{"id":263,"date":"2017-10-16T20:19:29","date_gmt":"2017-10-16T20:19:29","guid":{"rendered":"http:\/\/www.ciraltos.com\/?p=263"},"modified":"2018-09-16T16:42:32","modified_gmt":"2018-09-16T16:42:32","slug":"azure-disk-encryption","status":"publish","type":"post","link":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/","title":{"rendered":"Azure Disk Encryption"},"content":{"rendered":"

\"Disk** Updated post located here<\/a>**<\/p>\n

I deployed some VM\u2019s using both JSON and PowerShell and enabled Storage Service Encryption to encrypt data at rest.\u00a0 Now I want to enable Azure Disk Encryption (ADE) on these VM\u2019s as an extra level of security.\u00a0 In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.\u00a0 More information on Azure Disk Encryption, including encrypting Linux can be found here<\/a>.<\/p>\n

There is a lot of information from Microsoft on configuring Disk Encryption.\u00a0 Most of it covered different methods, such as PowerShell or CLI and different OS versions.\u00a0 This post is sticking to the basics, encrypting existing Windows OS using the portal to get things started and PowerShell to do the encryption.\u00a0 Check out this link <\/a>if you want more information on Azure Encryption options.<\/p>\n

But First, A Couple Notes<\/h2>\n

A couple notes to get things started.\u00a0 There is an option to encrypt VM\u2019s with a Key Encryption Key (KEK).\u00a0 Use this or you will not be able to back up and recover VM\u2019s with Azure Recovery Vault*.\u00a0 Also, there are two types of key vaults, Standard and Premium.\u00a0 Premium uses Hardware Security Modules (HSM) protected keys and costs under a couple dollars a month.\u00a0 There is no reason not to go with HSM in production.<\/p>\n

*At the time of this writing there is some conflicting information regarding if KEK is necessary to backup with Azure Recovery Vault.\u00a0 This document <\/a>indicates that the KEK is required, but in this recently updated Microsoft document<\/a>, it indicates that BEK only VM\u2019s are supported.\u00a0 In my tests you can backup a BEK encrypted VM if you add the Backup Secret permissions to the Backup Management Service in the Key Vault Access Policy.\u00a0 For the sake of this post, I\u2019m sticking with the KEK requirement as outlined in the first document.<\/p><\/blockquote>\n

 <\/p>\n

When Azure Disk Encryption is enabled on a Windows OS, ADE mounts a Bek volume on the E:\\ drive. \u00a0This drive is used to manage keys while the VM is running.\u00a0 The Bek volume will take over the E:\\ drive. I suggest moving any volumes that are mounded on E:\\ to another drive letter prior to encrypting.<\/del>\u00a0 Further testing shows this is not the case.\u00a0 The Bek Volume will take the next available drive letter.<\/p>\n

Lastly, update your Azure Module in Powershell.\u00a0 This is important, don\u2019t skip this step.<\/p>\n

