1. Packages
  2. Azure Native
  3. API Docs
  4. keyvault
  5. getVault
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

azure-native.keyvault.getVault

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

    Gets the specified Azure key vault. Azure REST API version: 2023-02-01.

    Other available API versions: 2018-02-14-preview, 2023-07-01.

    Using getVault

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getVault(args: GetVaultArgs, opts?: InvokeOptions): Promise<GetVaultResult>
    function getVaultOutput(args: GetVaultOutputArgs, opts?: InvokeOptions): Output<GetVaultResult>
    def get_vault(resource_group_name: Optional[str] = None,
                  vault_name: Optional[str] = None,
                  opts: Optional[InvokeOptions] = None) -> GetVaultResult
    def get_vault_output(resource_group_name: Optional[pulumi.Input[str]] = None,
                  vault_name: Optional[pulumi.Input[str]] = None,
                  opts: Optional[InvokeOptions] = None) -> Output[GetVaultResult]
    func LookupVault(ctx *Context, args *LookupVaultArgs, opts ...InvokeOption) (*LookupVaultResult, error)
    func LookupVaultOutput(ctx *Context, args *LookupVaultOutputArgs, opts ...InvokeOption) LookupVaultResultOutput

    > Note: This function is named LookupVault in the Go SDK.

    public static class GetVault 
    {
        public static Task<GetVaultResult> InvokeAsync(GetVaultArgs args, InvokeOptions? opts = null)
        public static Output<GetVaultResult> Invoke(GetVaultInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetVaultResult> getVault(GetVaultArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure-native:keyvault:getVault
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ResourceGroupName string
    The name of the Resource Group to which the vault belongs.
    VaultName string
    The name of the vault.
    ResourceGroupName string
    The name of the Resource Group to which the vault belongs.
    VaultName string
    The name of the vault.
    resourceGroupName String
    The name of the Resource Group to which the vault belongs.
    vaultName String
    The name of the vault.
    resourceGroupName string
    The name of the Resource Group to which the vault belongs.
    vaultName string
    The name of the vault.
    resource_group_name str
    The name of the Resource Group to which the vault belongs.
    vault_name str
    The name of the vault.
    resourceGroupName String
    The name of the Resource Group to which the vault belongs.
    vaultName String
    The name of the vault.

    getVault Result

    The following output properties are available:

    Id string
    Fully qualified identifier of the key vault resource.
    Name string
    Name of the key vault resource.
    Properties Pulumi.AzureNative.KeyVault.Outputs.VaultPropertiesResponse
    Properties of the vault
    SystemData Pulumi.AzureNative.KeyVault.Outputs.SystemDataResponse
    System metadata for the key vault.
    Type string
    Resource type of the key vault resource.
    Location string
    Azure location of the key vault resource.
    Tags Dictionary<string, string>
    Tags assigned to the key vault resource.
    Id string
    Fully qualified identifier of the key vault resource.
    Name string
    Name of the key vault resource.
    Properties VaultPropertiesResponse
    Properties of the vault
    SystemData SystemDataResponse
    System metadata for the key vault.
    Type string
    Resource type of the key vault resource.
    Location string
    Azure location of the key vault resource.
    Tags map[string]string
    Tags assigned to the key vault resource.
    id String
    Fully qualified identifier of the key vault resource.
    name String
    Name of the key vault resource.
    properties VaultPropertiesResponse
    Properties of the vault
    systemData SystemDataResponse
    System metadata for the key vault.
    type String
    Resource type of the key vault resource.
    location String
    Azure location of the key vault resource.
    tags Map<String,String>
    Tags assigned to the key vault resource.
    id string
    Fully qualified identifier of the key vault resource.
    name string
    Name of the key vault resource.
    properties VaultPropertiesResponse
    Properties of the vault
    systemData SystemDataResponse
    System metadata for the key vault.
    type string
    Resource type of the key vault resource.
    location string
    Azure location of the key vault resource.
    tags {[key: string]: string}
    Tags assigned to the key vault resource.
    id str
    Fully qualified identifier of the key vault resource.
    name str
    Name of the key vault resource.
    properties VaultPropertiesResponse
    Properties of the vault
    system_data SystemDataResponse
    System metadata for the key vault.
    type str
    Resource type of the key vault resource.
    location str
    Azure location of the key vault resource.
    tags Mapping[str, str]
    Tags assigned to the key vault resource.
    id String
    Fully qualified identifier of the key vault resource.
    name String
    Name of the key vault resource.
    properties Property Map
    Properties of the vault
    systemData Property Map
    System metadata for the key vault.
    type String
    Resource type of the key vault resource.
    location String
    Azure location of the key vault resource.
    tags Map<String>
    Tags assigned to the key vault resource.

