azure-native.storage.EncryptionScope
Explore with Pulumi AI
The Encryption Scope resource. Azure REST API version: 2022-09-01. Prior API version in Azure Native 1.x: 2021-02-01.
Other available API versions: 2023-01-01, 2023-04-01, 2023-05-01.
Example Usage
StorageAccountPutEncryptionScope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
{
AccountName = "{storage-account-name}",
EncryptionScopeName = "{encryption-scope-name}",
ResourceGroupName = "resource-group-name",
});
});
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
AccountName: pulumi.String("{storage-account-name}"),
EncryptionScopeName: pulumi.String("{encryption-scope-name}"),
ResourceGroupName: pulumi.String("resource-group-name"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.EncryptionScope;
import com.pulumi.azurenative.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()
.accountName("{storage-account-name}")
.encryptionScopeName("{encryption-scope-name}")
.resourceGroupName("resource-group-name")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
account_name="{storage-account-name}",
encryption_scope_name="{encryption-scope-name}",
resource_group_name="resource-group-name")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
accountName: "{storage-account-name}",
encryptionScopeName: "{encryption-scope-name}",
resourceGroupName: "resource-group-name",
});
resources:
encryptionScope:
type: azure-native:storage:EncryptionScope
properties:
accountName: '{storage-account-name}'
encryptionScopeName: '{encryption-scope-name}'
resourceGroupName: resource-group-name
StorageAccountPutEncryptionScopeWithInfrastructureEncryption
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
{
AccountName = "{storage-account-name}",
EncryptionScopeName = "{encryption-scope-name}",
RequireInfrastructureEncryption = true,
ResourceGroupName = "resource-group-name",
});
});
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
AccountName: pulumi.String("{storage-account-name}"),
EncryptionScopeName: pulumi.String("{encryption-scope-name}"),
RequireInfrastructureEncryption: pulumi.Bool(true),
ResourceGroupName: pulumi.String("resource-group-name"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.EncryptionScope;
import com.pulumi.azurenative.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()
.accountName("{storage-account-name}")
.encryptionScopeName("{encryption-scope-name}")
.requireInfrastructureEncryption(true)
.resourceGroupName("resource-group-name")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
account_name="{storage-account-name}",
encryption_scope_name="{encryption-scope-name}",
require_infrastructure_encryption=True,
resource_group_name="resource-group-name")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
accountName: "{storage-account-name}",
encryptionScopeName: "{encryption-scope-name}",
requireInfrastructureEncryption: true,
resourceGroupName: "resource-group-name",
});
resources:
encryptionScope:
type: azure-native:storage:EncryptionScope
properties:
accountName: '{storage-account-name}'
encryptionScopeName: '{encryption-scope-name}'
requireInfrastructureEncryption: true
resourceGroupName: resource-group-name
Create EncryptionScope Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EncryptionScope(name: string, args: EncryptionScopeArgs, opts?: CustomResourceOptions);
@overload
def EncryptionScope(resource_name: str,
args: EncryptionScopeArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EncryptionScope(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
encryption_scope_name: Optional[str] = None,
key_vault_properties: Optional[EncryptionScopeKeyVaultPropertiesArgs] = None,
require_infrastructure_encryption: Optional[bool] = None,
source: Optional[Union[str, EncryptionScopeSource]] = None,
state: Optional[Union[str, EncryptionScopeState]] = None)
func NewEncryptionScope(ctx *Context, name string, args EncryptionScopeArgs, opts ...ResourceOption) (*EncryptionScope, error)
public EncryptionScope(string name, EncryptionScopeArgs args, CustomResourceOptions? opts = null)
public EncryptionScope(String name, EncryptionScopeArgs args)
public EncryptionScope(String name, EncryptionScopeArgs args, CustomResourceOptions options)
type: azure-native:storage:EncryptionScope
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azure_nativeEncryptionScopeResource = new AzureNative.Storage.EncryptionScope("azure-nativeEncryptionScopeResource", new()
{
AccountName = "string",
ResourceGroupName = "string",
EncryptionScopeName = "string",
KeyVaultProperties = new AzureNative.Storage.Inputs.EncryptionScopeKeyVaultPropertiesArgs
{
KeyUri = "string",
},
RequireInfrastructureEncryption = false,
Source = "string",
State = "string",
});
example, err := storage.NewEncryptionScope(ctx, "azure-nativeEncryptionScopeResource", &storage.EncryptionScopeArgs{
AccountName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
EncryptionScopeName: pulumi.String("string"),
KeyVaultProperties: &storage.EncryptionScopeKeyVaultPropertiesArgs{
KeyUri: pulumi.String("string"),
},
RequireInfrastructureEncryption: pulumi.Bool(false),
Source: pulumi.String("string"),
State: pulumi.String("string"),
})
var azure_nativeEncryptionScopeResource = new EncryptionScope("azure-nativeEncryptionScopeResource", EncryptionScopeArgs.builder()
.accountName("string")
