Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
$KVRGname = 'PixelRobots-KV-UKS';
$VMSSRGname = 'PixelRobots-VMSS-UKS';
$VmssName = 'pixelrobotsvmss';
$KeyVaultName = 'PixelRobots-VMSS-KV-UKS';
## Do not edit below this line.
$KeyVault = Get-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $KVRGname;
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
$KeyVaultResourceId = $KeyVault.ResourceId;
Set-AzVmssDiskEncryptionExtension -ResourceGroupName $VMSSRGname -VMScaleSetName $VmssName -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId;
## With KEK
$KVRGname = 'PixelRobots-KV-UKS';
$VMSSRGname = 'PixelRobots-VMSS-UKS';
$VmssName = 'pixelrobotsvmss';
$KeyVaultName = 'PixelRobots-VMSS-KV-UKS';
$keyEncryptionKeyName = "VMSSEncryptionKey";
## Do not edit below this line.
$KeyVault = Get-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $KVRGname;
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
$KeyVaultResourceId = $KeyVault.ResourceId;
$KeyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $KeyVaultName -Name $keyEncryptionKeyName).Key.kid;
Set-AzVmssDiskEncryptionExtension -ResourceGroupName $VMSSRGname -VMScaleSetName $VmssName -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -KeyEncryptionKeyUrl $KeyEncryptionKeyUrl -KeyEncryptionKeyVaultId $KeyVaultResourceId;
get-AzVmssVMDiskEncryption -ResourceGroupName "PixelRobots-VMSS-UKS" -VMScaleSetName "pixelrobotsvmss"
Disable-AzVmssDiskEncryption -ResourceGroupName "PixelRobots-VMSS-UKS" -VMScaleSetName "pixelrobotsvmss"
## AZ CLI
az vmss encryption enable --resource-group "PixelRobots-VMSS-UKS" --name "pixelrobotsvmss" --disk-encryption-keyvault "/subscriptions/*****/resourceGroups/PixelRobots-KV-UKS/providers/Microsoft.KeyVault/vaults/PixelRobots-VMSS-KV-UKS"
## AZ CLI with KEK
az vmss encryption enable --resource-group "PixelRobots-VMSS-UKS" --name "pixelrobotsvmss" --disk-encryption-keyvault "/subscriptions/****/resourceGroups/PixelRobots-KV-UKS/providers/Microsoft.KeyVault/vaults/PixelRobots-VMSS-KV-UKS" --key-encryption-key "VMSSEncryptionKey" --key-encryption-keyvault "/subscriptions/****/resourceGroups/PixelRobots-KV-UKS/providers/Microsoft.KeyVault/vaults/PixelRobots-VMSS-KV-UKS"
az vmss encryption show --resource-group "PixelRobots-VMSS-UKS" --name "pixelrobotsvmss"
az vmss update-instances --resource-group "PixelRobots-VMSS-UKS" --name "pixelrobotsvmss" --instance-ids "*"
az vmss encryption disable --resource-group "PixelRobots-VMSS-UKS" --name "pixelrobotsvmss"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.