diff --git a/src/ResourceManager/Compute/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md b/src/ResourceManager/Compute/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md index 952946df3e42..0445eb34118e 100644 --- a/src/ResourceManager/Compute/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md +++ b/src/ResourceManager/Compute/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md @@ -114,8 +114,8 @@ $KeyVaultResourceId = $KeyVault.ResourceId $CertPath = "C:\certificates\examplecert.pfx" $CertPassword = "Password" $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword) -$KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) -$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -KeyValue $KeyValue -KeyType AsymmetricX509Cert +$CertValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) +$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -CertValue $CertValue $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId $AADClientID = $AzureAdApplication.ApplicationId @@ -165,6 +165,7 @@ $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri $KeyVaultResourceId = $KeyVault.ResourceId +$KEKName = "MyKeyEncryptionKey" $KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software" $KeyEncryptionKeyUrl = $KEK.Key.kid @@ -182,6 +183,7 @@ $VaultName= "MyKeyVault" $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri $KeyVaultResourceId = $KeyVault.ResourceId +$KEKName = "MyKeyEncryptionKey" $KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software" $KeyEncryptionKeyUrl = $KEK.Key.kid @@ -189,8 +191,8 @@ $KeyEncryptionKeyUrl = $KEK.Key.kid $CertPath = "C:\certificates\examplecert.pfx" $CertPassword = "Password" $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword) -$KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) -$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -KeyValue $KeyValue -KeyType AsymmetricX509Cert +$CertValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) +$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -CertValue $CertValue $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId $AADClientID = $AzureAdApplication.ApplicationId @@ -221,7 +223,7 @@ $VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVaultId -CertificateStor Update-AzureRmVM -VM $VM -ResourceGroupName $RGName #Enable encryption on the virtual machine using Azure AD client ID and client cert thumbprint -Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGname -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId +Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGname -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -KeyEncryptionKeyUrl $KeyEncryptionKeyUrl -KeyEncryptionKeyVaultId $KeyVaultResourceId ``` This example enables encryption using Azure AD client ID, client cert thumbprint, and wrap disk encryption key by using key encryption key. diff --git a/src/ResourceManager/Compute/Stack/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md b/src/ResourceManager/Compute/Stack/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md index 517a9a4c566e..13be65d07e0b 100644 --- a/src/ResourceManager/Compute/Stack/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md +++ b/src/ResourceManager/Compute/Stack/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md @@ -70,8 +70,8 @@ $KeyVaultResourceId = $KeyVault.ResourceId $CertPath = "C:\certificates\examplecert.pfx" $CertPassword = "Password" $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword) -$KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) -$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -KeyValue $KeyValue -KeyType AsymmetricX509Cert +$CertValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) +$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -CertValue $CertValue $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId $AADClientID = $AzureAdApplication.ApplicationId @@ -121,6 +121,7 @@ $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri $KeyVaultResourceId = $KeyVault.ResourceId +$KEKName = "MyKeyEncryptionKey" $KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software" $KeyEncryptionKeyUrl = $KEK.Key.kid @@ -138,6 +139,7 @@ $VaultName= "MyKeyVault" $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri $KeyVaultResourceId = $KeyVault.ResourceId +$KEKName = "MyKeyEncryptionKey" $KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software" $KeyEncryptionKeyUrl = $KEK.Key.kid @@ -145,8 +147,8 @@ $KeyEncryptionKeyUrl = $KEK.Key.kid $CertPath = "C:\certificates\examplecert.pfx" $CertPassword = "Password" $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword) -$KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) -$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -KeyValue $KeyValue -KeyType AsymmetricX509Cert +$CertValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) +$AzureAdApplication = New-AzureRmADApplication -DisplayName "" -HomePage "" -IdentifierUris "" -CertValue $CertValue $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId $AADClientID = $AzureAdApplication.ApplicationId @@ -177,7 +179,7 @@ $VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVaultId -CertificateStor Update-AzureRmVM -VM $VM -ResourceGroupName $RGName #Enable encryption on the virtual machine using Azure AD client ID and client cert thumbprint -Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGname -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId +Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGname -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -KeyEncryptionKeyUrl $KeyEncryptionKeyUrl -KeyEncryptionKeyVaultId $KeyVaultResourceId ``` This example enables encryption using Azure AD client ID, client cert thumbprint, and wrap disk encryption key by using key encryption key.