Enable encryption on a running Linux VM.

게시자: Kamran Khan
마지막 업데이트: 2016-09-21

This template enables encryption on a running linux vm using AAD client secret.

이 ARM(Azure Resource Manager) 템플릿은 Microsoft가 아니라 커뮤니티 구성원에 의해 만들어졌습니다. 각 ARM 템플릿은 Microsoft가 아닌 해당 소유자에 의해 사용이 허가됩니다. Microsoft는 커뮤니티 구성원에 의해 제공 및 라이선스가 부여된 ARM에 대해 책임이 없으며, 보안, 호환성 또는 성능을 검사하지 않습니다. 커뮤니티 ARM 템플릿은 Microsoft 지원 프로그램 또는 서비스에서 지원되지 않고, 어떠한 보증도 없이 있는 그래도 제공됩니다.

매개 변수

매개 변수 이름 설명
aadClientID Client ID of AAD app which has permissions to KeyVault
aadClientSecret Client Secret of AAD app which has permissions to KeyVault
diskFormatQuery the query string used to identify the disks to format and encrypt. This parameter only works when you set the EncryptionOperation as EnableEncryptionFormat. For example, passing [{"dev_path":"/dev/md0","name":"encryptedraid","file_system":"ext4"}] will format /dev/md0, encrypt it and mount it at /mnt/dataraid. This parameter should only be used for RAID devices. The specified device must not have any existing filesystem on it.
encryptionOperation EnableEncryption would encrypt the disks in place and EnableEncryptionFormat would format the disks directly
volumeType Defines which drives should be encrypted. OS encryption is supported on RHEL 7.2, CentOS 7.2 & Ubuntu 16.04.
keyEncryptionKeyURL URL of the KeyEncryptionKey used to encrypt the volume encryption key
keyVaultName Name of the KeyVault to place the volume encryption key
keyVaultResourceGroup Resource group of the KeyVault
passphrase The passphrase for the disks
sequenceVersion sequence version of the bitlocker operation. Increment this everytime an operation is performed on the same VM
useKek Select kek if the secret should be encrypted with a key encryption key
vmName Name of the virtual machine
_artifactsLocation The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated.
_artifactsLocationSasToken The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated.

템플릿 사용

PowerShell

New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-encrypt-running-linux-vm/azuredeploy.json
Azure PowerShell 설치 및 구성

명령줄

azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-encrypt-running-linux-vm/azuredeploy.json
Azure 크로스 플랫폼 명령줄 인터페이스 설치 및 구성