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var diskEncryptionSet = new DiskEncryptionSet("diskEncryptionSet", DiskEncryptionSetArgs.builder()
            .activeKey(KeyForDiskEncryptionSetArgs.builder()
                .keyUrl("https://myvmvault.vault-int.azure-int.net/keys/{key}")
                .sourceVault(SourceVaultArgs.builder()
                    .id("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault")
                    .build())
                .build())
            .diskEncryptionSetName("myDiskEncryptionSet")
            .encryptionType("EncryptionAtRestWithCustomerKey")
            .identity(EncryptionSetIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .location("West US")
            .resourceGroupName("myResourceGroup")
            .build());

    }
}
Copy
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const diskEncryptionSet = new azure_native.compute.DiskEncryptionSet("diskEncryptionSet", {
    activeKey: {
        keyUrl: "https://myvmvault.vault-int.azure-int.net/keys/{key}",
        sourceVault: {
            id: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
        },
    },
    diskEncryptionSetName: "myDiskEncryptionSet",
    encryptionType: azure_native.compute.DiskEncryptionSetType.EncryptionAtRestWithCustomerKey,
    identity: {
        type: azure_native.compute.DiskEncryptionSetIdentityType.SystemAssigned,
    },
    location: "West US",
    resourceGroupName: "myResourceGroup",
});
Copy
import pulumi
import pulumi_azure_native as azure_native

disk_encryption_set = azure_native.compute.DiskEncryptionSet("diskEncryptionSet",
    active_key={
        "key_url": "https://myvmvault.vault-int.azure-int.net/keys/{key}",
        "source_vault": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault",
        },
    },
    disk_encryption_set_name="myDiskEncryptionSet",
    encryption_type=azure_native.compute.DiskEncryptionSetType.ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY,
    identity={
        "type": azure_native.compute.DiskEncryptionSetIdentityType.SYSTEM_ASSIGNED,
    },
    location="West US",
    resource_group_name="myResourceGroup")
Copy
resources:
  diskEncryptionSet:
    type: azure-native:compute:DiskEncryptionSet
    properties:
      activeKey:
        keyUrl: https://myvmvault.vault-int.azure-int.net/keys/{key}
        sourceVault:
          id: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVMVault
      diskEncryptionSetName: myDiskEncryptionSet
      encryptionType: EncryptionAtRestWithCustomerKey
      identity:
        type: SystemAssigned
      location: West US
      resourceGroupName: myResourceGroup
Copy

Create DiskEncryptionSet Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new DiskEncryptionSet(name: string, args: DiskEncryptionSetArgs, opts?: CustomResourceOptions);
@overload
def DiskEncryptionSet(resource_name: str,
                      args: DiskEncryptionSetArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def DiskEncryptionSet(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      resource_group_name: Optional[str] = None,
                      active_key: Optional[KeyForDiskEncryptionSetArgs] = None,
                      disk_encryption_set_name: Optional[str] = None,
                      encryption_type: Optional[Union[str, DiskEncryptionSetType]] = None,
                      federated_client_id: Optional[str] = None,
                      identity: Optional[EncryptionSetIdentityArgs] = None,
                      location: Optional[str] = None,
                      rotation_to_latest_key_version_enabled: Optional[bool] = None,
                      tags: Optional[Mapping[str, str]] = None)
func NewDiskEncryptionSet(ctx *Context, name string, args DiskEncryptionSetArgs, opts ...ResourceOption) (*DiskEncryptionSet, error)
public DiskEncryptionSet(string name, DiskEncryptionSetArgs args, CustomResourceOptions? opts = null)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args)
public DiskEncryptionSet(String name, DiskEncryptionSetArgs args, CustomResourceOptions options)

