Docs Home
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
azure-native.keyvault.Vault
Explore with Pulumi AI
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
Resource information with extended details. API Version: 2019-09-01.
Example Usage
Create a new vault or update an existing vault
Create or update a vault with network acls
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var vault = new AzureNative.KeyVault.Vault("vault", new()
{
Location = "westus",
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
EnabledForDeployment = true,
EnabledForDiskEncryption = true,
EnabledForTemplateDeployment = true,
NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
{
Bypass = "AzureServices",
DefaultAction = "Deny",
IpRules = new[]
{
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "124.56.78.91",
},
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "'10.91.4.0/24'",
},
},
VirtualNetworkRules = new[]
{
new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
},
},
},
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Family = "A",
Name = AzureNative.KeyVault.SkuName.Standard,
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
ResourceGroupName = "sample-resource-group",
VaultName = "sample-vault",
});
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vault = new Vault("vault", VaultArgs.builder()
.location("westus")
.properties(Map.ofEntries(
Map.entry("enabledForDeployment", true),
Map.entry("enabledForDiskEncryption", true),
Map.entry("enabledForTemplateDeployment", true),
Map.entry("networkAcls", Map.ofEntries(
Map.entry("bypass", "AzureServices"),
Map.entry("defaultAction", "Deny"),
Map.entry("ipRules",
Map.of("value", "124.56.78.91"),
Map.of("value", "'10.91.4.0/24'")),
Map.entry("virtualNetworkRules", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"))
)),
Map.entry("sku", Map.ofEntries(
Map.entry("family", "A"),
Map.entry("name", "standard")
)),
Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
))
.resourceGroupName("sample-resource-group")
.vaultName("sample-vault")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const vault = new azure_native.keyvault.Vault("vault", {
location: "westus",
properties: {
enabledForDeployment: true,
enabledForDiskEncryption: true,
enabledForTemplateDeployment: true,
networkAcls: {
bypass: "AzureServices",
defaultAction: "Deny",
ipRules: [
{
value: "124.56.78.91",
},
{
value: "'10.91.4.0/24'",
},
],
virtualNetworkRules: [{
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
}],
},
sku: {
family: "A",
name: azure_native.keyvault.SkuName.Standard,
},
tenantId: "00000000-0000-0000-0000-000000000000",
},
resourceGroupName: "sample-resource-group",
vaultName: "sample-vault",
});
import pulumi
import pulumi_azure_native as azure_native
vault = azure_native.keyvault.Vault("vault",
location="westus",
properties=azure_native.keyvault.VaultPropertiesResponseArgs(
enabled_for_deployment=True,
enabled_for_disk_encryption=True,
enabled_for_template_deployment=True,
network_acls={
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [
azure_native.keyvault.IPRuleArgs(
value="124.56.78.91",
),
azure_native.keyvault.IPRuleArgs(
value="'10.91.4.0/24'",
),
],
"virtualNetworkRules": [azure_native.keyvault.VirtualNetworkRuleArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
)],
},
sku=azure_native.keyvault.SkuArgs(
family="A",
name=azure_native.keyvault.SkuName.STANDARD,
),
tenant_id="00000000-0000-0000-0000-000000000000",
),
resource_group_name="sample-resource-group",
vault_name="sample-vault")
resources:
vault:
type: azure-native:keyvault:Vault
properties:
location: westus
properties:
enabledForDeployment: true
enabledForDiskEncryption: true
enabledForTemplateDeployment: true
networkAcls:
bypass: AzureServices
defaultAction: Deny
ipRules:
- value: 124.56.78.91
- value: '''10.91.4.0/24'''
virtualNetworkRules:
- id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1
sku:
family: A
name: standard
tenantId: 00000000-0000-0000-0000-000000000000
resourceGroupName: sample-resource-group
vaultName: sample-vault
Create Vault Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Vault(name: string, args: VaultArgs, opts?: CustomResourceOptions);@overload
def Vault(resource_name: str,
args: VaultArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Vault(resource_name: str,
opts: Optional[ResourceOptions] = None,
properties: Optional[VaultPropertiesArgs] = None,
resource_group_name: Optional[str] = None,
location: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
vault_name: Optional[str] = None)func NewVault(ctx *Context, name string, args VaultArgs, opts ...ResourceOption) (*Vault, error)public Vault(string name, VaultArgs args, CustomResourceOptions? opts = null)type: azure-native:keyvault:Vault
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. VaultArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. VaultArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. VaultArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. VaultArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. VaultArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vaultResource = new AzureNative.Keyvault.Vault("vaultResource", new()
{
Properties =
{
{ "sku",
{
{ "family", "string" },
{ "name", "standard" },
} },
{ "tenantId", "string" },
{ "enabledForDiskEncryption", false },
