Key Vault (1 / 13): Your company is preparing to deploy an application on an Azure Linux virtual machine (VM) named myLinuxVM, and there is a requirement to configure Azure Disk Encryption. You have created a resource group named myResourceGroup in the East US region.
To achieve the desired configuration, you need to use a key encryption key (KEK) to protect the encryption secret and enable the Key Vault for both disk encryption and template deployments.
Answer:
az keyvault create --name "<keyvault-id>" --resource-group "myResourceGroup" --location "eastus"
az keyvault update --name "<keyvault-id>" --resource-group "MyResourceGroup" --enabled-for-disk-encryption "true"
az keyvault update --name "<keyvault-id>" --resource-group "MyResourceGroup" --enabled-for-template-deployment "true"
az keyvault key create --name "myKEK" --vault-name "<keyvault-id>" --kty RSA --size 4096
az vm encryption enable -g "MyResourceGroup" --name "myLinuxVM" --disk-encryption-keyvault "<keyvault-id>" --key-encryption-key "myKEK"