The storageAccounts/encryptionScopes resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Storage/storageAccounts/encryptionScopes resource, add the following JSON to your template.
{
"type": "Microsoft.Storage/storageAccounts/encryptionScopes",
"apiVersion": "2023-01-01",
"name": "string",
"properties": {
"keyVaultProperties": {
"keyUri": "string"
},
"requireInfrastructureEncryption": "bool",
"source": "string",
"state": "string"
}
}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Storage/storageAccounts/encryptionScopes' |
apiVersion | The resource api version | '2023-01-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
properties | Properties of the encryption scope. | EncryptionScopeProperties |
Name | Description | Value |
---|---|---|
keyVaultProperties | The key vault properties for the encryption scope. This is a required field if encryption scope 'source' attribute is set to 'Microsoft.KeyVault'. | EncryptionScopeKeyVaultProperties |
requireInfrastructureEncryption | A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. | bool |
source | The provider for the encryption scope. Possible values (case-insensitive): Microsoft.Storage, Microsoft.KeyVault. | 'Microsoft.KeyVault' 'Microsoft.Storage' |
state | The state of the encryption scope. Possible values (case-insensitive): Enabled, Disabled. | 'Disabled' 'Enabled' |
Name | Description | Value |
---|---|---|
keyUri | The object identifier for a key vault key object. When applied, the encryption scope will use the key referenced by the identifier to enable customer-managed key support on this encryption scope. | string |