{ "enableRbacAuthorization", false },
{ "enableSoftDelete", false },
{ "enabledForDeployment", false },
{ "accessPolicies", new[]
{
{
{ "objectId", "string" },
{ "permissions",
{
{ "certificates", new[]
{
"string",
} },
{ "keys", new[]
{
"string",
} },
{ "secrets", new[]
{
"string",
} },
{ "storage", new[]
{
"string",
} },
} },
{ "tenantId", "string" },
{ "applicationId", "string" },
},
} },
{ "enabledForTemplateDeployment", false },
{ "networkAcls",
{
{ "bypass", "string" },
{ "defaultAction", "string" },
{ "ipRules", new[]
{
{
{ "value", "string" },
},
} },
{ "virtualNetworkRules", new[]
{
{
{ "id", "string" },
{ "ignoreMissingVnetServiceEndpoint", false },
},
} },
} },
{ "provisioningState", "string" },
{ "enablePurgeProtection", false },
{ "softDeleteRetentionInDays", 0 },
{ "createMode", "recover" },
{ "vaultUri", "string" },
},
ResourceGroupName = "string",
Location = "string",
Tags =
{
{ "string", "string" },
},
VaultName = "string",
});
example, err := keyvault.NewVault(ctx, "vaultResource", &keyvault.VaultArgs{
Properties: map[string]interface{}{
"sku": map[string]interface{}{
"family": "string",
"name": "standard",
},
"tenantId": "string",
"enabledForDiskEncryption": false,
"enableRbacAuthorization": false,
"enableSoftDelete": false,
"enabledForDeployment": false,
"accessPolicies": []map[string]interface{}{
map[string]interface{}{
"objectId": "string",
"permissions": map[string]interface{}{
"certificates": []string{
"string",
},
"keys": []string{
"string",
},
"secrets": []string{
"string",
},
"storage": []string{
"string",
},
},
"tenantId": "string",
"applicationId": "string",
},
},
"enabledForTemplateDeployment": false,
"networkAcls": map[string]interface{}{
"bypass": "string",
"defaultAction": "string",
"ipRules": []map[string]interface{}{
map[string]interface{}{
"value": "string",
},
},
"virtualNetworkRules": []map[string]interface{}{
map[string]interface{}{
"id": "string",
"ignoreMissingVnetServiceEndpoint": false,
},
},
},
"provisioningState": "string",
"enablePurgeProtection": false,
"softDeleteRetentionInDays": 0,
"createMode": "recover",
"vaultUri": "string",
},
ResourceGroupName: "string",
Location: "string",
Tags: map[string]interface{}{
"string": "string",
},
VaultName: "string",
})
var vaultResource = new Vault("vaultResource", VaultArgs.builder()
.properties(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.resourceGroupName("string")
.location("string")
.tags(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.vaultName("string")
.build());
vault_resource = azure_native.keyvault.Vault("vaultResource",
properties={
sku: {
family: string,
name: standard,
},
tenantId: string,
enabledForDiskEncryption: False,
enableRbacAuthorization: False,
enableSoftDelete: False,
enabledForDeployment: False,
accessPolicies: [{
objectId: string,
permissions: {
certificates: [string],
keys: [string],
secrets: [string],
storage: [string],
},
tenantId: string,
applicationId: string,
}],
enabledForTemplateDeployment: False,
networkAcls: {
bypass: string,
defaultAction: string,
ipRules: [{
value: string,
}],
virtualNetworkRules: [{
id: string,
ignoreMissingVnetServiceEndpoint: False,
}],
},
provisioningState: string,
enablePurgeProtection: False,
softDeleteRetentionInDays: 0,
createMode: recover,
vaultUri: string,
},
resource_group_name=string,
location=string,
tags={
string: string,
},
vault_name=string)
const vaultResource = new azure_native.keyvault.Vault("vaultResource", {
properties: {
sku: {
family: "string",
name: "standard",
},
tenantId: "string",
enabledForDiskEncryption: false,
enableRbacAuthorization: false,
enableSoftDelete: false,
enabledForDeployment: false,
accessPolicies: [{
objectId: "string",
permissions: {
certificates: ["string"],
keys: ["string"],
secrets: ["string"],
storage: ["string"],
},
tenantId: "string",
applicationId: "string",
}],
enabledForTemplateDeployment: false,
networkAcls: {
bypass: "string",
defaultAction: "string",
ipRules: [{
value: "string",
}],
virtualNetworkRules: [{
id: "string",
ignoreMissingVnetServiceEndpoint: false,
}],
},
provisioningState: "string",
enablePurgeProtection: false,
softDeleteRetentionInDays: 0,
createMode: "recover",
vaultUri: "string",
},
resourceGroupName: "string",
location: "string",
tags: {
string: "string",
},
vaultName: "string",
});
type: azure-native:keyvault:Vault
properties:
location: string
properties:
accessPolicies:
- applicationId: string
objectId: string
permissions:
certificates:
- string
keys:
- string
secrets:
- string
storage:
- string
tenantId: string
createMode: recover
enablePurgeProtection: false
enableRbacAuthorization: false
enableSoftDelete: false
enabledForDeployment: false
enabledForDiskEncryption: false
enabledForTemplateDeployment: false
networkAcls:
bypass: string
defaultAction: string
ipRules:
- value: string
virtualNetworkRules:
- id: string
ignoreMissingVnetServiceEndpoint: false
provisioningState: string
sku:
family: string
name: standard
softDeleteRetentionInDays: 0
tenantId: string
vaultUri: string
resourceGroupName: string
tags:
string: string
vaultName: string
Vault Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Vault resource accepts the following input properties:
- Properties
This property is required. Pulumi.Azure Native. Key Vault. Inputs. Vault Properties - Properties of the vault
- Resource
Group Name stringThis property is required. 
