This template enables encryption on a running linux vm using AAD client secret.
이 ARM(Azure Resource Manager) 템플릿은 Microsoft가 아니라 커뮤니티 구성원에 의해 만들어졌습니다. 각 ARM 템플릿은 Microsoft가 아닌 해당 소유자에 의해 사용이 허가됩니다. Microsoft는 커뮤니티 구성원에 의해 제공 및 라이선스가 부여된 ARM에 대해 책임이 없으며, 보안, 호환성 또는 성능을 검사하지 않습니다. 커뮤니티 ARM 템플릿은 Microsoft 지원 프로그램 또는 서비스에서 지원되지 않고, 어떠한 보증도 없이 있는 그래도 제공됩니다.
매개 변수
| 매개 변수 이름 | 설명 |
|---|---|
| aadClientID | Client ID of AAD app which has permissions to KeyVault |
| aadClientSecret | Client Secret of AAD app which has permissions to KeyVault |
| diskFormatQuery | the query string used to identify the disks to format and encrypt. This parameter only works when you set the EncryptionOperation as EnableEncryptionFormat. For example, passing [{"dev_path":"/dev/md0","name":"encryptedraid","file_system":"ext4"}] will format /dev/md0, encrypt it and mount it at /mnt/dataraid. This parameter should only be used for RAID devices. The specified device must not have any existing filesystem on it. |
| encryptionOperation | EnableEncryption would encrypt the disks in place and EnableEncryptionFormat would format the disks directly |
| volumeType | Defines which drives should be encrypted. OS encryption is supported on RHEL 7.2, CentOS 7.2 & Ubuntu 16.04. |
| keyEncryptionKeyURL | URL of the KeyEncryptionKey used to encrypt the volume encryption key |
| keyVaultName | Name of the KeyVault to place the volume encryption key |
| keyVaultResourceGroup | Resource group of the KeyVault |
| passphrase | The passphrase for the disks |
| sequenceVersion | sequence version of the bitlocker operation. Increment this everytime an operation is performed on the same VM |
| useKek | Select kek if the secret should be encrypted with a key encryption key |
| vmName | Name of the virtual machine |
| _artifactsLocation | The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated. |
| _artifactsLocationSasToken | The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. |
템플릿 사용
PowerShell
New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-encrypt-running-linux-vm/azuredeploy.jsonAzure PowerShell 설치 및 구성
명령줄
azure config mode arm azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-encrypt-running-linux-vm/azuredeploy.jsonAzure 크로스 플랫폼 명령줄 인터페이스 설치 및 구성