默认情况下,Azure 对所有 keyvault 密钥强制执行清除保护,这在使用 terraform 时会引起一些麻烦。特别是,这可能会遇到这样的情况:您使用磁盘加密密钥删除了虚拟机,因此 terraform 也从密钥库中删除了磁盘加密密钥。
\n如果稍后您尝试重新创建该虚拟机(当然,您使用相同的加密密钥名称,因为它基于虚拟机名称),则创建过程将始终失败
\nazurerm_key_vault_key.disk_encryption[5]: Creating...\n\xe2\x95\xb7\n\xe2\x94\x82 Error: Creating Key: keyvault.BaseClient#CreateKey: Failure responding to request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=409 Code="Conflict" Message="Key vmname-custom-disk-encryption is currently in a deleted but recoverable state, and its name cannot be reused; in this state, the key can only be recovered or purged." InnerError={"code":"ObjectIsDeletedButRecoverable"}\n\xe2\x94\x82 \n\xe2\x94\x82 with azurerm_key_vault_key.disk_encryption[5],\n\xe2\x94\x82 on encryption.tf line 12, in resource "azurerm_key_vault_key" "disk_encryption":\n\xe2\x94\x82 12: resource "azurerm_key_vault_key" "disk_encryption" {\n