Changes to this property will trigger replacement. - The name of the Resource Group to which the server belongs.
- Location string
- The supported Azure location where the key vault should be created.
- Dictionary<string, string>
- The tags that will be assigned to the key vault.
- Vault
Name - Name of the vault
- Properties
This property is required. VaultProperties Args - Properties of the vault
- Resource
Group Name stringThis property is required. Changes to this property will trigger replacement. - The name of the Resource Group to which the server belongs.
- Location string
- The supported Azure location where the key vault should be created.
- map[string]string
- The tags that will be assigned to the key vault.
- Vault
Name - Name of the vault
- properties
This property is required. VaultProperties - Properties of the vault
- resource
Group Name StringThis property is required. Changes to this property will trigger replacement. - The name of the Resource Group to which the server belongs.
- location String
- The supported Azure location where the key vault should be created.
- Map<String,String>
- The tags that will be assigned to the key vault.
- vault
Name - Name of the vault
- properties
This property is required. VaultProperties - Properties of the vault
- resource
Group Name stringThis property is required. Changes to this property will trigger replacement. - The name of the Resource Group to which the server belongs.
- location string
- The supported Azure location where the key vault should be created.
- {[key: string]: string}
- The tags that will be assigned to the key vault.
- vault
Name - Name of the vault
- properties
This property is required. VaultProperties Args - Properties of the vault
- resource_
group_ name strThis property is required. Changes to this property will trigger replacement. - The name of the Resource Group to which the server belongs.
- location str
- The supported Azure location where the key vault should be created.
- Mapping[str, str]
- The tags that will be assigned to the key vault.
- vault_
name - Name of the vault
- properties
This property is required. Property Map - Properties of the vault
- resource
Group Name StringThis property is required. Changes to this property will trigger replacement. - The name of the Resource Group to which the server belongs.
- location String
- The supported Azure location where the key vault should be created.
- Map<String>
- The tags that will be assigned to the key vault.
- vault
Name - Name of the vault
Outputs
All input properties are implicitly available as output properties. Additionally, the Vault resource produces the following output properties:
Supporting Types
AccessPolicyEntry, AccessPolicyEntryArgs
, AccessPolicyEntryArgs
- Object
Id This property is required. string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
This property is required. Pulumi.Azure Native. Key Vault. Inputs. Permissions - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- Object
Id This property is required. string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
This property is required. Permissions - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- object
Id This property is required. String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. Permissions - Permissions the identity has for keys, secrets and certificates.
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
- object
Id This property is required. string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. Permissions - Permissions the identity has for keys, secrets and certificates.
- tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id string - Application ID of the client making request on behalf of a principal
- object_
id This property is required. str - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. Permissions - Permissions the identity has for keys, secrets and certificates.
- tenant_
id This property is required. str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application_
id str - Application ID of the client making request on behalf of a principal
- object
Id This property is required. String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. Property Map - Permissions the identity has for keys, secrets and certificates.
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
AccessPolicyEntryResponse, AccessPolicyEntryResponseArgs
, AccessPolicyEntryResponseArgs
- Object
Id This property is required. string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
This property is required. Pulumi.Azure Native. Key Vault. Inputs. Permissions Response - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- Object
Id This property is required. string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
This property is required. PermissionsResponse - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- object
Id This property is required. String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. PermissionsResponse - Permissions the identity has for keys, secrets and certificates.
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
- object
Id This property is required. string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. PermissionsResponse - Permissions the identity has for keys, secrets and certificates.
- tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id string - Application ID of the client making request on behalf of a principal
- object_
id This property is required. str - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. PermissionsResponse - Permissions the identity has for keys, secrets and certificates.
- tenant_
id This property is required. str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application_
id str - Application ID of the client making request on behalf of a principal
- object
Id This property is required. String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
This property is required. Property Map - Permissions the identity has for keys, secrets and certificates.
