none
Linux Disk Encryption RRS feed

  • Question

  • Hello,

             I have 100+ linux VM's which i want apply disk encryption. I'm following the below CLI command which is working fine, but both VM and keyvault should be on same resource group.

    az vm encryption enable --resource-group "Test_rG" --name "testvm" --disk-encryption-keyvault "testvault" --volume-type OS

    Can someone help me to modify the command to specify different resource Groups for VM and Keyvault.



    Friday, August 2, 2019 6:19 AM

All replies

  • As I understand you need to provide different resource group Key vault to different RG for VM am I Correct?(encrypt a VM using a key vault in the different resource group)

    Firstly, If you are using Linux VMs, please check to make sure they fit the prerequisites, All the VMs which you have installed should support for disk encryption.

    The key vault parameters should accept the name or ID of the key vault you want to use. To use cross-RG resources, you must specify the ID. This is standard across the CLI.

    This GitHub article provides commands and suggestion: az vm encryption enable- doesn't allow for different key vault resource group 

    Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be encrypted.

    Make sure all the resources such as virtual machines and key vault are located in the same region and same subscription.

    Regarding the encrypting the multiple virtual machines with the same key which is stored in key vault can be possible. You can use the same and key vault if you want to encrypt the multiple virtual machines. Azure Disk Encryption creates different secrets for each of the virtual machines that are associated to that key.

    You can use the Azure VM disk encryption in different region by using the Service endpoint.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Friday, August 2, 2019 11:23 AM
    Moderator
  • @Juliesmiley  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Tuesday, August 6, 2019 9:41 AM
    Moderator
  • @Juliesmiley Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, August 7, 2019 5:38 AM
    Moderator
  • @Juliesmiley  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Monday, August 26, 2019 5:54 AM
    Moderator