You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/confidential-vm-restore.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,7 +27,7 @@ Confidential VM restore behavior depends on the state of the DES, Key Vault, and
27
27
28
28
-**Original Key or Key Version intact**: Restore succeeds if the original Disk Encryption Set (DES) and key remain intact.
29
29
-**Key Rotation**: Restore succeeds when a new key version is active, provided the previous key version isn't expired or deleted.
30
-
-**Key Change**: If the DES uses a new key in the same key vault, restore succeeds only if the original key(used during backup) still exists. It fails if original key is deleted. If you're using a different key vault - it should point to the same key as the original one.
30
+
-**Key Change**: If the DES uses a new key in the same key vault, restore succeeds only if the original key, used during backup still exists. It fails if original key is deleted. If you're using a different key vault - it should point to the same key as the original one.
31
31
-**DES or Key Deleted**: Restore fails with errors, such as `UserErrorDiskEncryptionSetDoesNotExist` or `UserErrorDiskEncryptionSetKeyDoesNotExist`. To resolve, re-create the key and DES using restored key data, then retry the restore.
32
32
-**Input DES Provided**: If you provide a new DES created from restored key data, restore succeeds if the key and version match the ones used at backup time.
33
33
-**Mismatched DES or Key**: Restore fails with `UserErrorInputDESKeyDoesNotMatchWithOriginalKey`. To resolve this error, restore the missing keys.
@@ -37,7 +37,7 @@ Learn how to [restore missing keys for Confidential VM restore](#restore-missing
37
37
## Restore a Confidential VM
38
38
39
39
### Restore with original key intact
40
-
During the restore process, you can continue without providing a Disk encryption set input when the original(used during backup) Customer Managed Key (CMK), Key Vault, mHSM, and DES are available. In these scenarios, you can continue the restore process as usual. [Learn how to restore an Azure VM](backup-azure-arm-restore-vms.md).
40
+
During the restore process, you can continue without providing a Disk encryption set input when the original Customer Managed Key (CMK), Key Vault, mHSM, and DES are available. In these scenarios, you can continue the restore process as usual. [Learn how to restore an Azure VM](backup-azure-arm-restore-vms.md).
41
41
42
42
### Restore when original key is rotated, lost, or compromised
43
43
The restore process fails if the original CMK, Key Vault, mHSM, or DES referencing the CMK is unavailable, or if backup can't access the original CMK. In such cases, the initial restore attempt fails, and the CVM won't restore. To address this, follow these steps:
0 commit comments