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
CertificatePermissions, CertificatePermissionsArgs
, CertificatePermissionsArgs
- All
- all
- @Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Certificate
Permissions All - all
- Certificate
Permissions Get - get
- Certificate
Permissions List - list
- Certificate
Permissions Delete - delete
- Certificate
Permissions Create - create
- Certificate
Permissions Import - import
- Certificate
Permissions Update - update
- Certificate
Permissions Managecontacts - managecontacts
- Certificate
Permissions Getissuers - getissuers
- Certificate
Permissions Listissuers - listissuers
- Certificate
Permissions Setissuers - setissuers
- Certificate
Permissions Deleteissuers - deleteissuers
- Certificate
Permissions Manageissuers - manageissuers
- Certificate
Permissions Recover - recover
- Certificate
Permissions Purge - purge
- Certificate
Permissions Backup - backup
- Certificate
Permissions Restore - restore
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import_
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- ALL
- all
- GET
- get
- LIST
- list
- DELETE
- delete
- CREATE
- create
- IMPORT_
- import
- UPDATE
- update
- MANAGECONTACTS
- managecontacts
- GETISSUERS
- getissuers
- LISTISSUERS
- listissuers
- SETISSUERS
- setissuers
- DELETEISSUERS
- deleteissuers
- MANAGEISSUERS
- manageissuers
- RECOVER
- recover
- PURGE
- purge
- BACKUP
- backup
- RESTORE
- restore
- "all"
- all
- "get"
- get
- "list"
- list
- "delete"
- delete
- "create"
- create
- "import"
- import
- "update"
- update
- "managecontacts"
- managecontacts
- "getissuers"
- getissuers
- "listissuers"
- listissuers
- "setissuers"
- setissuers
- "deleteissuers"
- deleteissuers
- "manageissuers"
- manageissuers
- "recover"
- recover
- "purge"
- purge
- "backup"
- backup
- "restore"
- restore
CreateMode, CreateModeArgs
, CreateModeArgs
- Recover
- recover
- @Default
- default
- Create
Mode Recover - recover
- Create
Mode Default - default
- Recover
- recover
- Default_
- default
- Recover
- recover
- Default
- default
- RECOVER
- recover
- DEFAULT
- default
- "recover"
- recover
- "default"
- default
IPRule, IPRuleArgs
, IPRuleArgs
- Value
This property is required. string - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- Value
This property is required. string - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. String - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. string - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. str - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. String - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
IPRuleResponse, IPRuleResponseArgs
, IPRuleResponseArgs
- Value
This property is required. string - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- Value
This property is required. string - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. String - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. string - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. str - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value
This property is required. String - An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
KeyPermissions, KeyPermissionsArgs
, KeyPermissionsArgs
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- @Get
- get
- List
- list
- Create
- create
- Update
- update
- Import
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Key
Permissions All - all
- Key
Permissions Encrypt - encrypt
- Key
Permissions Decrypt - decrypt
- Key
Permissions Wrap Key - wrapKey
- Key
Permissions Unwrap Key - unwrapKey
- Key
Permissions Sign - sign
- Key
Permissions Verify - verify
- Key
Permissions Get - get
- Key
Permissions List - list
- Key
Permissions Create - create
- Key
Permissions Update - update
- Key
Permissions Import - import
- Key
Permissions Delete - delete
- Key
Permissions Backup - backup
- Key
Permissions Restore - restore
- Key
Permissions Recover - recover
- Key
Permissions Purge - purge
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- Get
- get
- List
- list
- Create
- create
- Update
- update
- Import_
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- Get
- get
- List
- list
- Create
- create
- Update
- update
- Import
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- ALL
- all
- ENCRYPT
- encrypt
- DECRYPT
- decrypt
- WRAP_KEY
- wrapKey
- UNWRAP_KEY
- unwrapKey
- SIGN
- sign
- VERIFY
- verify
- GET
- get
- LIST
- list
- CREATE
- create
- UPDATE
- update
- IMPORT_
- import
- DELETE
- delete
- BACKUP
- backup
- RESTORE
- restore
- RECOVER
- recover
- PURGE
- purge
- "all"
- all
- "encrypt"
- encrypt
- "decrypt"
- decrypt
- "wrap
Key" - wrapKey
- "unwrap
Key" - unwrapKey
- "sign"
- sign
- "verify"
- verify
- "get"
- get
- "list"
- list
- "create"
- create
- "update"
- update
- "import"
- import
- "delete"
- delete
- "backup"
- backup
- "restore"
- restore
- "recover"
- recover
- "purge"
- purge
NetworkRuleAction, NetworkRuleActionArgs
, NetworkRuleActionArgs
- Allow
- Allow
- Deny
- Deny
- Network
Rule Action Allow - Allow
- Network
Rule Action Deny - Deny
- Allow
- Allow
- Deny
- Deny
- Allow
- Allow
- Deny
- Deny
- ALLOW
- Allow
- DENY
- Deny
- "Allow"
- Allow
- "Deny"
- Deny
NetworkRuleBypassOptions, NetworkRuleBypassOptionsArgs
, NetworkRuleBypassOptionsArgs
- Azure
Services - AzureServices
- None
- None
- Network
Rule Bypass Options Azure Services - AzureServices
- Network
Rule Bypass Options None - None
- Azure
Services - AzureServices
- None
- None
- Azure
Services - AzureServices
- None
- None
- AZURE_SERVICES
- AzureServices
- NONE
- None
- "Azure
Services" - AzureServices
- "None"
- None
NetworkRuleSet, NetworkRuleSetArgs
, NetworkRuleSetArgs
- Bypass
string | Pulumi.