Update-module AzureRM<\/pre>\n
If you don\u2019t have the Azure Module installed, run the \u201cget-module azurerm\u201d and \u201cimport-module azurerm\u201d to get it.<\/p>\n
Alright, let\u2019s get this started now that that\u2019s out of the way.<\/p>\n
Azure AD Enterprise Application<\/h2>\n
Azure requires the ability to access, generate and update keys in the key vault.\u00a0 It does this by using an Azure AD Enterprise Application. In this step we will setup the application and grant it access.<\/p>\n
From the Azure Portal, go to Azure Active Directory, Enterprise Applications and select All Applications.<\/p>\n
Add a new Application.\u00a0 This is not from the gallery, select the option for \u201cApplication you\u2019re developing\u201d and select the option to \u201cregister my new application\u201d<\/p>\n
\"Azure<\/a><\/p>\n
 <\/p>\n
Next, select the option for New application registration.\u00a0 Give the application a name, set the type to Web app\/API and set any sign-on URL you want, it won\u2019t be used for this application.<\/p>\n
\"Azure<\/a><\/p>\n
Once that\u2019s deployed, go into the application and select Keys to add a key.\u00a0 Add a description and set the Expiration value.\u00a0 When you click Save a value will appear.\u00a0 Record the value!!\u00a0<\/strong> You will not be able to retrieve this key later.\u00a0 Also, be sure to update the key before expiration if you set the key to expire.<\/p>\n
\"Azure<\/a><\/p>\n
The Key Vault<\/h2>\n
Now create the Key Vault.\u00a0 This can be found in the Azure Portal.\u00a0 Use an existing or setup new.\u00a0 Note that the Key Vault needs to be in the same region as the VM you are encrypting.\u00a0 Create multiple key vaults if you have VM’s in more than one region.<\/p>\n
Fill out all the usual boxes and check marks in Create Key Vault\u00a0.\u00a0 Leave the access policy as is, we will update that later.\u00a0 Select the option to enable access to Azure for Disk Encryption under Advanced Access Policy.\u00a0 Click OK and Create to setup the vault.<\/p>\n
\"Azure<\/a><\/p>\n
Encryption Key<\/h2>\n
Next step is to setup the Encryption Key.\u00a0 Go into the freshly minted (or existing) vault and go to keys to add a key.\u00a0 Give it a name and set the type to HSM (if you don\u2019t have that option it\u2019s because you have a standard Key Vault).\u00a0 Make sure it\u2019s enabled and click Create.<\/p>\n
\"Azure<\/a><\/p>\n
Add Permissions to the Application<\/h2>\n
Next step is to add permission to the Key Vault for the Enterprise Application.\u00a0 Go into the Key Vault and open Access Policies, Add New.\u00a0 Select the Enterprise Application setup previously as the Service Principal.\u00a0 As the VM is encrypted, the application will generate, update and read keys to the key vault.\u00a0 Give the application all Key Permissions and Secret Permissions.\u00a0 Save the changes when finished<\/p>\n
\"Azure<\/a><\/p>\n
 <\/p>\n
The Encryption Commands<\/h2>\n
We are ready for disk encryption now that the prep work is finished.\u00a0 Notice the computer below has an OS, temp and F: data drive, all with BitLocker turned off.\u00a0 You can also run the following command to get the VM Encryption Status:<\/p>\n
Get-AzureRmVMDiskEncryptionStatus -ResourceGroupName RGName -VMName VMName<\/pre>\n
\"Azure<\/a><\/p>\n
Here is a breakdown of the commands:<\/h3>\n
First the variables.\u00a0 This section specifies the VM name and Resource Group as well as the ID of the application setup earlier.\u00a0 The application ID is a long GUID listed in Azure AD under Enterprise Applications Properties. The Application Secret was given when the application key was created.<\/p>\n
$VmRgName = \u2018Virtual Machine Resource Group'\r\n$vmName = \u2018Virtual Machine Name'\r\n$aadApplicationID = \u2018long string of digits for the application ID'\r\n$aadApplicationSecret = \u2018long string of digits for the application secret'<\/pre>\n
Listed below are the variables for the Key Vault.\u00a0 Although the Key Vault and encrypted VM have to be in the same region, they do not need to be in the same Resource Group.\u00a0 This example assumes that the Key Vault is in a different Resource Group.\u00a0 If that\u2019s not the case, simply add the same Resource Group as above.<\/p>\n
$kvRgName = \u2018Key Vault Resource Group'\r\n$kvKeyName = \u2018Key Vault Key Name\u2019\r\n$keyVaultName = 'Key Vault Name'\r\n$KeyVault = Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $kvRgName<\/pre>\n
The rest of the variables required for the command to run.<\/p>\n
$diskEncryptionKvUrl = $KeyVault.VaultUri\r\n$KeyVaultResourceId = $KeyVault.ResourceId\r\n$keyEncryptionKeyUrl = (Get-AzureKeyVaultKey -VaultName $keyVaultName -Name $kvKeyName).Key.kid;<\/pre>\n
*Now seems like a good time to remind you to test in a test environment and backup VM\u2019s prior to encrypting.\u00a0 Proceed at your own risk!<\/p><\/blockquote>\n
 <\/p>\n
After the above commands are entered and ran it\u2019s time to encrypt the dive.\u00a0 The command below will start the process.<\/p>\n
A note about the -Skipvmbackup switch.\u00a0 This will do as it says, skip the backup prior to encrypting and is not recommended for non-managed disks.\u00a0 However, the backup process that set-AzureRmVMDiskEncryptionExtenstion runs is not supported for managed disks and the command will fail unless you add the -skipvmbackup switch.\u00a0 Per Microsoft, it is a requirement that you manually backup the disks prior to running this command on a VM with managed disks.<\/p>\n
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $vmRgname `\r\n -VMName $vmName `\r\n -AadClientID $aadApplicationID `\r\n -AadClientSecret $aadApplicationSecret `\r\n -DiskEncryptionKeyVaultUrl $diskEncryptionKvUrl `\r\n -DiskEncryptionKeyVaultId $KeyVaultResourceId `\r\n -KeyEncryptionKeyUrl $keyEncryptionKeyUrl `\r\n -KeyEncryptionKeyVaultId $keyVaultResourceId `\r\n # Remove the -skipvmbackup for non-managed\r\n # disks (as well as the ` mark at the end of the line above)\r\n -skipvmbackup<\/pre>\n
The process will force a reboot.\u00a0 All the drives are now showing as encrypted after the restart.<\/p>\n
\"Azure<\/a><\/p>\n
 <\/p>\n
And that\u2019s it, you now have encrypted disks.\u00a0 Always test this is the lab before production.\u00a0 Azure is nuanced and changes rapidly.\u00a0 Posts can become dated quickly.<\/p>\n
One last piece of advice, test backup and recovery prior to putting Azure Disk Encryption into production.\u00a0 Disk encryption adds a layer of complexity to the recovery process.\u00a0 Be sure to understand how to recover encrypted VM\u2019s before you need to recover one!<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
