Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Compute Cloud
    • All guides
      • Updating a disk
      • Configuring disk snapshot schedules
      • Moving a disk to a different folder
      • Moving a disk to a different availability zone
      • Encrypting a disk
      • Getting information about a disk
      • Configuring disk access permissions
      • Deleting a disk
    • Viewing operations with resources
  • Yandex Container Solution
  • Access management
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  1. Step-by-step guides
  2. Managing a disk
  3. Encrypting a disk

Encrypting a disk

Written by
Yandex Cloud
Improved by
Danila N.
Updated at April 22, 2025
  1. Create a Yandex Key Management Service encryption key. For more information, see Encryption in Compute Cloud.

  2. Create an image of the disk you want to encrypt.

  3. Create an encrypted disk from the image:

    Management console
    1. In the management console, select the folder where you want to create an encrypted disk.

    2. Select Compute Cloud.

    3. In the left-hand panel, select Disks.

    4. Click Create disk.

    5. Enter a name for the disk.

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.
    6. Select the same availability zone that contained the source disk.

    7. Set the disk parameters, such as disk type, block size, and disk size.

    8. In the Contents field, select Image and then select the image you created earlier from the list below. Use the filter to find the image.

    9. Optionally, under Encryption:

      • Select Encrypted disk.
      • In the KMS key field, select the key you created earlier. To create a new key, click Create.

      To create an encrypted disk, you need the kms.keys.user role or higher.

      Warning

      You can specify encryption settings only when creating a disk. You cannot disable or change disk encryption. You also cannot enable encryption for an existing disk.

      If you deactivate the key used to encrypt a disk, image, or snapshot, access to the data will be suspended until you reactivate the key.

      Alert

      If you destroy the key or its version used to encrypt a disk, image, or snapshot, access to the data will be irrevocably lost. For details, see Destroying key versions.

    10. Click Create disk.

    Once created, the disk will get the Creating status. Wait until the disk status changes to Ready before using it.

  4. Delete the image.

  5. Delete the unencrypted disk.

See alsoSee also

  • Encryption in Compute Cloud
  • Encrypting an image

Was the article helpful?

Previous
Moving a disk to a different availability zone
Next
Getting information about a disk
Yandex project
© 2025 Yandex.Cloud LLC