Azure Native. Key Vault. Network Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string | Pulumi.Azure Native. Key Vault. Network Rule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules List<Pulumi.Azure Native. Key Vault. Inputs. IPRule> - The list of IP address rules.
- Virtual
Network List<Pulumi.Rules Azure Native. Key Vault. Inputs. Virtual Network Rule> - The list of virtual network rules.
- Bypass
string | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules []IPRule - The list of IP address rules.
- Virtual
Network []VirtualRules Network Rule - The list of virtual network rules.
- bypass
String | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<IPRule> - The list of IP address rules.
- virtual
Network List<VirtualRules Network Rule> - The list of virtual network rules.
- bypass
string | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action string | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules IPRule[] - The list of IP address rules.
- virtual
Network VirtualRules Network Rule[] - The list of virtual network rules.
- bypass
str | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default_
action str | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip_
rules Sequence[IPRule] - The list of IP address rules.
- virtual_
network_ Sequence[Virtualrules Network Rule] - The list of virtual network rules.
- bypass
String | "Azure
Services" | "None" - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String | "Allow" | "Deny" - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<Property Map> - The list of IP address rules.
- virtual
Network List<Property Map>Rules - The list of virtual network rules.
NetworkRuleSetResponse, NetworkRuleSetResponseArgs
, NetworkRuleSetResponseArgs
- Bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules List<Pulumi.Azure Native. Key Vault. Inputs. IPRule Response> - The list of IP address rules.
- Virtual
Network List<Pulumi.Rules Azure Native. Key Vault. Inputs. Virtual Network Rule Response> - The list of virtual network rules.
- Bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules []IPRuleResponse - The list of IP address rules.
- Virtual
Network []VirtualRules Network Rule Response - The list of virtual network rules.
- bypass String
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<IPRuleResponse> - The list of IP address rules.
- virtual
Network List<VirtualRules Network Rule Response> - The list of virtual network rules.
- bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules IPRuleResponse[] - The list of IP address rules.
- virtual
Network VirtualRules Network Rule Response[] - The list of virtual network rules.
- bypass str
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default_
action str - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip_
rules Sequence[IPRuleResponse] - The list of IP address rules.
- virtual_
network_ Sequence[Virtualrules Network Rule Response] - The list of virtual network rules.
- bypass String
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<Property Map> - The list of IP address rules.
- virtual
Network List<Property Map>Rules - The list of virtual network rules.
Permissions, PermissionsArgs
, PermissionsArgs
- Certificates
List<Union<string, Pulumi.
Azure Native. Key Vault. Certificate Permissions>> - Permissions to certificates
- Keys
List<Union<string, Pulumi.
Azure Native. Key Vault. Key Permissions>> - Permissions to keys
- Secrets
List<Union<string, Pulumi.
Azure Native. Key Vault. Secret Permissions>> - Permissions to secrets
- Storage
List<Union<string, Pulumi.
Azure Native. Key Vault. Storage Permissions>> - Permissions to storage accounts
- Certificates []string
- Permissions to certificates
- Keys []string
- Permissions to keys
- Secrets []string
- Permissions to secrets
- Storage []string
- Permissions to storage accounts
- certificates
List<Either<String,Certificate
Permissions>> - Permissions to certificates
- keys
List<Either<String,Key
Permissions>> - Permissions to keys
- secrets
List<Either<String,Secret
Permissions>> - Permissions to secrets
- storage
List<Either<String,Storage
Permissions>> - Permissions to storage accounts
- certificates
(string | Certificate
Permissions)[] - Permissions to certificates
- keys
(string | Key
Permissions)[] - Permissions to keys
- secrets
(string | Secret
Permissions)[] - Permissions to secrets
- storage
(string | Storage
Permissions)[] - Permissions to storage accounts
- certificates
Sequence[Union[str, Certificate
Permissions]] - Permissions to certificates
- keys
Sequence[Union[str, Key
Permissions]] - Permissions to keys
- secrets
Sequence[Union[str, Secret
Permissions]] - Permissions to secrets
- storage
Sequence[Union[str, Storage
Permissions]] - Permissions to storage accounts
- certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">
- Permissions to certificates
- keys
List<String | "all" | "encrypt" | "decrypt" | "wrap
Key" | "unwrap Key" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge"> - Permissions to keys
- secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">
- Permissions to secrets
- storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">
- Permissions to storage accounts
PermissionsResponse, PermissionsResponseArgs
, PermissionsResponseArgs
- Certificates List<string>
- Permissions to certificates
- Keys List<string>
- Permissions to keys
- Secrets List<string>
- Permissions to secrets
- Storage List<string>
- Permissions to storage accounts
- Certificates []string
- Permissions to certificates
- Keys []string
- Permissions to keys
- Secrets []string
- Permissions to secrets
- Storage []string
- Permissions to storage accounts
- certificates List<String>
- Permissions to certificates
- keys List<String>
- Permissions to keys
- secrets List<String>
- Permissions to secrets
- storage List<String>
- Permissions to storage accounts
- certificates string[]
- Permissions to certificates
- keys string[]
- Permissions to keys
- secrets string[]
- Permissions to secrets
- storage string[]
- Permissions to storage accounts
- certificates Sequence[str]
- Permissions to certificates
- keys Sequence[str]
- Permissions to keys
- secrets Sequence[str]
- Permissions to secrets
- storage Sequence[str]
- Permissions to storage accounts
- certificates List<String>
- Permissions to certificates
- keys List<String>
- Permissions to keys
- secrets List<String>
- Permissions to secrets
- storage List<String>
- Permissions to storage accounts
PrivateEndpointConnectionItemResponse, PrivateEndpointConnectionItemResponseArgs
, PrivateEndpointConnectionItemResponseArgs
- Provisioning
State This property is required. string - Provisioning state of the private endpoint connection.
