I have some code that appears to be working that encrypts the disks in a VM, based heavily on https://github.com/Azure/azure-libraries-for-java/blob/master/azure-mgmt-compute/src/test/java/com/microsoft/azure/management/compute/VirtualMachineEncryptionOperationsTests.java.
It seems to me this code only requires me to create a vault, and then I can use that vault for encrypting VMs. I do not need to create a key first.
So my question would be, why don't I need to create a key? I assumed the SDK might create one for me, but attempts to subsequently list all the keys in my vault (using the Azure CLI, same subscription and service principal) just return an empty list.
I checked from the Azure portal that the VM does appear to be encrypted: I'm just unsure why there is no key.