** Updated post located here** I deployed some VM\u2019s using both JSON and PowerShell and enabled Storage Service Encryption to encrypt data at rest.\u00a0 Now I want to enable Azure Disk Encryption (ADE) on these VM\u2019s as an extra level of security.\u00a0 In this post I will go over enabling Azure Disk Encryption with BitLocker …<\/p>\n
  Azure Disk Encryption<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":""},"categories":[2],"tags":[157,9,154,151,149,148,156,158,159,155,153,26],"yoast_head":"\nAzure Disk Encryption - ciraltos<\/title>\n<meta name=\"description\" content=\"In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Disk Encryption - ciraltos\" \/>\n<meta property=\"og:description\" content=\"In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\" \/>\n<meta property=\"og:site_name\" content=\"ciraltos\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-16T20:19:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-09-16T16:42:32+00:00\" \/>\n<meta name=\"author\" content=\"Travis Roberts\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ciraltos\" \/>\n<meta name=\"twitter:site\" content=\"@ciraltos\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Travis Roberts\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\"},\"author\":{\"name\":\"Travis Roberts\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\"},\"headline\":\"Azure Disk Encryption\",\"datePublished\":\"2017-10-16T20:19:29+00:00\",\"dateModified\":\"2018-09-16T16:42:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\"},\"wordCount\":1236,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\"},\"keywords\":[\"-skipvmbackup\",\"Azure\",\"Azure Disk Encryption\",\"bitlocker\",\"disk\",\"encryption\",\"get-azurekeyvault\",\"get-azurermkeyvault\",\"get-azurermvmdiskencryptionstatus\",\"managed disks\",\"Set-AzureRmVMDiskEncryptionExtension\",\"VM\"],\"articleSection\":[\"Azure\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\",\"url\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\",\"name\":\"Azure Disk Encryption - ciraltos\",\"isPartOf\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#website\"},\"datePublished\":\"2017-10-16T20:19:29+00:00\",\"dateModified\":\"2018-09-16T16:42:32+00:00\",\"description\":\"In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/www.ciraltos.com\/staging2\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure Disk Encryption\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#website\",\"url\":\"http:\/\/www.ciraltos.com\/staging2\/\",\"name\":\"ciraltos\",\"description\":\"cloud, technology and trends\",\"publisher\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.ciraltos.com\/staging2\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\",\"name\":\"Travis Roberts\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png\",\"contentUrl\":\"https:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png\",\"width\":5657,\"height\":3563,\"caption\":\"Travis Roberts\"},\"logo\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/www.ciraltos.com\",\"https:\/\/twitter.com\/ciraltos\"],\"url\":\"https:\/\/www.ciraltos.com\/staging2\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Disk Encryption - ciraltos","description":"In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/","og_locale":"en_US","og_type":"article","og_title":"Azure Disk Encryption - ciraltos","og_description":"In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.","og_url":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/","og_site_name":"ciraltos","article_published_time":"2017-10-16T20:19:29+00:00","article_modified_time":"2018-09-16T16:42:32+00:00","author":"Travis Roberts","twitter_card":"summary_large_image","twitter_creator":"@ciraltos","twitter_site":"@ciraltos","twitter_misc":{"Written by":"Travis Roberts","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#article","isPartOf":{"@id":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/"},"author":{"name":"Travis Roberts","@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a"},"headline":"Azure Disk Encryption","datePublished":"2017-10-16T20:19:29+00:00","dateModified":"2018-09-16T16:42:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/"},"wordCount":1236,"commentCount":0,"publisher":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a"},"keywords":["-skipvmbackup","Azure","Azure Disk Encryption","bitlocker","disk","encryption","get-azurekeyvault","get-azurermkeyvault","get-azurermvmdiskencryptionstatus","managed disks","Set-AzureRmVMDiskEncryptionExtension","VM"],"articleSection":["Azure"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/","url":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/","name":"Azure Disk Encryption - ciraltos","isPartOf":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#website"},"datePublished":"2017-10-16T20:19:29+00:00","dateModified":"2018-09-16T16:42:32+00:00","description":"In this post I will go over enabling Azure Disk Encryption with BitLocker on Windows Server.","breadcrumb":{"@id":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.ciraltos.com\/staging2\/azure-disk-encryption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/www.ciraltos.com\/staging2\/"},{"@type":"ListItem","position":2,"name":"Azure Disk Encryption"}]},{"@type":"WebSite","@id":"http:\/\/www.ciraltos.com\/staging2\/#website","url":"http:\/\/www.ciraltos.com\/staging2\/","name":"ciraltos","description":"cloud, technology and trends","publisher":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.ciraltos.com\/staging2\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a","name":"Travis Roberts","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/","url":"https:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png","contentUrl":"https:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png","width":5657,"height":3563,"caption":"Travis Roberts"},"logo":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/www.ciraltos.com","https:\/\/twitter.com\/ciraltos"],"url":"https:\/\/www.ciraltos.com\/staging2\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts\/263"}],"collection":[{"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/comments?post=263"}],"version-history":[{"count":26,"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts\/263\/revisions"}],"predecessor-version":[{"id":612,"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts\/263\/revisions\/612"}],"wp:attachment":[{"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/media?parent=263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/categories?post=263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/tags?post=263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}