- Etag string
- Modified whenever there is a change in the state of private endpoint connection.
- Id string
- Id of private endpoint connection.
- Private
Endpoint Pulumi.Azure Native. Key Vault. Inputs. Private Endpoint Response - Properties of the private endpoint object.
- Private
Link Pulumi.Service Connection State Azure Native. Key Vault. Inputs. Private Link Service Connection State Response - Approval state of the private link connection.
- Provisioning
State This property is required. string - Provisioning state of the private endpoint connection.
- Etag string
- Modified whenever there is a change in the state of private endpoint connection.
- Id string
- Id of private endpoint connection.
- Private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- Private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State This property is required. String - Provisioning state of the private endpoint connection.
- etag String
- Modified whenever there is a change in the state of private endpoint connection.
- id String
- Id of private endpoint connection.
- private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State This property is required. string - Provisioning state of the private endpoint connection.
- etag string
- Modified whenever there is a change in the state of private endpoint connection.
- id string
- Id of private endpoint connection.
- private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning_
state This property is required. str - Provisioning state of the private endpoint connection.
- etag str
- Modified whenever there is a change in the state of private endpoint connection.
- id str
- Id of private endpoint connection.
- private_
endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private_
link_ Privateservice_ connection_ state Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State This property is required. String - Provisioning state of the private endpoint connection.
- etag String
- Modified whenever there is a change in the state of private endpoint connection.
- id String
- Id of private endpoint connection.
- private
Endpoint Property Map - Properties of the private endpoint object.
- private
Link Property MapService Connection State - Approval state of the private link connection.
PrivateEndpointResponse, PrivateEndpointResponseArgs
, PrivateEndpointResponseArgs
- Id
This property is required. string - Full identifier of the private endpoint resource.
- Id
This property is required. string - Full identifier of the private endpoint resource.
- id
This property is required. String - Full identifier of the private endpoint resource.
- id
This property is required. string - Full identifier of the private endpoint resource.
- id
This property is required. str - Full identifier of the private endpoint resource.
- id
This property is required. String - Full identifier of the private endpoint resource.
PrivateLinkServiceConnectionStateResponse, PrivateLinkServiceConnectionStateResponseArgs
, PrivateLinkServiceConnectionStateResponseArgs
- Actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- Description string
- The reason for approval or rejection.
- Status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- Actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- Description string
- The reason for approval or rejection.
- Status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required String - A message indicating if changes on the service provider require any updates on the consumer.
- description String
- The reason for approval or rejection.
- status String
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- description string
- The reason for approval or rejection.
- status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions_
required str - A message indicating if changes on the service provider require any updates on the consumer.
- description str
- The reason for approval or rejection.
- status str
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required String - A message indicating if changes on the service provider require any updates on the consumer.
- description String
- The reason for approval or rejection.
- status String
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
SecretPermissions, SecretPermissionsArgs
, SecretPermissionsArgs
- All
- all
- @Get
- get
- List
- list
- @Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Secret
Permissions All - all
- Secret
Permissions Get - get
- Secret
Permissions List - list
- Secret
Permissions Set - set
- Secret
Permissions Delete - delete
- Secret
Permissions Backup - backup
- Secret
Permissions Restore - restore
- Secret
Permissions Recover - recover
- Secret
Permissions Purge - purge
- All
- all
- Get
- get
- List
- list
- Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- All
- all
- Get
- get
- List
- list
- Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- ALL
- all
- GET
- get
- LIST
- list
- SET
- set
- DELETE
- delete
- BACKUP
- backup
- RESTORE
- restore
- RECOVER
- recover
- PURGE
- purge
- "all"
- all
- "get"
- get
- "list"
- list
- "set"
- set
- "delete"
- delete
- "backup"
- backup
- "restore"
- restore
- "recover"
- recover
- "purge"
- purge
Sku, SkuArgs
, SkuArgs
- Family
This property is required. string | Pulumi.Azure Native. Key Vault. Sku Family - SKU family name
- Name
This property is required. Pulumi.Azure Native. Key Vault. Sku Name - SKU name to specify whether the key vault is a standard vault or a premium vault.
