az vmss encryption

Manage encryption of VMSS.

For more information, see: https://docs.microsoft.com/azure/security/azure-security-disk-encryption-overview.

Commands

az vmss encryption disable

Disable the encryption on a VMSS with managed disks.

az vmss encryption enable

Encrypt a VMSS with managed disks.

az vmss encryption show

Show encryption status.

az vmss encryption disable

Disable the encryption on a VMSS with managed disks.

az vmss encryption disable [--force]
                           [--ids]
                           [--name]
                           [--resource-group]
                           [--subscription]
                           [--volume-type {ALL, DATA, OS}]

Examples

disable encryption a VMSS

az vmss encryption disable -g MyResourceGroup -n MyVm

Optional Parameters

--force

Continue by ignoring client side validation errors.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--volume-type

Type of volume that the encryption operation is performed on.

accepted values: ALL, DATA, OS

az vmss encryption enable

Encrypt a VMSS with managed disks.

For more information, see: For more information, see: https://docs.microsoft.com/azure/security/azure-security-disk-encryption-overview.

az vmss encryption enable --disk-encryption-keyvault
                          [--force]
                          [--ids]
                          [--key-encryption-algorithm]
                          [--key-encryption-key]
                          [--key-encryption-keyvault]
                          [--name]
                          [--resource-group]
                          [--subscription]
                          [--volume-type {ALL, DATA, OS}]

Examples

encrypt a VM scale set using a key vault in the same resource group

az vmss encryption enable -g MyResourceGroup -n MyVmss --disk-encryption-keyvault MyVault

Encrypt a VMSS with managed disks. (autogenerated)

az vmss encryption enable --disk-encryption-keyvault MyVault --name MyVmss --resource-group MyResourceGroup --volume-type DATA

Required Parameters

--disk-encryption-keyvault

Name or ID of the key vault where the generated encryption key will be placed.

Optional Parameters

--force

Continue by ignoring client side validation errors.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--key-encryption-algorithm
default value: RSA-OAEP
--key-encryption-key

Key vault key name or URL used to encrypt the disk encryption key.

--key-encryption-keyvault

Name or ID of the key vault containing the key encryption key used to encrypt the disk encryption key. If missing, CLI will use --disk-encryption-keyvault.

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--volume-type

Type of volume that the encryption operation is performed on.

accepted values: ALL, DATA, OS

az vmss encryption show

Show encryption status.

az vmss encryption show [--ids]
                        [--name]
                        [--query-examples]
                        [--resource-group]
                        [--subscription]

Examples

Show encryption status. (autogenerated)

az vmss encryption show --name MyScaleSet --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.