Azure VM bootstrap secret is envelope encrypted with the provided key vault key.
JSON representation
{"keyId":string,"publicKey":string}
Fields
keyId
string
Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt config data.
For example:/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.KeyVault/vaults/<key-vault-id>/keys/<key-name>
publicKey
string
Optional. RSA key of the Azure Key Vault public key to use for encrypting the data.
This key must be formatted as a PEM-encoded SubjectPublicKeyInfo (RFC 5280) in ASN.1 DER form. The string must be comprised of a single PEM block of type "PUBLIC KEY".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-17 UTC."],[],[],null,["# AzureConfigEncryption\n\n- [JSON representation](#SCHEMA_REPRESENTATION)\n\n| GKE-on-Azure is deprecated. See \u003chttps://cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/deprecations/deprecation-announcement\u003e for more details.\nConfiguration related to config data encryption.\n\nAzure VM bootstrap secret is envelope encrypted with the provided key vault key."]]