- family
This property is required. String | "A" - SKU family name
- name
This property is required. "standard" | "premium" - SKU name to specify whether the key vault is a standard vault or a premium vault.
SkuFamily, SkuFamilyArgs
, SkuFamilyArgs
- A
- A
- Sku
Family A - A
- A
- A
- A
- A
- A
- A
- "A"
- A
SkuName, SkuNameArgs
, SkuNameArgs
- Standard
- standard
- Premium
- premium
- Sku
Name Standard - standard
- Sku
Name Premium - premium
- Standard
- standard
- Premium
- premium
- Standard
- standard
- Premium
- premium
- STANDARD
- standard
- PREMIUM
- premium
- "standard"
- standard
- "premium"
- premium
SkuResponse, SkuResponseArgs
, SkuResponseArgs
StoragePermissions, StoragePermissionsArgs
, StoragePermissionsArgs
- All
- all
- @Get
- get
- List
- list
- Delete
- delete
- @Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- Storage
Permissions All - all
- Storage
Permissions Get - get
- Storage
Permissions List - list
- Storage
Permissions Delete - delete
- Storage
Permissions Set - set
- Storage
Permissions Update - update
- Storage
Permissions Regeneratekey - regeneratekey
- Storage
Permissions Recover - recover
- Storage
Permissions Purge - purge
- Storage
Permissions Backup - backup
- Storage
Permissions Restore - restore
- Storage
Permissions Setsas - setsas
- Storage
Permissions Listsas - listsas
- Storage
Permissions Getsas - getsas
- Storage
Permissions Deletesas - deletesas
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- ALL
- all
- GET
- get
- LIST
- list
- DELETE
- delete
- SET
- set
- UPDATE
- update
- REGENERATEKEY
- regeneratekey
- RECOVER
- recover
- PURGE
- purge
- BACKUP
- backup
- RESTORE
- restore
- SETSAS
- setsas
- LISTSAS
- listsas
- GETSAS
- getsas
- DELETESAS
- deletesas
- "all"
- all
- "get"
- get
- "list"
- list
- "delete"
- delete
- "set"
- set
- "update"
- update
- "regeneratekey"
- regeneratekey
- "recover"
- recover
- "purge"
- purge
- "backup"
- backup
- "restore"
- restore
- "setsas"
- setsas
- "listsas"
- listsas
- "getsas"
- getsas
- "deletesas"
- deletesas
VaultProperties, VaultPropertiesArgs
, VaultPropertiesArgs
- Sku
This property is required. Pulumi.Azure Native. Key Vault. Inputs. Sku - SKU details
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies List<Pulumi.Azure Native. Key Vault. Inputs. Access Policy Entry> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - Create
Mode Pulumi.Azure Native. Key Vault. Create Mode - The vault's create mode to indicate whether the vault need to be recovered or not.
- Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls Pulumi.Azure Native. Key Vault. Inputs. Network Rule Set - Rules governing the accessibility of the key vault from specific network locations.
- Provisioning
State string | Pulumi.Azure Native. Key Vault. Vault Provisioning State - Provisioning state of the vault.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets. This property is readonly
- Sku
This property is required. Sku - SKU details
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies []AccessPolicy Entry - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - Create
Mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- Provisioning
State string | VaultProvisioning State - Provisioning state of the vault.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets. This property is readonly
- sku
This property is required. Sku - SKU details
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<AccessPolicy Entry> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - create
Mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State String | VaultProvisioning State - Provisioning state of the vault.
- soft
Delete IntegerRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets. This property is readonly
- sku
This property is required. Sku - SKU details
- tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies AccessPolicy Entry[] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - create
Mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable
Purge booleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft booleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For booleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For booleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For booleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State string | VaultProvisioning State - Provisioning state of the vault.
- soft
Delete numberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri string - The URI of the vault for performing operations on keys and secrets. This property is readonly
- sku
This property is required. Sku - SKU details
- tenant_
id This property is required. str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access_
policies Sequence[AccessPolicy Entry] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - create_
mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable_
purge_ boolprotection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable_
soft_ booldelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled_
for_ booldeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled_
for_ booldisk_ encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled_
for_ booltemplate_ deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network_
acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- provisioning_
state str | VaultProvisioning State - Provisioning state of the vault.
- soft_
delete_ intretention_ in_ days - softDelete data retention days. It accepts >=7 and <=90.
