Encryption
data class EncryptionScopeArgs(val infrastructureEncryptionRequired: Output<Boolean>? = null, val keyVaultKeyId: Output<String>? = null, val name: Output<String>? = null, val source: Output<String>? = null, val storageAccountId: Output<String>? = null) : ConvertibleToJava<EncryptionScopeArgs>
Manages a Storage Encryption Scope.
Note: Storage Encryption Scopes are in Preview more information can be found here.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplesa",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
identity: {
type: "SystemAssigned",
},
});
const exampleEncryptionScope = new azure.storage.EncryptionScope("example", {
name: "microsoftmanaged",
storageAccountId: exampleAccount.id,
source: "Microsoft.Storage",
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_account = azure.storage.Account("example",
name="examplesa",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS",
identity={
"type": "SystemAssigned",
})
example_encryption_scope = azure.storage.EncryptionScope("example",
name="microsoftmanaged",
storage_account_id=example_account.id,
source="Microsoft.Storage")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplesa",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
Identity = new Azure.Storage.Inputs.AccountIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleEncryptionScope = new Azure.Storage.EncryptionScope("example", new()
{
Name = "microsoftmanaged",
StorageAccountId = exampleAccount.Id,
Source = "Microsoft.Storage",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplesa"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
Identity: &storage.AccountIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
_, err = storage.NewEncryptionScope(ctx, "example", &storage.EncryptionScopeArgs{
Name: pulumi.String("microsoftmanaged"),
StorageAccountId: exampleAccount.ID(),
Source: pulumi.String("Microsoft.Storage"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
import com.pulumi.azure.storage.EncryptionScope;
import com.pulumi.azure.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplesa")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.identity(AccountIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleEncryptionScope = new EncryptionScope("exampleEncryptionScope", EncryptionScopeArgs.builder()
.name("microsoftmanaged")
.storageAccountId(exampleAccount.id())
.source("Microsoft.Storage")
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
identity:
type: SystemAssigned
exampleEncryptionScope:
type: azure:storage:EncryptionScope
name: example
properties:
name: microsoftmanaged
storageAccountId: ${exampleAccount.id}
source: Microsoft.StorageContent copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.Storage: 2023-05-01
Import
Storage Encryption Scopes can be imported using the resource id, e.g.
$ pulumi import azure:storage/encryptionScope:EncryptionScope example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Storage/storageAccounts/account1/encryptionScopes/scope1Content copied to clipboard
Constructors
Properties
Link copied to clipboard
Is a secondary layer of encryption with Platform Managed Keys for data applied? Changing this forces a new resource to be created.
Link copied to clipboard
The ID of the Key Vault Key. Required when source is Microsoft.KeyVault.
Link copied to clipboard
The ID of the Storage Account where this Storage Encryption Scope is created. Changing this forces a new Storage Encryption Scope to be created.