Can you show Packer hcl or json that sets the "Encryption at host" flag to "on" when creating VM dis
As of today 1/9/2024, there is no direct support for setting the "Encryption at host" flag through Packer HashiCorp Configuration Language (HCL) or JSON configurations when creating a VM disk on Azure.
Packer uses the Azure Compute Management Client in its Azure builder, which in turn calls the appropriate Azure VM APIs to create VMs. However, as of now, Packer hasn't implemented the "Encryption at host" feature in its Azure builder yet.
Please check the Packer GitHub repository (https://github.com/hashicorp/packer) for the latest updates, issues, or feature requests related to this matter.
On the other side, it's worth considering creating a custom script (using Azure CLI, PowerShell, etc.) to enable this setting after the VM creation, and then invoking this script as part of your provisioning step in the Packer template. A change like this should be performed after VM creation but before the VM is started, so please take it into consideration.
Here's an Azure CLI example to enable "Encryption at host":
az vm update --name myVM --resource-group myResourceGroup --encryption-at-hostAnd referring to it in provisioners block in the Packer template (JSON example):
"provisioners": [{
"type": "shell",
"inline": [
"az login --service-principal -u CLIENT_ID -p CLIENT_SECRET --tenant TENANT_ID",
"az vm update --name myVM --resource-group myResourceGroup --encryption-at-host"
]
}]Please replace CLIENT_ID, CLIENT_SECRET, TENANT_ID, myVM, and myResourceGroup with your actual values.
Please note that a specific version of Azure CLI that supports this feature is also required.
Remember to properly deal with security credentials when automating your tasks.
It's recommended to monitor the Packer repository regularly to be updated when the direct Packer support for this feature becomes available.
Connect: Join Univrs.io
Last updated