Microsoft.DocumentDB databaseAccounts/sqlDatabases/clientEncryptionKeys

ARM template resource definition

The databaseAccounts/sqlDatabases/clientEncryptionKeys resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts/sqlDatabases/clientEncryptionKeys resource, add the following JSON to your template.

{
  "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/clientEncryptionKeys",
  "apiVersion": "2024-02-15-preview",
  "name": "string",
  "properties": {
    "resource": {
      "encryptionAlgorithm": "string",
      "id": "string",
      "keyWrapMetadata": {
        "algorithm": "string",
        "name": "string",
        "type": "string",
        "value": "string"
      },
      "wrappedDataEncryptionKey": {}
    }
  }
}

Property values

databaseAccounts/sqlDatabases/clientEncryptionKeys

Name Description Value
type The resource type 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/clientEncryptionKeys'
apiVersion The resource api version '2024-02-15-preview'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)
properties Properties to create and update ClientEncryptionKey. ClientEncryptionKeyCreateUpdatePropertiesOrClientEnc... (required)

ClientEncryptionKeyCreateUpdatePropertiesOrClientEnc...

Name Description Value
resource The standard JSON format of a ClientEncryptionKey ClientEncryptionKeyResourceOrClientEncryptionKeyGetP... (required)

ClientEncryptionKeyResourceOrClientEncryptionKeyGetP...

Name Description Value
encryptionAlgorithm Encryption algorithm that will be used along with this client encryption key to encrypt/decrypt data. string
id Name of the ClientEncryptionKey string
keyWrapMetadata Metadata for the wrapping provider that can be used to unwrap the wrapped client encryption key. KeyWrapMetadata
wrappedDataEncryptionKey Wrapped (encrypted) form of the key represented as a byte array.

KeyWrapMetadata

Name Description Value
algorithm Algorithm used in wrapping and unwrapping of the data encryption key. string
name The name of associated KeyEncryptionKey (aka CustomerManagedKey). string
type ProviderName of KeyStoreProvider. string
value Reference / link to the KeyEncryptionKey. string