keyvault

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-azure repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-azurerm repo.

class pulumi_azure.keyvault.AccessPolicy(resource_name, opts=None, application_id=None, certificate_permissions=None, key_permissions=None, key_vault_id=None, object_id=None, resource_group_name=None, secret_permissions=None, storage_permissions=None, tenant_id=None, vault_name=None, __props__=None, __name__=None, __opts__=None)

Manages a Key Vault Access Policy.

NOTE: It’s possible to define Key Vault Access Policies both within the keyvault.KeyVault resource via the access_policy block and by using the keyvault.AccessPolicy resource. However it’s not possible to use both methods to manage Access Policies within a KeyVault, since there’ll be conflicts.

NOTE: Azure permits a maximum of 1024 Access Policies per Key Vault - more information can be found in this document.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • application_id (pulumi.Input[str]) – The object ID of an Application in Azure Active Directory.

  • certificate_permissions (pulumi.Input[list]) – List of certificate permissions, must be one or more from the following: backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers and update.

  • key_permissions (pulumi.Input[list]) – List of key permissions, must be one or more from the following: backup, create, decrypt, delete, encrypt, get, import, list, purge, recover, restore, sign, unwrapKey, update, verify and wrapKey.

  • key_vault_id (pulumi.Input[str]) – Specifies the id of the Key Vault resource. Changing this forces a new resource to be created.

  • object_id (pulumi.Input[str]) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the namespace. Changing this forces a new resource to be created.

  • secret_permissions (pulumi.Input[list]) – List of secret permissions, must be one or more from the following: backup, delete, get, list, purge, recover, restore and set.

  • storage_permissions (pulumi.Input[list]) – List of storage permissions, must be one or more from the following: backup, delete, deletesas, get, getsas, list, listsas, purge, recover, regeneratekey, restore, set, setsas and update.

  • tenant_id (pulumi.Input[str]) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.

  • vault_name (pulumi.Input[str]) – Specifies the name of the Key Vault resource. Changing this forces a new resource to be created.

application_id = None

The object ID of an Application in Azure Active Directory.

certificate_permissions = None

List of certificate permissions, must be one or more from the following: backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers and update.

key_permissions = None

List of key permissions, must be one or more from the following: backup, create, decrypt, delete, encrypt, get, import, list, purge, recover, restore, sign, unwrapKey, update, verify and wrapKey.

key_vault_id = None

Specifies the id of the Key Vault resource. Changing this forces a new resource to be created.

object_id = None

The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.

resource_group_name = None

The name of the resource group in which to create the namespace. Changing this forces a new resource to be created.

secret_permissions = None

List of secret permissions, must be one or more from the following: backup, delete, get, list, purge, recover, restore and set.

storage_permissions = None

List of storage permissions, must be one or more from the following: backup, delete, deletesas, get, getsas, list, listsas, purge, recover, regeneratekey, restore, set, setsas and update.

tenant_id = None

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.

vault_name = None

Specifies the name of the Key Vault resource. Changing this forces a new resource to be created.

static get(resource_name, id, opts=None, application_id=None, certificate_permissions=None, key_permissions=None, key_vault_id=None, object_id=None, resource_group_name=None, secret_permissions=None, storage_permissions=None, tenant_id=None, vault_name=None)

Get an existing AccessPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • application_id (pulumi.Input[str]) – The object ID of an Application in Azure Active Directory.

  • certificate_permissions (pulumi.Input[list]) – List of certificate permissions, must be one or more from the following: backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers and update.

  • key_permissions (pulumi.Input[list]) – List of key permissions, must be one or more from the following: backup, create, decrypt, delete, encrypt, get, import, list, purge, recover, restore, sign, unwrapKey, update, verify and wrapKey.

  • key_vault_id (pulumi.Input[str]) – Specifies the id of the Key Vault resource. Changing this forces a new resource to be created.

  • object_id (pulumi.Input[str]) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the namespace. Changing this forces a new resource to be created.

  • secret_permissions (pulumi.Input[list]) – List of secret permissions, must be one or more from the following: backup, delete, get, list, purge, recover, restore and set.

