This template enables encryption on a running linux vm using AAD client secret.
이 Azure Resource Manager 템플릿은 Microsoft가 아니라 커뮤니티 구성원에 의해 만들어졌습니다. 각 Resource Manager 템플릿은 Microsoft가 아닌 해당 소유자의 사용권 계약에 의거하여 사용이 허가됩니다. Microsoft는 커뮤니티 구성원에 의해 제공 및 라이선스가 부여된 Resource Manager 템플릿에 대해 책임이 없으며, 보안, 호환성 또는 성능을 검사하지 않습니다. 커뮤니티 Resource Manager 템플릿은 Microsoft 지원 프로그램 또는 서비스에서 지원되지 않고, 어떠한 보증도 없이 있는 그대로 제공됩니다.
매개 변수
| 매개 변수 이름 | 설명 |
|---|---|
| aadClientID | Client ID of AAD app which has permissions to KeyVault |
| aadClientSecret | Client Secret of AAD app which has permissions to KeyVault |
| diskFormatQuery | the query string used to identify the disks to format and encrypt. This parameter only works when you set the EncryptionOperation as EnableEncryptionFormat. For example, passing [{"dev_path":"/dev/md0","name":"encryptedraid","file_system":"ext4"}] will format /dev/md0, encrypt it and mount it at /mnt/dataraid. This parameter should only be used for RAID devices. The specified device must not have any existing filesystem on it. |
| encryptionOperation | EnableEncryption would encrypt the disks in place and EnableEncryptionFormat would format the disks directly |
| volumeType | Defines which drives should be encrypted. OS encryption is supported on RHEL 7.2, CentOS 7.2 & Ubuntu 16.04. |
| keyEncryptionKeyURL | URL of the KeyEncryptionKey used to encrypt the volume encryption key |
| keyVaultName | Name of the KeyVault to place the volume encryption key |
| keyVaultResourceGroup | Resource group of the KeyVault |
| passphrase | The passphrase for the disks |
| sequenceVersion | sequence version of the bitlocker operation. Increment this everytime an operation is performed on the same VM |
| useKek | Select kek if the secret should be encrypted with a key encryption key |
| vmName | Name of the virtual machine |
| _artifactsLocation | The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated. |
| _artifactsLocationSasToken | The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. |
| location | Location for all resources. |
템플릿 사용
PowerShell
New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-encrypt-running-linux-vm/azuredeploy.jsonAzure PowerShell 설치 및 구성
명령줄
azure config mode armAzure 크로스 플랫폼 명령줄 인터페이스 설치 및 구성
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-encrypt-running-linux-vm/azuredeploy.json