Skip to content

Commit f421f40

Browse files
sauryadassauryadas
authored
Update azure-disk-customer-managed-keys.md
Multiple minor edits, missing spaces between parameters, incorrect parameters
1 parent 7f600de commit f421f40

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

articles/aks/azure-disk-customer-managed-keys.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ keyVaultId=$(az keyvault show --name myKeyVaultName --query [id] -o tsv)
7272
keyVaultKeyUrl=$(az keyvault key show --vault-name myKeyVaultName --name myKeyName --query [key.kid] -o tsv)
7373
7474
# Create a DiskEncryptionSet
75-
az disk-encryption-set create -n myDiskEncryptionSetName -l myAzureRegionName -g myResourceGroup--source-vault $keyVaultId --key-url $keyVaultKeyUrl
75+
az disk-encryption-set create -n myDiskEncryptionSetName -l myAzureRegionName -g myResourceGroup --source-vault $keyVaultId --key-url $keyVaultKeyUrl
7676
```
7777

7878
## Grant the DiskEncryptionSet resource access to the key vault
@@ -81,10 +81,10 @@ Use the DiskEncryptionSet and resource groups you created on the prior steps, an
8181

8282
```azurecli-interactive
8383
# Retrieve the DiskEncryptionSet value and set a variable
84-
desIdentity=$(az disk-encryption-set show -n myDiskEncryptionSetName -g myResourceGroup--query [identity.principalId] -o tsv)
84+
desIdentity=$(az disk-encryption-set show -n myDiskEncryptionSetName -g myResourceGroup --query [identity.principalId] -o tsv)
8585
8686
# Update security policy settings
87-
az keyvault set-policy -n myKeyVaultName -g myResourceGroup--object-id $desIdentity --key-permissions wrapkey unwrapkey get
87+
az keyvault set-policy -n myKeyVaultName -g myResourceGroup --object-id $desIdentity --key-permissions wrapkey unwrapkey get
8888
8989
# Assign the reader role
9090
az role assignment create --assignee $desIdentity --role Reader --scope $keyVaultId
@@ -96,13 +96,13 @@ Create a new resource group and AKS cluster, then use your key to encrypt the OS
9696

9797
```azurecli-interactive
9898
# Retrieve the DiskEncryptionSet value and set a variable
99-
diskEncryptionSetId=$(az resource show -n $diskEncryptionSetName -g ssecmktesting --resource-type "Microsoft.Compute/diskEncryptionSets" --query [id] -o tsv)
99+
diskEncryptionSetId=$(az resource show -n diskEncryptionSetName -g myResourceGroup --resource-type "Microsoft.Compute/diskEncryptionSets" --query [id] -o tsv)
100100
101101
# Create a resource group for the AKS cluster
102102
az group create -n myResourceGroup-l myAzureRegionName
103103
104104
# Create the AKS cluster
105-
az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset-id diskEncryptionId --kubernetes-version 1.17.0
105+
az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --kubernetes-version 1.17.0
106106
```
107107

108108
When new node pools are added to the cluster created above, the customer managed key provided during the create is used to encrypt the OS disk

0 commit comments

Comments
 (0)