azure-native.storage.EncryptionScope
Explore with Pulumi AI
The Encryption Scope resource. API Version: 2021-02-01.
Example Usage
StorageAccountPutEncryptionScope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
    {
        AccountName = "{storage-account-name}",
        EncryptionScopeName = "{encryption-scope-name}",
        ResourceGroupName = "resource-group-name",
    });
});
package main
import (
	storage "github.com/pulumi/pulumi-azure-native-sdk/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
			AccountName:         pulumi.String("{storage-account-name}"),
			EncryptionScopeName: pulumi.String("{encryption-scope-name}"),
			ResourceGroupName:   pulumi.String("resource-group-name"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.EncryptionScope;
import com.pulumi.azurenative.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()        
            .accountName("{storage-account-name}")
            .encryptionScopeName("{encryption-scope-name}")
            .resourceGroupName("resource-group-name")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
    accountName: "{storage-account-name}",
    encryptionScopeName: "{encryption-scope-name}",
    resourceGroupName: "resource-group-name",
});
import pulumi
import pulumi_azure_native as azure_native
encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
    account_name="{storage-account-name}",
    encryption_scope_name="{encryption-scope-name}",
    resource_group_name="resource-group-name")
resources:
  encryptionScope:
    type: azure-native:storage:EncryptionScope
    properties:
      accountName: '{storage-account-name}'
      encryptionScopeName: '{encryption-scope-name}'
      resourceGroupName: resource-group-name
StorageAccountPutEncryptionScopeWithInfrastructureEncryption
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var encryptionScope = new AzureNative.Storage.EncryptionScope("encryptionScope", new()
    {
        AccountName = "{storage-account-name}",
        EncryptionScopeName = "{encryption-scope-name}",
        RequireInfrastructureEncryption = true,
        ResourceGroupName = "resource-group-name",
    });
});
package main
import (
	storage "github.com/pulumi/pulumi-azure-native-sdk/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.NewEncryptionScope(ctx, "encryptionScope", &storage.EncryptionScopeArgs{
			AccountName:                     pulumi.String("{storage-account-name}"),
			EncryptionScopeName:             pulumi.String("{encryption-scope-name}"),
			RequireInfrastructureEncryption: pulumi.Bool(true),
			ResourceGroupName:               pulumi.String("resource-group-name"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.EncryptionScope;
import com.pulumi.azurenative.storage.EncryptionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var encryptionScope = new EncryptionScope("encryptionScope", EncryptionScopeArgs.builder()        
            .accountName("{storage-account-name}")
            .encryptionScopeName("{encryption-scope-name}")
            .requireInfrastructureEncryption(true)
            .resourceGroupName("resource-group-name")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const encryptionScope = new azure_native.storage.EncryptionScope("encryptionScope", {
    accountName: "{storage-account-name}",
    encryptionScopeName: "{encryption-scope-name}",
    requireInfrastructureEncryption: true,
    resourceGroupName: "resource-group-name",
});
import pulumi
import pulumi_azure_native as azure_native
encryption_scope = azure_native.storage.EncryptionScope("encryptionScope",
    account_name="{storage-account-name}",
    encryption_scope_name="{encryption-scope-name}",
    require_infrastructure_encryption=True,
    resource_group_name="resource-group-name")
resources:
  encryptionScope:
    type: azure-native:storage:EncryptionScope
    properties:
      accountName: '{storage-account-name}'
      encryptionScopeName: '{encryption-scope-name}'
      requireInfrastructureEncryption: true
      resourceGroupName: resource-group-name
Create EncryptionScope Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EncryptionScope(name: string, args: EncryptionScopeArgs, opts?: CustomResourceOptions);@overload
def EncryptionScope(resource_name: str,
                    args: EncryptionScopeArgs,
                    opts: Optional[ResourceOptions] = None)
@overload
def EncryptionScope(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    account_name: Optional[str] = None,
                    resource_group_name: Optional[str] = None,
                    encryption_scope_name: Optional[str] = None,
                    key_vault_properties: Optional[EncryptionScopeKeyVaultPropertiesArgs] = None,
                    require_infrastructure_encryption: Optional[bool] = None,
                    source: Optional[Union[str, EncryptionScopeSource]] = None,
                    state: Optional[Union[str, EncryptionScopeState]] = None)func NewEncryptionScope(ctx *Context, name string, args EncryptionScopeArgs, opts ...ResourceOption) (*EncryptionScope, error)public EncryptionScope(string name, EncryptionScopeArgs args, CustomResourceOptions? opts = null)
public EncryptionScope(String name, EncryptionScopeArgs args)
public EncryptionScope(String name, EncryptionScopeArgs args, CustomResourceOptions options)
type: azure-native:storage:EncryptionScope
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EncryptionScopeArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var encryptionScopeResource = new AzureNative.Storage.EncryptionScope("encryptionScopeResource", new()
{
    AccountName = "string",
    ResourceGroupName = "string",
    EncryptionScopeName = "string",
    KeyVaultProperties = 
    {
        { "keyUri", "string" },
    },
    RequireInfrastructureEncryption = false,
    Source = "string",
    State = "string",
});
example, err := storage.NewEncryptionScope(ctx, "encryptionScopeResource", &storage.EncryptionScopeArgs{
	AccountName:         "string",
	ResourceGroupName:   "string",
	EncryptionScopeName: "string",
	KeyVaultProperties: map[string]interface{}{
		"keyUri": "string",