type: azure-native:compute:DiskEncryptionSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. DiskEncryptionSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. DiskEncryptionSetArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. DiskEncryptionSetArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. DiskEncryptionSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. DiskEncryptionSetArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var diskEncryptionSetResource = new AzureNative.Compute.DiskEncryptionSet("diskEncryptionSetResource", new()
{
    ResourceGroupName = "string",
    ActiveKey = new AzureNative.Compute.Inputs.KeyForDiskEncryptionSetArgs
    {
        KeyUrl = "string",
        SourceVault = new AzureNative.Compute.Inputs.SourceVaultArgs
        {
            Id = "string",
        },
    },
    DiskEncryptionSetName = "string",
    EncryptionType = "string",
    FederatedClientId = "string",
    Identity = new AzureNative.Compute.Inputs.EncryptionSetIdentityArgs
    {
        Type = "string",
        UserAssignedIdentities = new[]
        {
            "string",
        },
    },
    Location = "string",
    RotationToLatestKeyVersionEnabled = false,
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := compute.NewDiskEncryptionSet(ctx, "diskEncryptionSetResource", &compute.DiskEncryptionSetArgs{
	ResourceGroupName: pulumi.String("string"),
	ActiveKey: &compute.KeyForDiskEncryptionSetArgs{
		KeyUrl: pulumi.String("string"),
		SourceVault: &compute.SourceVaultArgs{
			Id: pulumi.String("string"),
		},
	},
	DiskEncryptionSetName: pulumi.String("string"),
	EncryptionType:        pulumi.String("string"),
	FederatedClientId:     pulumi.String("string"),
	Identity: &compute.EncryptionSetIdentityArgs{
		Type: pulumi.String("string"),
		UserAssignedIdentities: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Location:                          pulumi.String("string"),
	RotationToLatestKeyVersionEnabled: pulumi.Bool(false),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var diskEncryptionSetResource = new DiskEncryptionSet("diskEncryptionSetResource", DiskEncryptionSetArgs.builder()
    .resourceGroupName("string")
    .activeKey(KeyForDiskEncryptionSetArgs.builder()
        .keyUrl("string")
        .sourceVault(SourceVaultArgs.builder()
            .id("string")
            .build())
        .build())
    .diskEncryptionSetName("string")
    .encryptionType("string")
    .federatedClientId("string")
    .identity(EncryptionSetIdentityArgs.builder()
        .type("string")
        .userAssignedIdentities("string")
        .build())
    .location("string")
    .rotationToLatestKeyVersionEnabled(false)
    .tags(Map.of("string", "string"))
    .build());
Copy
disk_encryption_set_resource = azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource",
    resource_group_name="string",
    active_key={
        "key_url": "string",
        "source_vault": {
            "id": "string",
        },
    },
    disk_encryption_set_name="string",
    encryption_type="string",
    federated_client_id="string",
    identity={
        "type": "string",
        "user_assigned_identities": ["string"],
    },
    location="string",
    rotation_to_latest_key_version_enabled=False,
    tags={
        "string": "string",
    })
Copy
const diskEncryptionSetResource = new azure_native.compute.DiskEncryptionSet("diskEncryptionSetResource", {
    resourceGroupName: "string",
    activeKey: {
        keyUrl: "string",
        sourceVault: {
            id: "string",
        },
    },
    diskEncryptionSetName: "string",
    encryptionType: "string",
    federatedClientId: "string",
    identity: {
        type: "string",
        userAssignedIdentities: ["string"],
    },
    location: "string",
    rotationToLatestKeyVersionEnabled: false,
    tags: {
        string: "string",
    },
});
Copy
type: azure-native:compute:DiskEncryptionSet
properties:
    activeKey:
        keyUrl: string
        sourceVault:
            id: string
    diskEncryptionSetName: string
    encryptionType: string
    federatedClientId: string
    identity:
        type: string
        userAssignedIdentities:
            - string
    location: string
    resourceGroupName: string
    rotationToLatestKeyVersionEnabled: false
    tags:
        string: string
Copy

DiskEncryptionSet Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DiskEncryptionSet resource accepts the following input properties:

ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group.
ActiveKey Pulumi.AzureNative.Compute.Inputs.KeyForDiskEncryptionSet
The key vault key which is currently used by this disk encryption set.
DiskEncryptionSetName Changes to this property will trigger replacement. string
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
EncryptionType string | Pulumi.AzureNative.Compute.DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
FederatedClientId string
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
Identity Pulumi.AzureNative.Compute.Inputs.EncryptionSetIdentity
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
Location string
Resource location
RotationToLatestKeyVersionEnabled bool
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
Tags Dictionary<string, string>
Resource tags
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group.
ActiveKey KeyForDiskEncryptionSetArgs
The key vault key which is currently used by this disk encryption set.
DiskEncryptionSetName Changes to this property will trigger replacement. string
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
EncryptionType string | DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
FederatedClientId string
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
Identity EncryptionSetIdentityArgs
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
Location string
Resource location
RotationToLatestKeyVersionEnabled bool
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
Tags map[string]string
Resource tags
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group.
activeKey KeyForDiskEncryptionSet
The key vault key which is currently used by this disk encryption set.
diskEncryptionSetName Changes to this property will trigger replacement. String
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
encryptionType String | DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
federatedClientId String
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
identity EncryptionSetIdentity
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
location String
Resource location
rotationToLatestKeyVersionEnabled Boolean
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
tags Map<String,String>
Resource tags
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group.
activeKey KeyForDiskEncryptionSet
The key vault key which is currently used by this disk encryption set.
diskEncryptionSetName Changes to this property will trigger replacement. string
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
encryptionType string | DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
federatedClientId string
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
identity EncryptionSetIdentity
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
location string
Resource location
rotationToLatestKeyVersionEnabled boolean
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
tags {[key: string]: string}
Resource tags
resource_group_name
This property is required.
Changes to this property will trigger replacement.
str
The name of the resource group.
active_key KeyForDiskEncryptionSetArgs
The key vault key which is currently used by this disk encryption set.
disk_encryption_set_name Changes to this property will trigger replacement. str
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
encryption_type str | DiskEncryptionSetType
The type of key used to encrypt the data of the disk.
federated_client_id str
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
identity EncryptionSetIdentityArgs
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
location str
Resource location
rotation_to_latest_key_version_enabled bool
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
tags Mapping[str, str]
Resource tags
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group.
activeKey Property Map
The key vault key which is currently used by this disk encryption set.
diskEncryptionSetName Changes to this property will trigger replacement. String
The name of the disk encryption set that is being created. The name can't be changed after the disk encryption set is created. Supported characters for the name are a-z, A-Z, 0-9, _ and -. The maximum name length is 80 characters.
encryptionType String | "EncryptionAtRestWithCustomerKey" | "EncryptionAtRestWithPlatformAndCustomerKeys" | "ConfidentialVmEncryptedWithCustomerKey"
The type of key used to encrypt the data of the disk.
federatedClientId String
Multi-tenant application client id to access key vault in a different tenant. Setting the value to 'None' will clear the property.
identity Property Map
The managed identity for the disk encryption set. It should be given permission on the key vault before it can be used to encrypt disks.
location String
Resource location
rotationToLatestKeyVersionEnabled Boolean
Set this flag to true to enable auto-updating of this disk encryption set to the latest key version.
tags Map<String>
Resource tags

Outputs

All input properties are implicitly available as output properties. Additionally, the DiskEncryptionSet resource produces the following output properties:

