az storage account encryption-scope

Manage encryption scope for a storage account.

Commands

az storage account encryption-scope create

Create an encryption scope within storage account.

az storage account encryption-scope list

List encryption scopes within storage account.

az storage account encryption-scope show

Show properties for specified encryption scope within storage account.

az storage account encryption-scope update

Update properties for specified encryption scope within storage account.

az storage account encryption-scope create

Create an encryption scope within storage account.

az storage account encryption-scope create --account-name
                                           --name
                                           [--key-source {Microsoft.KeyVault, Microsoft.Storage}]
                                           [--key-uri]
                                           [--resource-group]
                                           [--subscription]

Examples

Create an encryption scope within storage account based on Micosoft.Storage key source.

az storage account encryption-scope create --name myencryption -s Microsoft.Storage --account-name mystorageaccount -g MyResourceGroup

Create an encryption scope within storage account based on Micosoft.KeyVault key source.

az storage account encryption-scope create --name myencryption -s Microsoft.KeyVault -u "https://vaultname.vault.azure.net/keys/keyname/1f7fa7edc99f4cdf82b5b5f32f2a50a7" --account-name mystorageaccount -g MyResourceGroup

Required Parameters

--account-name

The storage account name.

--name -n

The name of the encryption scope within the specified storage account.

Optional Parameters

--key-source -s

The provider for the encryption scope.

accepted values: Microsoft.KeyVault, Microsoft.Storage
default value: Microsoft.Storage
--key-uri -u

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage account encryption-scope list

List encryption scopes within storage account.

az storage account encryption-scope list --account-name
                                         [--query-examples]
                                         [--resource-group]
                                         [--subscription]

Examples

List encryption scopes within storage account.

az storage account encryption-scope list --account-name mystorageaccount -g MyResourceGroup

Required Parameters

--account-name

The storage account name.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage account encryption-scope show

Show properties for specified encryption scope within storage account.

az storage account encryption-scope show --account-name
                                         --name
                                         [--query-examples]
                                         [--resource-group]
                                         [--subscription]

Examples

Show properties for specified encryption scope within storage account.

az storage account encryption-scope show --name myencryption --account-name mystorageaccount -g MyResourceGroup

Required Parameters

--account-name

The storage account name.

--name -n

The name of the encryption scope within the specified storage account.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage account encryption-scope update

Update properties for specified encryption scope within storage account.

az storage account encryption-scope update --account-name
                                           --name
                                           [--key-source {Microsoft.KeyVault, Microsoft.Storage}]
                                           [--key-uri]
                                           [--resource-group]
                                           [--state {Disabled, Enabled}]
                                           [--subscription]

Examples

Update an encryption scope key source to Micosoft.Storage.

az storage account encryption-scope update --name myencryption -s Microsoft.Storage --account-name mystorageaccount -g MyResourceGroup

Create an encryption scope within storage account based on Micosoft.KeyVault key source.

az storage account encryption-scope update --name myencryption -s Microsoft.KeyVault -u "https://vaultname.vault.azure.net/keys/keyname/1f7fa7edc99f4cdf82b5b5f32f2a50a7" --account-name mystorageaccount -g MyResourceGroup

Disable an encryption scope within storage account.

az storage account encryption-scope update --name myencryption --state Disabled --account-name mystorageaccount -g MyResourceGroup

Enable an encryption scope within storage account.

az storage account encryption-scope update --name myencryption --state Enabled --account-name mystorageaccount -g MyResourceGroup

Required Parameters

--account-name

The storage account name.

--name -n

The name of the encryption scope within the specified storage account.

Optional Parameters

--key-source -s

The provider for the encryption scope.

accepted values: Microsoft.KeyVault, Microsoft.Storage
--key-uri -u

The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--state

Change the state the encryption scope. When disabled, all blob read/write operations using this encryption scope will fail.

accepted values: Disabled, Enabled
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.