ca2longoria
Reputation: 372
How to use Azure's Encryption at Rest via REST API
I've found documentation for applying Encryption at Rest using PowerShell, the CLI, and json templates. However...
How do I achieve this strictly using the Azure REST API?
Thank you.
(Desired end result is described here: https://learn.microsoft.com/en-us/azure/security/azure-security-encryption-atrest)
(PowerShell method is described here: https://learn.microsoft.com/en-us/azure/security-center/security-center-disk-encryption)
Upvotes: 1
Views: 1197
Answers (1)
Shui shengbao
Reputation: 19205
You could encryption OS disk with the rest API.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vm}&api-version={apiVersion}
In request body json, you need add below:
"encryptionSettings": {
"enabled": true,
"diskEncryptionKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}"
},
"secretUrl": "https://mykeyvault.vault.azure.net/secrets/{secret-name}/{secret-version}"
},
"keyEncryptionKey": {
"sourceVault": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}"
},
"keyUrl": "https://mykeyvault.vault.azure.net/keys/{key-name}/{key-version}"
}
You also encryption managed disk, please check this link.
Upvotes: 1
Related Questions
- Terraform Azure provider - VM encryption at rest
- Azure KeyVault Encrypt API Endpoint Not Returning Base64 Encoded String
- How to use Let's Encrypt with Azure's API Management
- CosmosDB encryption at rest
- Azure Storage Client Side Encryption
- Use ms-rest-azure to authenticate with azure-keyvault?
- Keyvault Authentication (REST API)
- HTTPS on Azure RESTAPI
- Azure - trying to create encrypted storage account
- Azure Template parameter "password" encryption