AutoKeyRotationError Pulumi.AzureNative.Compute.Outputs.ApiErrorResponse
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
AzureApiVersion string
The Azure API version of the resource.
Id string
The provider-assigned unique ID for this managed resource.
LastKeyRotationTimestamp string
The time when the active key of this disk encryption set was updated.
Name string
Resource name
PreviousKeys List<Pulumi.AzureNative.Compute.Outputs.KeyForDiskEncryptionSetResponse>
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
ProvisioningState string
The disk encryption set provisioning state.
Type string
Resource type
AutoKeyRotationError ApiErrorResponse
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
AzureApiVersion string
The Azure API version of the resource.
Id string
The provider-assigned unique ID for this managed resource.
LastKeyRotationTimestamp string
The time when the active key of this disk encryption set was updated.
Name string
Resource name
PreviousKeys []KeyForDiskEncryptionSetResponse
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
ProvisioningState string
The disk encryption set provisioning state.
Type string
Resource type
autoKeyRotationError ApiErrorResponse
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
azureApiVersion String
The Azure API version of the resource.
id String
The provider-assigned unique ID for this managed resource.
lastKeyRotationTimestamp String
The time when the active key of this disk encryption set was updated.
name String
Resource name
previousKeys List<KeyForDiskEncryptionSetResponse>
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
provisioningState String
The disk encryption set provisioning state.
type String
Resource type
autoKeyRotationError ApiErrorResponse
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
azureApiVersion string
The Azure API version of the resource.
id string
The provider-assigned unique ID for this managed resource.
lastKeyRotationTimestamp string
The time when the active key of this disk encryption set was updated.
name string
Resource name
previousKeys KeyForDiskEncryptionSetResponse[]
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
provisioningState string
The disk encryption set provisioning state.
type string
Resource type
auto_key_rotation_error ApiErrorResponse
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
azure_api_version str
The Azure API version of the resource.
id str
The provider-assigned unique ID for this managed resource.
last_key_rotation_timestamp str
The time when the active key of this disk encryption set was updated.
name str
Resource name
previous_keys Sequence[KeyForDiskEncryptionSetResponse]
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
provisioning_state str
The disk encryption set provisioning state.
type str
Resource type
autoKeyRotationError Property Map
The error that was encountered during auto-key rotation. If an error is present, then auto-key rotation will not be attempted until the error on this disk encryption set is fixed.
azureApiVersion String
The Azure API version of the resource.
id String
The provider-assigned unique ID for this managed resource.
lastKeyRotationTimestamp String
The time when the active key of this disk encryption set was updated.
name String
Resource name
previousKeys List<Property Map>
A readonly collection of key vault keys previously used by this disk encryption set while a key rotation is in progress. It will be empty if there is no ongoing key rotation.
provisioningState String
The disk encryption set provisioning state.
type String
Resource type

Supporting Types

ApiErrorBaseResponse
, ApiErrorBaseResponseArgs

Code string
The error code.
Message string
The error message.
Target string
The target of the particular error.
Code string
The error code.
Message string
The error message.
Target string
The target of the particular error.
code String
The error code.
message String
The error message.
target String
The target of the particular error.
code string
The error code.
message string
The error message.
target string
The target of the particular error.
code str
The error code.
message str
The error message.
target str
The target of the particular error.
code String
The error code.
message String
The error message.
target String
The target of the particular error.

ApiErrorResponse
, ApiErrorResponseArgs

Code string
The error code.
Details List<Pulumi.AzureNative.Compute.Inputs.ApiErrorBaseResponse>
The Api error details
Innererror Pulumi.AzureNative.Compute.Inputs.InnerErrorResponse
The Api inner error
Message string
The error message.
Target string
The target of the particular error.
Code string
The error code.
Details []ApiErrorBaseResponse
The Api error details
Innererror InnerErrorResponse
The Api inner error
Message string
The error message.
Target string
The target of the particular error.
code String
The error code.
details List<ApiErrorBaseResponse>
The Api error details
innererror InnerErrorResponse
The Api inner error
message String
The error message.
target String
The target of the particular error.
code string
The error code.
details ApiErrorBaseResponse[]
The Api error details
innererror InnerErrorResponse
The Api inner error
message string
The error message.
target string
The target of the particular error.
code str
The error code.
details Sequence[ApiErrorBaseResponse]
The Api error details
innererror InnerErrorResponse
The Api inner error
message str
The error message.
target str
The target of the particular error.
code String
The error code.
details List<Property Map>
The Api error details
innererror Property Map
The Api inner error
message String
The error message.
target String
The target of the particular error.

