Skip to content

ramankumarlive/manageddisksdoubleencryptionpreview

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

CreateDiskEncryptionSetForDoubleEncryption.json

CreateDiskEncryptionSetForDoubleEncryption.json

 
 

CreateEmptyDataDiskEncryptedWithDoubleEncryption.json

CreateEmptyDataDiskEncryptedWithDoubleEncryption.json

 
 

CreateVMSSWithDisksEncryptedWithDoubleEncryption.json

CreateVMSSWithDisksEncryptedWithDoubleEncryption.json

 
 

CreateVMWithDisksEncryptedWithDoubleEncryption.json

CreateVMWithDisksEncryptedWithDoubleEncryption.json

 
 

README.md

README.md

 
 

Repository files navigation

Managed Disks Double Encryption Preview

The repository contains sample templates for enabling double encryption at rest for managed disks. Double encryption at rest is the continuation of server-side encryption (SSE) at rest with customer managed keys (CMK) that we recently announced in GA for managed disks. If you are hosting VM/VMSS with managed disks and already leveraging SSE with CMK capability, now you can also enable double encryption at rest.

To enable double encryption at rest for Managed Disks attached to VMs/VMSS, you must follow the steps below:

  1. Create a DiskEncryptionSet with encryptionType set as EncryptionAtRestWithPlatformAndCustomerKeys. Please use the API version 2020-05-01 in the Azure Resource Manager (ARM) template. Please refer to the sample ARM template CreateDiskEncryptionSetForDoubleEncryption.json
New-AzResourceGroupDeployment -ResourceGroupName CMKTesting `
  -TemplateUri "https://raw.githubusercontent.com/ramankumarlive/manageddisksdoubleencryptionpreview/master/CreateDiskEncryptionSetForDoubleEncryption.json" `
  -diskEncryptionSetName "yourDESForDoubleEncryption" `
  -keyVaultId "subscriptions/dd80b94e-0463-4a65-8d04-c94f403879dc/resourceGroups/yourResourceGroupName/providers/Microsoft.KeyVault/vaults/yourKeyVaultName" `
  -keyVaultKeyUrl "https://yourKeyVaultName.vault.azure.net/keys/yourKeyName/403445136dee4a57af7068cab08f7d42" `
  -encryptionType "EncryptionAtRestWithPlatformAndCustomerKeys" `
  -region "CentralUSEUAP"
  1. Create a VM with managed disks using the resource URI of the DiskEncryptionSet created in the step #1
$password=ConvertTo-SecureString -String "yourPassword" -AsPlainText -Force
New-AzResourceGroupDeployment -ResourceGroupName yourResourceGroupName `
  -TemplateUri "https://raw.githubusercontent.com/ramankumarlive/manageddisksdoubleencryptionpreview/master/CreateVMWithDisksEncryptedWithDoubleEncryption.json" `
  -virtualMachineName "ramandssecmk1" `
  -adminPassword $password `
  -vmSize "Standard_DS3_V2" `
  -diskEncryptionSetId "/subscriptions/dd80b94e-0463-4a65-8d04-c94f403879dc/resourceGroups/yourResourceGroupName/providers/Microsoft.Compute/diskEncryptionSets/yourDESForDoubleEncryption" `
  -region "CentralUSEUAP"
  1. Create a VMSS with managed disks using the resource URI of the DiskEncryptionSet created in the step #1
$password=ConvertTo-SecureString -String "yourPassword" -AsPlainText -Force
New-AzResourceGroupDeployment -ResourceGroupName yourResourceGroupName `
  -TemplateUri "https://raw.githubusercontent.com/ramankumarlive/manageddisksdoubleencryptionpreview/master/CreateVMSSWithDisksEncryptedWithDoubleEncryption.json" `
  -vmssName "vmssde2" `
  -adminPassword $password `
  -vmSize "Standard_DS3_V2" `
  -diskEncryptionSetId "/subscriptions/dd80b94e-0463-4a65-8d04-c94f403879dc/resourceGroups/yourResourceGroupName/providers/Microsoft.Compute/diskEncryptionSets/yourDESForDoubleEncryption" `
  -region "CentralUSEUAP"

About

The repository contains sample templates for enabling double encryption for managed disks

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published