	},
	RequireInfrastructureEncryption: false,
	Source:                          "string",
	State:                           "string",
})
var encryptionScopeResource = new EncryptionScope("encryptionScopeResource", EncryptionScopeArgs.builder()
    .accountName("string")
    .resourceGroupName("string")
    .encryptionScopeName("string")
    .keyVaultProperties(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .requireInfrastructureEncryption(false)
    .source("string")
    .state("string")
    .build());
encryption_scope_resource = azure_native.storage.EncryptionScope("encryptionScopeResource",
    account_name=string,
    resource_group_name=string,
    encryption_scope_name=string,
    key_vault_properties={
        keyUri: string,
    },
    require_infrastructure_encryption=False,
    source=string,
    state=string)
const encryptionScopeResource = new azure_native.storage.EncryptionScope("encryptionScopeResource", {
    accountName: "string",
    resourceGroupName: "string",
    encryptionScopeName: "string",
    keyVaultProperties: {
        keyUri: "string",
    },
    requireInfrastructureEncryption: false,
    source: "string",
    state: "string",
});
type: azure-native:storage:EncryptionScope
properties:
    accountName: string
    encryptionScopeName: string
    keyVaultProperties:
        keyUri: string
    requireInfrastructureEncryption: false
    resourceGroupName: string
    source: string
    state: string
EncryptionScope Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EncryptionScope resource accepts the following input properties:
- AccountName string
- The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- ResourceGroup stringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- EncryptionScope stringName 
- The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- KeyVault Pulumi.Properties Azure Native. Storage. Inputs. Encryption Scope Key Vault Properties 
- The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- RequireInfrastructure boolEncryption 
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- Source
string | Pulumi.Azure Native. Storage. Encryption Scope Source 
- The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- State
string | Pulumi.Azure Native. Storage. Encryption Scope State 
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- AccountName string
- The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- ResourceGroup stringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- EncryptionScope stringName 
- The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- KeyVault EncryptionProperties Scope Key Vault Properties Args 
- The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- RequireInfrastructure boolEncryption 
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- Source
string | EncryptionScope Source 
- The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- State
string | EncryptionScope State Enum 
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- accountName String
- The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resourceGroup StringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- encryptionScope StringName 
- The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- keyVault EncryptionProperties Scope Key Vault Properties 
- The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- requireInfrastructure BooleanEncryption 
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
String | EncryptionScope Source 
- The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state
String | EncryptionScope State 
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- accountName string
- The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resourceGroup stringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- encryptionScope stringName 
- The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- keyVault EncryptionProperties Scope Key Vault Properties 
- The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- requireInfrastructure booleanEncryption 
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
string | EncryptionScope Source 
- The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state
string | EncryptionScope State 
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- account_name str
- The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resource_group_ strname 
- The name of the resource group within the user's subscription. The name is case insensitive.
- encryption_scope_ strname 
- The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- key_vault_ Encryptionproperties Scope Key Vault Properties Args 
- The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- require_infrastructure_ boolencryption 
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
str | EncryptionScope Source 
- The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state
str | EncryptionScope State 
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
- accountName String
- The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
- resourceGroup StringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- encryptionScope StringName 
- The name of the encryption scope within the specified storage account. Encryption scope names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number.
- keyVault Property MapProperties 
- The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'.
- requireInfrastructure BooleanEncryption 
- A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
- source
String | "Microsoft.Storage" | "Microsoft. Key Vault" 
- The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault.
- state String | "Enabled" | "Disabled"
- The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled.
Outputs
All input properties are implicitly available as output properties. Additionally, the EncryptionScope resource produces the following output properties:
- CreationTime string
- Gets the creation date and time of the encryption scope in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- LastModified stringTime 
- Gets the last modification date and time of the encryption scope in UTC.