.resourceGroupName("string")
.encryptionScopeName("string")
.keyVaultProperties(EncryptionScopeKeyVaultPropertiesArgs.builder()
.keyUri("string")
.build())
.requireInfrastructureEncryption(false)
.source("string")
.state("string")
.build());
azure_native_encryption_scope_resource = azure_native.storage.EncryptionScope("azure-nativeEncryptionScopeResource",
account_name="string",
resource_group_name="string",
encryption_scope_name="string",
key_vault_properties={
"keyUri": "string",
},
require_infrastructure_encryption=False,
source="string",
state="string")
const azure_nativeEncryptionScopeResource = new azure_native.storage.EncryptionScope("azure-nativeEncryptionScopeResource", {
accountName: "string",
resourceGroupName: "string",
encryptionScopeName: "string",
keyVaultProperties: {
keyUri: "string",
},
requireInfrastructureEncryption: false,
source: "string",
state: "string",
});
type: azure-native:storage:EncryptionScope
properties:
accountName: string
encryptionScopeName: string
keyVaultProperties:
keyUri: string
requireInfrastructureEncryption: false
resourceGroupName: string
source: string
state: string
EncryptionScope Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The EncryptionScope resource accepts the following input properties:
- Account
Name string - The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Encryption
Scope stringName - The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- Key
Vault Pulumi.Properties Azure Native. Storage. Inputs. Encryption Scope Key Vault Properties - The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- Require
Infrastructure boolEncryption - A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- Source
string | Pulumi.
Azure Native. Storage. Encryption Scope Source - The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- State
string | Pulumi.
Azure Native. Storage. Encryption Scope State - The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- Account
Name string - The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Encryption
Scope stringName - The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- Key
Vault EncryptionProperties Scope Key Vault Properties Args - The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- Require
Infrastructure boolEncryption - A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- Source
string | Encryption
Scope Source - The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- State
string | Encryption
Scope State Enum - The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- account
Name String - The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- encryption
Scope StringName - The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- key
Vault EncryptionProperties Scope Key Vault Properties - The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- require
Infrastructure BooleanEncryption - A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
String | Encryption
Scope Source - The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state
String | Encryption
Scope State - The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- account
Name string - The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- encryption
Scope stringName - The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- key
Vault EncryptionProperties Scope Key Vault Properties - The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- require
Infrastructure booleanEncryption - A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
string | Encryption
Scope Source - The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state
string | Encryption
Scope State - The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- account_
name str - The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resource_
group_ strname - The name of the resource group within the user's subscription. The name is case insensitive.
- encryption_
scope_ strname - The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- key_
vault_ Encryptionproperties Scope Key Vault Properties Args - The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- require_
infrastructure_ boolencryption - A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
str | Encryption
Scope Source - The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state
str | Encryption
Scope State - The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- account
Name String - The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- encryption
Scope StringName - The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- key
Vault Property MapProperties - The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- require
Infrastructure BooleanEncryption - A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
String | "Microsoft.
Storage" | "Microsoft. Key Vault" - The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state String | "Enabled" | "Disabled"
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
Outputs
All input properties are implicitly available as output properties. Additionally, the EncryptionScope resource produces the following output properties:
- Creation
Time string - Gets the creation date and time of the encryption scope in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringTime - Gets the last modification date and time of the encryption scope in UTC.
