Skip to content

Commit d8f589d

Browse files
committed
Updating restrictions.
1 parent 16ef49a commit d8f589d

File tree

4 files changed

+2
-11
lines changed

4 files changed

+2
-11
lines changed

articles/virtual-machines/disks-enable-customer-managed-keys-portal.md

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,6 @@ Azure Disk Storage allows you to manage your own keys when using server-side enc
2020

2121
For now, customer-managed keys have the following restrictions:
2222

23-
- If this feature is enabled for a disk with incremental snapshots, it can't be disabled on that disk or its snapshots.
24-
If you need to work around this, you must copy all the data to an entirely different managed disk that isn't using customer-managed keys:
25-
26-
- For Linux: [Copy a managed disk](./linux/disks-upload-vhd-to-managed-disk-cli.md#copy-a-managed-disk)
27-
28-
- For Windows: [Copy a managed disk](./windows/disks-upload-vhd-to-managed-disk-powershell.md#copy-a-managed-disk)
29-
3023
[!INCLUDE [virtual-machines-managed-disks-customer-managed-keys-restrictions](../../includes/virtual-machines-managed-disks-customer-managed-keys-restrictions.md)]
3124

3225
The following sections cover how to enable and use customer-managed keys for managed disks:

articles/virtual-machines/linux/disks-enable-customer-managed-keys-cli.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,6 @@ Azure Disk Storage allows you to manage your own keys when using server-side enc
2020

2121
For now, customer-managed keys have the following restrictions:
2222

23-
- If this feature is enabled for a disk with incremental snapshots, it can't be disabled on that disk or its snapshots.
24-
If you need to work around this, you must [copy all the data](disks-upload-vhd-to-managed-disk-cli.md#copy-a-managed-disk) to an entirely different managed disk that isn't using customer-managed keys.
2523
[!INCLUDE [virtual-machines-managed-disks-customer-managed-keys-restrictions](../../../includes/virtual-machines-managed-disks-customer-managed-keys-restrictions.md)]
2624

2725
## Create resources

articles/virtual-machines/windows/disks-enable-customer-managed-keys-powershell.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,6 @@ Azure Disk Storage allows you to manage your own keys when using server-side enc
2020

2121
For now, customer-managed keys have the following restrictions:
2222

23-
- If this feature is enabled for a disk with incremental snapshots, it can't be disabled on that disk or its snapshots.
24-
If you need to work around this, you must [copy all the data](disks-upload-vhd-to-managed-disk-powershell.md#copy-a-managed-disk) to an entirely different managed disk that isn't using customer-managed keys.
2523
[!INCLUDE [virtual-machines-managed-disks-customer-managed-keys-restrictions](../../../includes/virtual-machines-managed-disks-customer-managed-keys-restrictions.md)]
2624

2725
## Set up an Azure Key Vault and DiskEncryptionSet optionally with automatic key rotation

includes/virtual-machines-managed-disks-customer-managed-keys-restrictions.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@
99
ms.author: rogarana
1010
ms.custom: include file
1111
---
12+
- If this feature is enabled for a disk with incremental snapshots, it can't be disabled on that disk or its snapshots.
13+
To work around this, copy all the data to an entirely different managed disk that isn't using customer-managed keys. You can do that with either the [Azure CLI](../articles/virtual-machines/linux/disks-upload-vhd-to-managed-disk-cli.md#copy-a-managed-disk) or the [Azure PowerShell module](../articles/virtual-machines/windows/disks-upload-vhd-to-managed-disk-powershell.md#copy-a-managed-disk).
1214
- Only [software and HSM RSA keys](../articles/key-vault/keys/about-keys.md) of sizes 2,048-bit, 3,072-bit and 4,096-bit are supported, no other keys or sizes.
1315
- [HSM](../articles/key-vault/keys/hsm-protected-keys.md) keys require the **premium** tier of Azure Key vaults.
1416
- For Ultra Disks only: Snapshots created from disks that are encrypted with server-side encryption and customer-managed keys must be encrypted with the same customer-managed keys.

0 commit comments

Comments
 (0)