- Name string
- The name of the resource
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- CreationTime string
- Gets the creation date and time of the encryption scope in UTC.
- Id string
- The provider-assigned unique ID for this managed resource.
- LastModified stringTime 
- Gets the last modification date and time of the encryption scope in UTC.
- Name string
- The name of the resource
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creationTime String
- Gets the creation date and time of the encryption scope in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- lastModified StringTime 
- Gets the last modification date and time of the encryption scope in UTC.
- name String
- The name of the resource
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creationTime string
- Gets the creation date and time of the encryption scope in UTC.
- id string
- The provider-assigned unique ID for this managed resource.
- lastModified stringTime 
- Gets the last modification date and time of the encryption scope in UTC.
- name string
- The name of the resource
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creation_time str
- Gets the creation date and time of the encryption scope in UTC.
- id str
- The provider-assigned unique ID for this managed resource.
- last_modified_ strtime 
- Gets the last modification date and time of the encryption scope in UTC.
- name str
- The name of the resource
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- creationTime String
- Gets the creation date and time of the encryption scope in UTC.
- id String
- The provider-assigned unique ID for this managed resource.
- lastModified StringTime 
- Gets the last modification date and time of the encryption scope in UTC.
- name String
- The name of the resource
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Supporting Types
EncryptionScopeKeyVaultProperties, EncryptionScopeKeyVaultPropertiesArgs          
- KeyUri string
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- KeyUri string
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- keyUri String
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- keyUri string
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- key_uri str
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- keyUri String
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
EncryptionScopeKeyVaultPropertiesResponse, EncryptionScopeKeyVaultPropertiesResponseArgs            
- CurrentVersioned stringKey Identifier 
- The object identifier of the current versioned Key Vault Key in use.
- LastKey stringRotation Timestamp 
- Timestamp of last rotation of the Key Vault Key.
- KeyUri string
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- CurrentVersioned stringKey Identifier 
- The object identifier of the current versioned Key Vault Key in use.
- LastKey stringRotation Timestamp 
- Timestamp of last rotation of the Key Vault Key.
- KeyUri string
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- currentVersioned StringKey Identifier 
- The object identifier of the current versioned Key Vault Key in use.
- lastKey StringRotation Timestamp 
- Timestamp of last rotation of the Key Vault Key.
- keyUri String
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- currentVersioned stringKey Identifier 
- The object identifier of the current versioned Key Vault Key in use.
- lastKey stringRotation Timestamp 
- Timestamp of last rotation of the Key Vault Key.
- keyUri string
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- current_versioned_ strkey_ identifier 
- The object identifier of the current versioned Key Vault Key in use.
- last_key_ strrotation_ timestamp 
- Timestamp of last rotation of the Key Vault Key.
- key_uri str
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
- currentVersioned StringKey Identifier 
- The object identifier of the current versioned Key Vault Key in use.
- lastKey StringRotation Timestamp 
- Timestamp of last rotation of the Key Vault Key.
- keyUri String
- The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope.
EncryptionScopeSource, EncryptionScopeSourceArgs      
- Microsoft_Storage
- Microsoft.Storage
- Microsoft_KeyVault 
- Microsoft.KeyVault
- EncryptionScope Source_Microsoft_Storage 
- Microsoft.Storage
- EncryptionScope Source_Microsoft_Key Vault 
- Microsoft.KeyVault
- Microsoft_Storage
- Microsoft.Storage
- Microsoft_KeyVault 
- Microsoft.KeyVault
- Microsoft_Storage
- Microsoft.Storage
- Microsoft_KeyVault 
- Microsoft.KeyVault
- MICROSOFT_STORAGE
- Microsoft.Storage
- MICROSOFT_KEY_VAULT
- Microsoft.KeyVault
- "Microsoft.Storage" 
- Microsoft.Storage
- "Microsoft.Key Vault" 
- Microsoft.KeyVault
EncryptionScopeState, EncryptionScopeStateArgs      
- Enabled
- Enabled
- Disabled
- Disabled
- EncryptionScope State Enabled 
- Enabled
- EncryptionScope State Disabled 
- Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- ENABLED
- Enabled
- DISABLED
- Disabled
- "Enabled"
- Enabled
- "Disabled"
- Disabled
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:storage:EncryptionScope {encryption-scope-name} /subscriptions/{subscription-id}/resourceGroups/resource-group-name/providers/Microsoft.Storage/storageAccounts/{storage-account-name}/encryptionScopes/{encryption-scope-name} 
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0