- Name string
- The name of the resource
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Creation
Time string - Gets the creation date and time of the encryption scope in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringTime - Gets the last modification date and time of the encryption scope in UTC.
- Name string
- The name of the resource
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creation
Time String - Gets the creation date and time of the encryption scope in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringTime - Gets the last modification date and time of the encryption scope in UTC.
- name String
- The name of the resource
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creation
Time string - Gets the creation date and time of the encryption scope in UTC.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified stringTime - Gets the last modification date and time of the encryption scope in UTC.
- name string
- The name of the resource
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creation_
time str - Gets the creation date and time of the encryption scope in UTC.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ strtime - Gets the last modification date and time of the encryption scope in UTC.
- name str
- The name of the resource
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creation
Time String - Gets the creation date and time of the encryption scope in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringTime - Gets the last modification date and time of the encryption scope in UTC.
- name String
- The name of the resource
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Supporting Types
EncryptionScopeKeyVaultProperties, EncryptionScopeKeyVaultPropertiesArgs
- Key
Uri string - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- Key
Uri string - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- key
Uri String - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- key
Uri string - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- key_
uri str - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- key
Uri String - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
EncryptionScopeKeyVaultPropertiesResponse, EncryptionScopeKeyVaultPropertiesResponseArgs
- Current
Versioned stringKey Identifier - The object identifier of the current versioned Key Vault Key in use.
- Last
Key stringRotation Timestamp - Timestamp of last rotation of the Key Vault Key.
- Key
Uri string - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- Current
Versioned stringKey Identifier - The object identifier of the current versioned Key Vault Key in use.
- Last
Key stringRotation Timestamp - Timestamp of last rotation of the Key Vault Key.
- Key
Uri string - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- current
Versioned StringKey Identifier - The object identifier of the current versioned Key Vault Key in use.
- last
Key StringRotation Timestamp - Timestamp of last rotation of the Key Vault Key.
- key
Uri String - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- current
Versioned stringKey Identifier - The object identifier of the current versioned Key Vault Key in use.
- last
Key stringRotation Timestamp - Timestamp of last rotation of the Key Vault Key.
- key
Uri string - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- current_
versioned_ strkey_ identifier - The object identifier of the current versioned Key Vault Key in use.
- last_
key_ strrotation_ timestamp - Timestamp of last rotation of the Key Vault Key.
- key_
uri str - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- current
Versioned StringKey Identifier - The object identifier of the current versioned Key Vault Key in use.
- last
Key StringRotation Timestamp - Timestamp of last rotation of the Key Vault Key.
- key
Uri String - The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
EncryptionScopeSource, EncryptionScopeSourceArgs
- Microsoft_Storage
- Microsoft.Storage
- Microsoft_Key
Vault - Microsoft.KeyVault
- Encryption
Scope Source_Microsoft_Storage - Microsoft.Storage
- Encryption
Scope Source_Microsoft_Key Vault - Microsoft.KeyVault
- Microsoft_Storage
- Microsoft.Storage
- Microsoft_Key
Vault - Microsoft.KeyVault
- Microsoft_Storage
- Microsoft.Storage
- Microsoft_Key
Vault - Microsoft.KeyVault
- MICROSOFT_STORAGE
- Microsoft.Storage
- MICROSOFT_KEY_VAULT
- Microsoft.KeyVault
- "Microsoft.
Storage" - Microsoft.Storage
- "Microsoft.
Key Vault" - Microsoft.KeyVault
EncryptionScopeState, EncryptionScopeStateArgs
- Enabled
- Enabled
- Disabled
- Disabled
- Encryption
Scope State Enabled - Enabled
- Encryption
Scope State Disabled - Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- ENABLED
- Enabled
- DISABLED
- Disabled
- "Enabled"
- Enabled
- "Disabled"
- Disabled
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:storage:EncryptionScope {encryption-scope-name} /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/encryptionScopes/{encryptionScopeName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0