apache_conf 使用PowerShell加密Azure VM磁盘

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了apache_conf 使用PowerShell加密Azure VM磁盘相关的知识,希望对你有一定的参考价值。

<#

  .SYNOPSIS
  Enables disk encrption on a VM

  .DESCRIPTION
  Enables disk encryption on a VM. The script will create a new Key Vault, Azure Active Directory Application and Service principal
  
  .PARAMETER ResourceGroupName
  The name of the resource group that contains the key vault and virtual machine
  
  .PARAMETER Location
  The location of the resources
  
  .PARAMETER VMName
  The name of the virtual machine
  
  .PARAMETER KeyVaultName
  The name of the key vault. A new key vault will be created if it doesn't exist
  
  .PARAMETER AADClientSecret
  The client secret used by the Azure AD Application

  .EXAMPLE
  $AAdClientSecret = "S3cr3t123!" | ConvertTo-SecureString -AsPlainText -Force
  .\ConfigureVMDiskEncryption.ps1 -ResourceGroupName "ResourceGroup01" -Location "UK South" -VMName "VM01" -KeyVaultName "KeyVault01" -AAdClientSecret $AAdClientSecret -Verbose

#>
[CmdletBinding()]
Param(

    [Parameter()]
    [ValidateNotNullOrEmpty()]
    [String]$ResourceGroupName,

    [Parameter()]
    [ValidateNotNullOrEmpty()]
    [String]$Location,

    [Parameter()]
    [ValidateNotNullOrEmpty()]
    [String]$VMName,

    [Parameter()]
    [ValidateNotNullOrEmpty()]
    [String]$KeyVaultName,

    [Parameter()]
    [ValidateNotNullOrEmpty()]
    [SecureString]$AAdClientSecret
)

# -- Retrieve or create a new Key Vault that is enabled for disk encryption
$KeyVault = Get-AzureRmKeyVault -ResourceGroupName $ResourceGroupName -VaultName $KeyVault -Verbose:$VerbosePreference -ErrorAction SilentlyContinue

if (!$KeyVault) {
    Write-Verbose -Message "Key Vault $($KeyVaultName) does not exist. Creating.."
    $KeyVault = New-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $ResourceGroupName -Location $Location -Verbose:$VerbosePreference
}

Set-AzureRmKeyVaultAccessPolicy -ResourceGroupName $ResourceGroupName -VaultName $KeyVaultName -EnabledForDiskEncryption -Verbose:$VerbosePreference

# --- Create an AzureADApplication and a new service principal
$AAdApplicationParameters = @{
    DisplayName = $KeyVaultName
    HomePage = $KeyVault.VaultUri
    IdentifierUris = $KeyVault.VaultUri
    Password = $AAdClientSecret
}
$AadApplication = New-AzureRmADApplication @AadApplicationParameters -Verbose:$VerbosePreference
$ServicePrincipal = New-AzureRmADServicePrincipal –ApplicationId $AadApplication.ApplicationId -Verbose:$VerbosePreference

# --- Allow the application access to the Key Vault
$KeyVaultAccessPolicyParameters = @{
    ResourceGroupName = $ResourceGroupName
    VaultName = $keyVaultName
    ServicePrincipalName = $AadApplication.ApplicationId
    PermissionsToKeys = "WrapKey"
    PermissionsToSecrets = "Set"
}

Set-AzureRmKeyVaultAccessPolicy @KeyVaultAccessPolicyParameters -Verbose:$VerbosePreference

# --- Encrypt the disks
$DiskEncryptionExtensionParameters = @{
    ResourceGroupName = $ResourceGroupName
    VMName = $VMName
    AadClientID = $AadApplication.ApplicationId
    AadClientSecret = $AadClientSecret
    DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
    DiskEncryptionKeyVaultId = $KeyVault.ResourceId
}

Set-AzureRmVMDiskEncryptionExtension @DiskEncryptionExtensionParameters -Verbose:$VerbosePreference

以上是关于apache_conf 使用PowerShell加密Azure VM磁盘的主要内容,如果未能解决你的问题,请参考以下文章

修改加粗cmd和powershell命令行的中文字体

Powershell 之加解密

powershell电脑加域退域

Windows Server 2016-Powershell之客户端加域

PowerShell实现自动化加域并加密凭据

powershell快捷方式里添加命令,执行完命令后会关闭窗口,怎么能在执行完命令后不让窗口关闭