    Supporting Types

    AccessPolicyEntryResponse

    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions Pulumi.AzureNative.KeyVault.Inputs.PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal
    objectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId string
    Application ID of the client making request on behalf of a principal
    object_id str
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    application_id str
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Property Map
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal

    IPRuleResponse

    Value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    Value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value String
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value str
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value String
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    NetworkRuleSetResponse

    Bypass string
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    DefaultAction string
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRuleResponse>
    The list of IP address rules.
    VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRuleResponse>
    The list of virtual network rules.
    Bypass string
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    DefaultAction string
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    IpRules []IPRuleResponse
    The list of IP address rules.
    VirtualNetworkRules []VirtualNetworkRuleResponse
    The list of virtual network rules.
    bypass String
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction String
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules List<IPRuleResponse>
    The list of IP address rules.
    virtualNetworkRules List<VirtualNetworkRuleResponse>
    The list of virtual network rules.
    bypass string
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction string
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules IPRuleResponse[]
    The list of IP address rules.
    virtualNetworkRules VirtualNetworkRuleResponse[]
    The list of virtual network rules.
    bypass str
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    default_action str
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ip_rules Sequence[IPRuleResponse]
    The list of IP address rules.
    virtual_network_rules Sequence[VirtualNetworkRuleResponse]
    The list of virtual network rules.
    bypass String
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction String
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules List<Property Map>
    The list of IP address rules.
    virtualNetworkRules List<Property Map>
    The list of virtual network rules.

    PermissionsResponse

    Certificates List<string>
    Permissions to certificates
    Keys List<string>
    Permissions to keys
    Secrets List<string>
    Permissions to secrets
    Storage List<string>
    Permissions to storage accounts
    Certificates []string
    Permissions to certificates
    Keys []string
    Permissions to keys
    Secrets []string
    Permissions to secrets
    Storage []string
    Permissions to storage accounts
    certificates List<String>
    Permissions to certificates
    keys List<String>
    Permissions to keys
    secrets List<String>
    Permissions to secrets
    storage List<String>
    Permissions to storage accounts
    certificates string[]
    Permissions to certificates
    keys string[]
    Permissions to keys
    secrets string[]
    Permissions to secrets
    storage string[]
    Permissions to storage accounts
    certificates Sequence[str]
    Permissions to certificates
    keys Sequence[str]
    Permissions to keys
    secrets Sequence[str]
    Permissions to secrets
    storage Sequence[str]
    Permissions to storage accounts
    certificates List<String>
    Permissions to certificates
    keys List<String>
    Permissions to keys
    secrets List<String>
    Permissions to secrets
    storage List<String>
    Permissions to storage accounts

    PrivateEndpointConnectionItemResponse

    ProvisioningState string
    Provisioning state of the private endpoint connection.
    Etag string
    Modified whenever there is a change in the state of private endpoint connection.
    Id string
    Id of private endpoint connection.
    PrivateEndpoint Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointResponse
    Properties of the private endpoint object.
    PrivateLinkServiceConnectionState Pulumi.AzureNative.KeyVault.Inputs.PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    ProvisioningState string
    Provisioning state of the private endpoint connection.
    Etag string
    Modified whenever there is a change in the state of private endpoint connection.
    Id string
    Id of private endpoint connection.
    PrivateEndpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    PrivateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioningState String
    Provisioning state of the private endpoint connection.
    etag String
    Modified whenever there is a change in the state of private endpoint connection.
    id String
    Id of private endpoint connection.
    privateEndpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioningState string
    Provisioning state of the private endpoint connection.
    etag string
    Modified whenever there is a change in the state of private endpoint connection.
    id string
    Id of private endpoint connection.
    privateEndpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioning_state str
    Provisioning state of the private endpoint connection.
    etag str
    Modified whenever there is a change in the state of private endpoint connection.
    id str
    Id of private endpoint connection.
    private_endpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    private_link_service_connection_state PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioningState String
    Provisioning state of the private endpoint connection.
    etag String
    Modified whenever there is a change in the state of private endpoint connection.
    id String
    Id of private endpoint connection.
    privateEndpoint Property Map
    Properties of the private endpoint object.
    privateLinkServiceConnectionState Property Map
    Approval state of the private link connection.

