Disks can only be encrypted using PowerShell and CLI. In the next demonstration, we are going to encrypt the disk of PacktVM1 using PowerShell.
To encrypt the disk, take the following steps:
- First, we need to log in to the Azure account, as follows:
Connect-AzAccount
- If necessary, select the right subscription, as follows:
Select-AzSubscription -SubscriptionId "********-****-****-****-***********"
- Set some parameters, as follows:
$ResourceGroupName = 'PacktVMResourceGroup'
$vmName = 'PacktVM1'
$KeyVaultName = 'PacktEncryptionVault'
- Then, retrieve the Key Vault, as follows:
$KeyVault = Get-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $ResourceGroupName
$diskEncryptionKeyVaultUrl = $KeyVault.VaultUri
$KeyVaultResourceId = $KeyVault.ResourceId
- Then, encrypt the disk, as follows:
Set-AzVMDiskEncryptionExtension `
-ResourceGroupName $ResourceGroupName `
-VMName $vmName `
-DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `
-DiskEncryptionKeyVaultId $KeyVaultResourceId
It will take approximately 10 minutes before the disk is encrypted. This concludes this demonstration and this chapter.