This template allows you to create an encrypted managed disk using an existing encrypted VHD and encryption settings.
此 Azure Resource Manager (ARM) 模板由社区的某个成员(而不是由 Microsoft)创建。每个 ARM 模板都根据其所有者(不是 Microsoft)的许可协议向你授予许可。Microsoft 不对由社区成员提供并授予许可的 ARM 模板负责,并且不针对安全性、兼容性和性能进行筛选。社区 ARM 模板不由任何 Microsoft 支持计划或服务提供支持,按“原样”提供,没有任何种类的担保。
参数
| 参数名 | 说明 |
|---|---|
| vhdUri | Storage VHD Uri |
| managedDiskName | Name of the managed disk to be copied |
| keyVaultResourceID | KeyVault resource id. Ex: /subscriptions/subscriptionid/resourceGroups/contosorg/providers/Microsoft.KeyVault/vaults/contosovault |
| keyVaultSecretUrl | KeyVault secret Url. Ex: https://contosovault.vault.azure.net/secrets/contososecret/e088818e865e48488cf363af16dea596 |
| useExistingKek | Select kek if the secret is encrypted with a key encryption key and pass explicit keyVaultKekUrl. For nokek, you can keep keyVaultKekUrl empty. |
| kekUrl | key encryption key Url. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 |
| kekVaultResourceID | key encryption key vault resource id. Ex: /subscriptions/subscriptionid/resourceGroups/contosorg/providers/Microsoft.KeyVault/vaults/contosovault |
使用模板
PowerShell
New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-create-encrypted-managed-disk/azuredeploy.json安装和配置 Azure PowerShell
命令行
azure config mode arm azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-create-encrypted-managed-disk/azuredeploy.json安装和配置 Azure 跨平台命令行界面