/// <summary>
/// Add encryption keys to the Options
/// </summary>
/// <param name="enableIfDisabled">Enables the encryption if currently disabled. Will throw an exception if this is FALSE and encryption is not enabled.</param>
/// <param name="diskEncryptionKey">The Disk Encryption Key (mandatory)</param>
/// <param name="keyEncryptionKey">(Optional) Encryption key for the disk encryption key</param>
public void AddKeys(bool enableIfDisabled, KeyVaultAndSecretReference diskEncryptionKey, KeyVaultAndKeyReference?keyEncryptionKey = null)
{
if (diskEncryptionKey == null)
{
throw new ArgumentNullException(nameof(diskEncryptionKey));
}
if (!Enabled)
{
if (!enableIfDisabled)
{
throw new InvalidOperationException();
}
Enabled = true;
Version = "1.1";
}
if (Options == null)
{
Options = new List <AzureDiskEncryptionOption>();
}
Options.Add(new AzureDiskEncryptionOption()
{
DiskEncryptionKey = diskEncryptionKey, KeyEncryptionKey = keyEncryptionKey
});
}
/// <summary>
/// Enable encryption
/// </summary>
/// <param name="encryptionWithAzureApp">Set to true to use legacy disk encryption using an Azure AD App</param>
/// <param name="diskEncryptionKey">The Disk Encryption Key (mandatory)</param>
/// <param name="keyEncryptionKey">(Optional) Encryption key for the disk encryption key</param>
public AzureDiskEncryptionSettings(bool encryptionWithAzureApp, KeyVaultAndSecretReference diskEncryptionKey, KeyVaultAndKeyReference?keyEncryptionKey = null)
{
if (diskEncryptionKey == null)
{
throw new ArgumentNullException(nameof(diskEncryptionKey));
}
Enabled = true;
Version = encryptionWithAzureApp switch
{
true => "1.0",
false => "1.1"
};
Options = new List <AzureDiskEncryptionOption>()
{
new AzureDiskEncryptionOption()
{
DiskEncryptionKey = diskEncryptionKey,
KeyEncryptionKey = keyEncryptionKey
}
};
}