- vault_
uri str - The URI of the vault for performing operations on keys and secrets. This property is readonly
- sku
This property is required. Property Map - SKU details
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<Property Map> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - create
Mode "recover" | "default" - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls Property Map - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State String | "Succeeded" | "RegisteringDns" - Provisioning state of the vault.
- soft
Delete NumberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets. This property is readonly
VaultPropertiesResponse, VaultPropertiesResponseArgs
, VaultPropertiesResponseArgs
- Hsm
Pool Resource Id This property is required. string - The resource id of HSM Pool.
- Private
Endpoint Connections This property is required. List<Pulumi.Azure Native. Key Vault. Inputs. Private Endpoint Connection Item Response> - List of private endpoint connections associated with the key vault.
- Sku
This property is required. Pulumi.Azure Native. Key Vault. Inputs. Sku Response - SKU details
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies List<Pulumi.Azure Native. Key Vault. Inputs. Access Policy Entry Response> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls Pulumi.Azure Native. Key Vault. Inputs. Network Rule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- Provisioning
State string - Provisioning state of the vault.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets. This property is readonly
- Hsm
Pool Resource Id This property is required. string - The resource id of HSM Pool.
- Private
Endpoint Connections This property is required. []PrivateEndpoint Connection Item Response - List of private endpoint connections associated with the key vault.
- Sku
This property is required. SkuResponse - SKU details
- Tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies []AccessPolicy Entry Response - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- Provisioning
State string - Provisioning state of the vault.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets. This property is readonly
- hsm
Pool Resource Id This property is required. String - The resource id of HSM Pool.
- private
Endpoint Connections This property is required. List<PrivateEndpoint Connection Item Response> - List of private endpoint connections associated with the key vault.
- sku
This property is required. SkuResponse - SKU details
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<AccessPolicy Entry Response> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State String - Provisioning state of the vault.
- soft
Delete IntegerRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets. This property is readonly
- hsm
Pool Resource Id This property is required. string - The resource id of HSM Pool.
- private
Endpoint Connections This property is required. PrivateEndpoint Connection Item Response[] - List of private endpoint connections associated with the key vault.
- sku
This property is required. SkuResponse - SKU details
- tenant
Id This property is required. string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies AccessPolicy Entry Response[] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - enable
Purge booleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft booleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For booleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For booleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For booleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State string - Provisioning state of the vault.
- soft
Delete numberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri string - The URI of the vault for performing operations on keys and secrets. This property is readonly
- hsm_
pool_ resource_ id This property is required. str - The resource id of HSM Pool.
- private_
endpoint_ connections This property is required. Sequence[PrivateEndpoint Connection Item Response] - List of private endpoint connections associated with the key vault.
- sku
This property is required. SkuResponse - SKU details
- tenant_
id This property is required. str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access_
policies Sequence[AccessPolicy Entry Response] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - enable_
purge_ boolprotection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable_
soft_ booldelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled_
for_ booldeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled_
for_ booldisk_ encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled_
for_ booltemplate_ deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network_
acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- provisioning_
state str - Provisioning state of the vault.
- soft_
delete_ intretention_ in_ days - softDelete data retention days. It accepts >=7 and <=90.
- vault_
uri str - The URI of the vault for performing operations on keys and secrets. This property is readonly
- hsm
Pool Resource Id This property is required. String - The resource id of HSM Pool.
- private
Endpoint Connections This property is required. List<Property Map> - List of private endpoint connections associated with the key vault.
- sku
This property is required. Property Map - SKU details
- tenant
Id This property is required. String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<Property Map> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. - enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls Property Map - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State String - Provisioning state of the vault.
- soft
Delete NumberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets. This property is readonly
VaultProvisioningState, VaultProvisioningStateArgs
, VaultProvisioningStateArgs
- Succeeded
- Succeeded
- Registering
Dns - RegisteringDns
- Vault
Provisioning State Succeeded - Succeeded
- Vault
Provisioning State Registering Dns - RegisteringDns
- Succeeded
- Succeeded
- Registering
Dns - RegisteringDns
- Succeeded
- Succeeded
- Registering
Dns - RegisteringDns
- SUCCEEDED
- Succeeded
- REGISTERING_DNS
- RegisteringDns
- "Succeeded"
- Succeeded
- "Registering
Dns" - RegisteringDns
VirtualNetworkRule, VirtualNetworkRuleArgs
, VirtualNetworkRuleArgs
- Id
This property is required. string - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- Id
This property is required. string - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. String - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. string - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing booleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. str - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore_
missing_ boolvnet_ service_ endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. String - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
VirtualNetworkRuleResponse, VirtualNetworkRuleResponseArgs
, VirtualNetworkRuleResponseArgs
- Id
This property is required. string - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- Id
This property is required. string - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. String - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. string - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing booleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. str - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore_
missing_ boolvnet_ service_ endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id
This property is required. String - Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:keyvault:Vault sample-vault /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi