Encrypting a disk
-
Create a Yandex Key Management Service encryption key. For more information, see Encryption in Compute Cloud.
-
Create an image of the disk you want to encrypt.
-
Create an encrypted disk from the image:
Management console-
In the management console, select the folder you want to create an encrypted disk in.
-
Select Compute Cloud.
-
In the left-hand panel, select Disks.
-
Click Create disk.
-
Enter the disk name.
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Select the same availability zone in which the source disk was residing.
-
Set the disk parameters: disk type, block size, and disk size.
-
In the Contents field, select
Imageand select the image you created earlier in the list below. Use the filter to find the image. -
Under Encryption:
-
Select the Encrypted disk option.
-
In the KMS key field, select the key created earlier.
The encryption feature in Compute Cloud is currently at the Preview stage. To access it, open the resource creation page and click Request access under Encryption or contact support.
If you deactivate the key used to encrypt a disk or snapshot, access to the data will be suspended until you reactivate the key.
Alert
If you destroy the key or its version used to encrypt a disk or snapshot, access to the data will be irrevocably lost. Learn more in Destroying key versions.
-
-
Click Create disk.
Once created, the disk will get the
Creatingstatus. Wait until the disk status changes toReadybefore using it. -
-
Delete the image.
-
Delete the unencrypted disk.