DiskEncryptionSetIdentityType
, DiskEncryptionSetIdentityTypeArgs

SystemAssigned
SystemAssigned
UserAssigned
UserAssigned
SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
None
None
DiskEncryptionSetIdentityTypeSystemAssigned
SystemAssigned
DiskEncryptionSetIdentityTypeUserAssigned
UserAssigned
DiskEncryptionSetIdentityType_SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
DiskEncryptionSetIdentityTypeNone
None
SystemAssigned
SystemAssigned
UserAssigned
UserAssigned
SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
None
None
SystemAssigned
SystemAssigned
UserAssigned
UserAssigned
SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
None
None
SYSTEM_ASSIGNED
SystemAssigned
USER_ASSIGNED
UserAssigned
SYSTEM_ASSIGNED_USER_ASSIGNED
SystemAssigned, UserAssigned
NONE
None
"SystemAssigned"
SystemAssigned
"UserAssigned"
UserAssigned
"SystemAssigned, UserAssigned"
SystemAssigned, UserAssigned
"None"
None

DiskEncryptionSetType
, DiskEncryptionSetTypeArgs

EncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
EncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
ConfidentialVmEncryptedWithCustomerKey
ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
DiskEncryptionSetTypeEncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
DiskEncryptionSetTypeEncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
DiskEncryptionSetTypeConfidentialVmEncryptedWithCustomerKey
ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
EncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
EncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
ConfidentialVmEncryptedWithCustomerKey
ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
EncryptionAtRestWithCustomerKey
EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
EncryptionAtRestWithPlatformAndCustomerKeys
EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
ConfidentialVmEncryptedWithCustomerKey
ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
ENCRYPTION_AT_REST_WITH_CUSTOMER_KEY
EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
ENCRYPTION_AT_REST_WITH_PLATFORM_AND_CUSTOMER_KEYS
EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
CONFIDENTIAL_VM_ENCRYPTED_WITH_CUSTOMER_KEY
ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.
"EncryptionAtRestWithCustomerKey"
EncryptionAtRestWithCustomerKeyResource using diskEncryptionSet would be encrypted at rest with Customer managed key that can be changed and revoked by a customer.
"EncryptionAtRestWithPlatformAndCustomerKeys"
EncryptionAtRestWithPlatformAndCustomerKeysResource using diskEncryptionSet would be encrypted at rest with two layers of encryption. One of the keys is Customer managed and the other key is Platform managed.
"ConfidentialVmEncryptedWithCustomerKey"
ConfidentialVmEncryptedWithCustomerKeyConfidential VM supported disk and VM guest state would be encrypted with customer managed key.

EncryptionSetIdentity
, EncryptionSetIdentityArgs

Type string | Pulumi.AzureNative.Compute.DiskEncryptionSetIdentityType
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
UserAssignedIdentities List<string>
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
Type string | DiskEncryptionSetIdentityType
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
UserAssignedIdentities []string
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
type String | DiskEncryptionSetIdentityType
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities List<String>
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
type string | DiskEncryptionSetIdentityType
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities string[]
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
type str | DiskEncryptionSetIdentityType
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
user_assigned_identities Sequence[str]
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
type String | "SystemAssigned" | "UserAssigned" | "SystemAssigned, UserAssigned" | "None"
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities List<String>
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

EncryptionSetIdentityResponse
, EncryptionSetIdentityResponseArgs

PrincipalId This property is required. string
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
TenantId This property is required. string
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
Type string
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
UserAssignedIdentities Dictionary<string, Pulumi.AzureNative.Compute.Inputs.UserAssignedIdentitiesResponseUserAssignedIdentities>
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
PrincipalId This property is required. string
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
TenantId This property is required. string
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
Type string
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
UserAssignedIdentities map[string]UserAssignedIdentitiesResponseUserAssignedIdentities
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
principalId This property is required. String
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
tenantId This property is required. String
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
type String
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities Map<String,UserAssignedIdentitiesResponseUserAssignedIdentities>
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
principalId This property is required. string
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
tenantId This property is required. string
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
type string
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities {[key: string]: UserAssignedIdentitiesResponseUserAssignedIdentities}
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
principal_id This property is required. str
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
tenant_id This property is required. str
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
type str
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
user_assigned_identities Mapping[str, UserAssignedIdentitiesResponseUserAssignedIdentities]
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
principalId This property is required. String
The object id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-identity-principal-id header in the PUT request if the resource has a systemAssigned(implicit) identity
tenantId This property is required. String
The tenant id of the Managed Identity Resource. This will be sent to the RP from ARM via the x-ms-client-tenant-id header in the PUT request if the resource has a systemAssigned(implicit) identity
type String
The type of Managed Identity used by the DiskEncryptionSet. Only SystemAssigned is supported for new creations. Disk Encryption Sets can be updated with Identity type None during migration of subscription to a new Azure Active Directory tenant; it will cause the encrypted resources to lose access to the keys.
userAssignedIdentities Map<Property Map>
The list of user identities associated with the disk encryption set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