    PrivateEndpointResponse

    Id string
    Full identifier of the private endpoint resource.
    Id string
    Full identifier of the private endpoint resource.
    id String
    Full identifier of the private endpoint resource.
    id string
    Full identifier of the private endpoint resource.
    id str
    Full identifier of the private endpoint resource.
    id String
    Full identifier of the private endpoint resource.

    PrivateLinkServiceConnectionStateResponse

    ActionsRequired string
    A message indicating if changes on the service provider require any updates on the consumer.
    Description string
    The reason for approval or rejection.
    Status string
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    ActionsRequired string
    A message indicating if changes on the service provider require any updates on the consumer.
    Description string
    The reason for approval or rejection.
    Status string
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actionsRequired String
    A message indicating if changes on the service provider require any updates on the consumer.
    description String
    The reason for approval or rejection.
    status String
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actionsRequired string
    A message indicating if changes on the service provider require any updates on the consumer.
    description string
    The reason for approval or rejection.
    status string
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actions_required str
    A message indicating if changes on the service provider require any updates on the consumer.
    description str
    The reason for approval or rejection.
    status str
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actionsRequired String
    A message indicating if changes on the service provider require any updates on the consumer.
    description String
    The reason for approval or rejection.
    status String
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    SkuResponse

    Family string
    SKU family name
    Name string
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    Family string
    SKU family name
    Name string
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family String
    SKU family name
    name String
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family string
    SKU family name
    name string
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family str
    SKU family name
    name str
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family String
    SKU family name
    name String
    SKU name to specify whether the key vault is a standard vault or a premium vault.

    SystemDataResponse

    CreatedAt string
    The timestamp of the key vault resource creation (UTC).
    CreatedBy string
    The identity that created the key vault resource.
    CreatedByType string
    The type of identity that created the key vault resource.
    LastModifiedAt string
    The timestamp of the key vault resource last modification (UTC).
    LastModifiedBy string
    The identity that last modified the key vault resource.
    LastModifiedByType string
    The type of identity that last modified the key vault resource.
    CreatedAt string
    The timestamp of the key vault resource creation (UTC).
    CreatedBy string
    The identity that created the key vault resource.
    CreatedByType string
    The type of identity that created the key vault resource.
    LastModifiedAt string
    The timestamp of the key vault resource last modification (UTC).
    LastModifiedBy string
    The identity that last modified the key vault resource.
    LastModifiedByType string
    The type of identity that last modified the key vault resource.
    createdAt String
    The timestamp of the key vault resource creation (UTC).
    createdBy String
    The identity that created the key vault resource.
    createdByType String
    The type of identity that created the key vault resource.
    lastModifiedAt String
    The timestamp of the key vault resource last modification (UTC).
    lastModifiedBy String
    The identity that last modified the key vault resource.
    lastModifiedByType String
    The type of identity that last modified the key vault resource.
    createdAt string
    The timestamp of the key vault resource creation (UTC).
    createdBy string
    The identity that created the key vault resource.
    createdByType string
    The type of identity that created the key vault resource.
    lastModifiedAt string
    The timestamp of the key vault resource last modification (UTC).
    lastModifiedBy string
    The identity that last modified the key vault resource.
    lastModifiedByType string
    The type of identity that last modified the key vault resource.
    created_at str
    The timestamp of the key vault resource creation (UTC).
    created_by str
    The identity that created the key vault resource.
    created_by_type str
    The type of identity that created the key vault resource.
    last_modified_at str
    The timestamp of the key vault resource last modification (UTC).
    last_modified_by str
    The identity that last modified the key vault resource.
    last_modified_by_type str
    The type of identity that last modified the key vault resource.
    createdAt String
    The timestamp of the key vault resource creation (UTC).
    createdBy String
    The identity that created the key vault resource.
    createdByType String
    The type of identity that created the key vault resource.
    lastModifiedAt String
    The timestamp of the key vault resource last modification (UTC).
    lastModifiedBy String
    The identity that last modified the key vault resource.
    lastModifiedByType String
    The type of identity that last modified the key vault resource.