  • storage_permissions (pulumi.Input[list]) – List of storage permissions, must be one or more from the following: backup, delete, deletesas, get, getsas, list, listsas, purge, recover, regeneratekey, restore, set, setsas and update.

  • tenant_id (pulumi.Input[str]) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.

  • vault_name (pulumi.Input[str]) – Specifies the name of the Key Vault resource. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.keyvault.AwaitableGetAccessPolicyResult(certificate_permissions=None, key_permissions=None, name=None, secret_permissions=None, id=None)
class pulumi_azure.keyvault.AwaitableGetKeyResult(e=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, n=None, name=None, tags=None, vault_uri=None, version=None, id=None)
class pulumi_azure.keyvault.AwaitableGetKeyVaultResult(access_policies=None, enabled_for_deployment=None, enabled_for_disk_encryption=None, enabled_for_template_deployment=None, location=None, name=None, network_acls=None, resource_group_name=None, sku=None, sku_name=None, tags=None, tenant_id=None, vault_uri=None, id=None)
class pulumi_azure.keyvault.AwaitableGetSecretResult(content_type=None, key_vault_id=None, name=None, tags=None, value=None, vault_uri=None, version=None, id=None)
class pulumi_azure.keyvault.Certifiate(resource_name, opts=None, certificate=None, certificate_policy=None, key_vault_id=None, name=None, tags=None, vault_uri=None, __props__=None, __name__=None, __opts__=None)

Manages a Key Vault Certificate.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate (pulumi.Input[dict]) – A certificate block as defined below, used to Import an existing certificate.

  • certificate_policy (pulumi.Input[dict]) – A certificate_policy block as defined below.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Certificate should be created.

  • name (pulumi.Input[str]) – The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

The certificate object supports the following:

  • contents (pulumi.Input[str]) - The base64-encoded certificate contents. Changing this forces a new resource to be created.

  • password (pulumi.Input[str]) - The password associated with the certificate. Changing this forces a new resource to be created.

The certificate_policy object supports the following:

  • issuerParameters (pulumi.Input[dict]) - A issuer_parameters block as defined below.

    • name (pulumi.Input[str]) - The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • keyProperties (pulumi.Input[dict]) - A key_properties block as defined below.

    • exportable (pulumi.Input[bool]) - Is this Certificate Exportable? Changing this forces a new resource to be created.

    • key_size (pulumi.Input[float]) - The size of the Key used in the Certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created.

    • key_type (pulumi.Input[str]) - Specifies the Type of Key, such as RSA. Changing this forces a new resource to be created.

    • reuseKey (pulumi.Input[bool]) - Is the key reusable? Changing this forces a new resource to be created.

  • lifetimeActions (pulumi.Input[list]) - A lifetime_action block as defined below.

    • action (pulumi.Input[dict]) - A action block as defined below.

      • actionType (pulumi.Input[str]) - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

    • trigger (pulumi.Input[dict]) - A trigger block as defined below.

      • daysBeforeExpiry (pulumi.Input[float]) - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.

      • lifetimePercentage (pulumi.Input[float]) - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

  • secretProperties (pulumi.Input[dict]) - A secret_properties block as defined below.

    • content_type (pulumi.Input[str]) - The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

  • x509CertificateProperties (pulumi.Input[dict]) - A x509_certificate_properties block as defined below.

    • extendedKeyUsages (pulumi.Input[list]) - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.

    • keyUsages (pulumi.Input[list]) - A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.

    • subject (pulumi.Input[str]) - The Certificate’s Subject. Changing this forces a new resource to be created.

    • subjectAlternativeNames (pulumi.Input[dict]) - A subject_alternative_names block as defined below.

      • dnsNames (pulumi.Input[list]) - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.

      • emails (pulumi.Input[list]) - A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.

      • upns (pulumi.Input[list]) - A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

    • validityInMonths (pulumi.Input[float]) - The Certificates Validity Period in Months. Changing this forces a new resource to be created.

certificate = None

A certificate block as defined below, used to Import an existing certificate.

  • contents (str) - The base64-encoded certificate contents. