Contact UsGet started

Encrypting a disk

Written by
Updated at December 16, 2024

  1. Create a Yandex Key Management Service encryption key. For more information, see Encryption in Compute Cloud.

  2. Create an image of the disk you want to encrypt.

  3. Create an encrypted disk from the image:

    1. In the management console, select the folder you want to create an encrypted disk in.

    2. Select Compute Cloud.

    3. In the left-hand panel, select Disks.

    4. Click Create disk.

    5. Enter a name for the disk.

      • The name must be from 3 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • The first character must be a letter and the last character cannot be a hyphen.

    6. Select the same availability zone in which the source disk was residing.

    7. Set the disk parameters: disk type, block size, and disk size.

    8. In the Contents field, select Image and select the image you created earlier in the list below. Use the filter to find the image.

    9. Optionally, under Encryption:

      • Select Encrypted disk.
      • In the KMS key field, select the key you created earlier. To create a new key, click Create new key.

      Warning

      You can specify encryption settings only when creating a disk. You cannot disable or change disk encryption.

      If you deactivate the key used to encrypt a disk, image, or snapshot, access to the data will be suspended until you reactivate the key.

      Alert

      If you destroy the key or its version used to encrypt a disk, image, or snapshot, access to the data will be irrevocably lost. Learn more in Destroying key versions.

    10. Click Create disk.

    Once created, the disk will get the Creating status. Wait until the disk status changes to Ready before using it.

  4. Delete the image.

  5. Delete the unencrypted disk.

See also

Previous
Moving a disk to a different availability zone
Next
Getting information about a disk