InnerErrorResponse
, InnerErrorResponseArgs

Errordetail string
The internal error message or exception dump.
Exceptiontype string
The exception type.
Errordetail string
The internal error message or exception dump.
Exceptiontype string
The exception type.
errordetail String
The internal error message or exception dump.
exceptiontype String
The exception type.
errordetail string
The internal error message or exception dump.
exceptiontype string
The exception type.
errordetail str
The internal error message or exception dump.
exceptiontype str
The exception type.
errordetail String
The internal error message or exception dump.
exceptiontype String
The exception type.

KeyForDiskEncryptionSet
, KeyForDiskEncryptionSetArgs

KeyUrl This property is required. string
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
SourceVault Pulumi.AzureNative.Compute.Inputs.SourceVault
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
KeyUrl This property is required. string
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
SourceVault SourceVault
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
keyUrl This property is required. String
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault SourceVault
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
keyUrl This property is required. string
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault SourceVault
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
key_url This property is required. str
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
source_vault SourceVault
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
keyUrl This property is required. String
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault Property Map
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

KeyForDiskEncryptionSetResponse
, KeyForDiskEncryptionSetResponseArgs

KeyUrl This property is required. string
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
SourceVault Pulumi.AzureNative.Compute.Inputs.SourceVaultResponse
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
KeyUrl This property is required. string
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
SourceVault SourceVaultResponse
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
keyUrl This property is required. String
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault SourceVaultResponse
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
keyUrl This property is required. string
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault SourceVaultResponse
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
key_url This property is required. str
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
source_vault SourceVaultResponse
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.
keyUrl This property is required. String
Fully versioned Key Url pointing to a key in KeyVault. Version segment of the Url is required regardless of rotationToLatestKeyVersionEnabled value.
sourceVault Property Map
Resource id of the KeyVault containing the key or secret. This property is optional and cannot be used if the KeyVault subscription is not the same as the Disk Encryption Set subscription.

SourceVault
, SourceVaultArgs

Id string
Resource Id
Id string
Resource Id
id String
Resource Id
id string
Resource Id
id str
Resource Id
id String
Resource Id

SourceVaultResponse
, SourceVaultResponseArgs

Id string
Resource Id
Id string
Resource Id
id String
Resource Id
id string
Resource Id
id str
Resource Id
id String
Resource Id

UserAssignedIdentitiesResponseUserAssignedIdentities
, UserAssignedIdentitiesResponseUserAssignedIdentitiesArgs

ClientId This property is required. string
The client id of user assigned identity.
PrincipalId This property is required. string
The principal id of user assigned identity.
ClientId This property is required. string
The client id of user assigned identity.
PrincipalId This property is required. string
The principal id of user assigned identity.
clientId This property is required. String
The client id of user assigned identity.
principalId This property is required. String
The principal id of user assigned identity.
clientId This property is required. string
The client id of user assigned identity.
principalId This property is required. string
The principal id of user assigned identity.
client_id This property is required. str
The client id of user assigned identity.
principal_id This property is required. str
The principal id of user assigned identity.
clientId This property is required. String
The client id of user assigned identity.
principalId This property is required. String
The principal id of user assigned identity.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:compute:DiskEncryptionSet myDiskEncryptionSet /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{diskEncryptionSetName}
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi
pulumi/pulumi-azure-native