如何循环访问与 Azure VM 关联的每个磁盘并使用 PowerShell 获取加密状态?
How to iterate through each disk associated with Azure VM and get the encryption status using PowerShell?
我想首先获取与 VM 关联的磁盘列表,然后遍历每个磁盘属性以确定磁盘是否经过客户管理密钥 (CMK) 加密。如何使用 Azure PowerShell 执行此检查?
通常,要获取虚拟机的加密状态,您可以使用具有以下语法的 Get-AzVMDiskEncryptionStatus cmdlet:
Get-AzVmDiskEncryptionStatus -ResourceGroupName $resourceGroupName -VMName $vmName
您将看到操作系统和数据卷的加密状态。
如果上面的 OsVolumeEncrypted 或 DataVolumesEncrypted 显示 Encrypted, 你可能有 osDisk 或 dataDisk使用 CMK 加密。
您还可以使用以下 PowerShell 命令从每个磁盘捕获加密设置。更多详情,您可以阅读this article.
RGNAME="RGNAME"
VMNAME="VNAME"
$VM = Get-AzVM -Name $VMNAME -ResourceGroupName $RGNAME
$Sourcedisk = Get-AzDisk -ResourceGroupName $RGNAME -DiskName $VM.StorageProfile.OsDisk.Name
Write-Host "============================================================================================================================================================="
Write-Host " OS disk Encryption Settings:"
Write-Host "============================================================================================================================================================="
Write-Host "Enabled:" $Sourcedisk.EncryptionSettingsCollection.Enabled
Write-Host "Version:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettingsVersion
Write-Host "Source Vault:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SourceVault.Id
Write-Host "Secret URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl
Write-Host "Key URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl
Write-Host "============================================================================================================================================================="
foreach ($i in $VM.StorageProfile.DataDisks| ForEach-Object{$_.Name})
{
Write-Host "============================================================================================================================================================="
Write-Host "Data Disk Encryption Settings:"
Write-Host "============================================================================================================================================================="
Write-Host "Checking Disk:" $i
$Sourcedisk=(Get-AzDisk -ResourceGroupName $RGNAME -DiskName $i)
Write-Host "Encryption Enable: " $Sourcedisk.EncryptionSettingsCollection.Enabled
Write-Host "Encryption KeyEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl;
Write-Host "Encryption DiskEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl;
Write-Host "============================================================================================================================================================="
}
我想首先获取与 VM 关联的磁盘列表,然后遍历每个磁盘属性以确定磁盘是否经过客户管理密钥 (CMK) 加密。如何使用 Azure PowerShell 执行此检查?
通常,要获取虚拟机的加密状态,您可以使用具有以下语法的 Get-AzVMDiskEncryptionStatus cmdlet:
Get-AzVmDiskEncryptionStatus -ResourceGroupName $resourceGroupName -VMName $vmName
您将看到操作系统和数据卷的加密状态。
如果上面的 OsVolumeEncrypted 或 DataVolumesEncrypted 显示 Encrypted, 你可能有 osDisk 或 dataDisk使用 CMK 加密。
您还可以使用以下 PowerShell 命令从每个磁盘捕获加密设置。更多详情,您可以阅读this article.
RGNAME="RGNAME"
VMNAME="VNAME"
$VM = Get-AzVM -Name $VMNAME -ResourceGroupName $RGNAME
$Sourcedisk = Get-AzDisk -ResourceGroupName $RGNAME -DiskName $VM.StorageProfile.OsDisk.Name
Write-Host "============================================================================================================================================================="
Write-Host " OS disk Encryption Settings:"
Write-Host "============================================================================================================================================================="
Write-Host "Enabled:" $Sourcedisk.EncryptionSettingsCollection.Enabled
Write-Host "Version:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettingsVersion
Write-Host "Source Vault:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SourceVault.Id
Write-Host "Secret URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl
Write-Host "Key URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl
Write-Host "============================================================================================================================================================="
foreach ($i in $VM.StorageProfile.DataDisks| ForEach-Object{$_.Name})
{
Write-Host "============================================================================================================================================================="
Write-Host "Data Disk Encryption Settings:"
Write-Host "============================================================================================================================================================="
Write-Host "Checking Disk:" $i
$Sourcedisk=(Get-AzDisk -ResourceGroupName $RGNAME -DiskName $i)
Write-Host "Encryption Enable: " $Sourcedisk.EncryptionSettingsCollection.Enabled
Write-Host "Encryption KeyEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl;
Write-Host "Encryption DiskEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl;
Write-Host "============================================================================================================================================================="
}