    VaultPropertiesResponse

    HsmPoolResourceId string
    The resource id of HSM Pool.
    PrivateEndpointConnections List<Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointConnectionItemResponse>
    List of private endpoint connections associated with the key vault.
    Sku Pulumi.AzureNative.KeyVault.Inputs.SkuResponse
    SKU details
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntryResponse>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    EnablePurgeProtection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    EnableRbacAuthorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    EnableSoftDelete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    EnabledForDeployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    EnabledForDiskEncryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    EnabledForTemplateDeployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    ProvisioningState string
    Provisioning state of the vault.
    PublicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    SoftDeleteRetentionInDays int
    softDelete data retention days. It accepts >=7 and <=90.
    VaultUri string
    The URI of the vault for performing operations on keys and secrets.
    HsmPoolResourceId string
    The resource id of HSM Pool.
    PrivateEndpointConnections []PrivateEndpointConnectionItemResponse
    List of private endpoint connections associated with the key vault.
    Sku SkuResponse
    SKU details
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    AccessPolicies []AccessPolicyEntryResponse
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    EnablePurgeProtection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    EnableRbacAuthorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    EnableSoftDelete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    EnabledForDeployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    EnabledForDiskEncryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    EnabledForTemplateDeployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    NetworkAcls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    ProvisioningState string
    Provisioning state of the vault.
    PublicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    SoftDeleteRetentionInDays int
    softDelete data retention days. It accepts >=7 and <=90.
    VaultUri string
    The URI of the vault for performing operations on keys and secrets.
    hsmPoolResourceId String
    The resource id of HSM Pool.
    privateEndpointConnections List<PrivateEndpointConnectionItemResponse>
    List of private endpoint connections associated with the key vault.
    sku SkuResponse
    SKU details
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies List<AccessPolicyEntryResponse>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enablePurgeProtection Boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization Boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete Boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment Boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption Boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment Boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState String
    Provisioning state of the vault.
    publicNetworkAccess String
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays Integer
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri String
    The URI of the vault for performing operations on keys and secrets.
    hsmPoolResourceId string
    The resource id of HSM Pool.
    privateEndpointConnections PrivateEndpointConnectionItemResponse[]
    List of private endpoint connections associated with the key vault.
    sku SkuResponse
    SKU details
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies AccessPolicyEntryResponse[]
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enablePurgeProtection boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState string
    Provisioning state of the vault.
    publicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays number
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri string
    The URI of the vault for performing operations on keys and secrets.
    hsm_pool_resource_id str
    The resource id of HSM Pool.
    private_endpoint_connections Sequence[PrivateEndpointConnectionItemResponse]
    List of private endpoint connections associated with the key vault.
    sku SkuResponse
    SKU details
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    access_policies Sequence[AccessPolicyEntryResponse]
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enable_purge_protection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enable_rbac_authorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enable_soft_delete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabled_for_deployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabled_for_disk_encryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabled_for_template_deployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    network_acls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    provisioning_state str
    Provisioning state of the vault.
    public_network_access str
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    soft_delete_retention_in_days int
    softDelete data retention days. It accepts >=7 and <=90.
    vault_uri str
    The URI of the vault for performing operations on keys and secrets.
    hsmPoolResourceId String
    The resource id of HSM Pool.
    privateEndpointConnections List<Property Map>
    List of private endpoint connections associated with the key vault.
    sku Property Map
    SKU details
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies List<Property Map>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enablePurgeProtection Boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization Boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete Boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment Boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption Boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment Boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls Property Map
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState String
    Provisioning state of the vault.
    publicNetworkAccess String
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays Number
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri String
    The URI of the vault for performing operations on keys and secrets.

    VirtualNetworkRuleResponse

    Id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    IgnoreMissingVnetServiceEndpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    Id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    IgnoreMissingVnetServiceEndpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id String
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint Boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id str
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignore_missing_vnet_service_endpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id String
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint Boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi