AzureConfigEncryption

Configuration related to config data encryption.

Azure VM bootstrap secret is envelope encrypted with the provided key vault key.

JSON representation
{
  "keyId": string,
  "publicKey": string
}
Fields
keyId

string

Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt config data.

For example: /subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.KeyVault/vaults/<key-vault-id>/keys/<key-name>

publicKey

string

Optional. RSA key of the Azure Key Vault public key to use for encrypting the data.

This key must be formatted as a PEM-encoded SubjectPublicKeyInfo (RFC 5280) in ASN.1 DER form. The string must be comprised of a single PEM block of type "PUBLIC KEY".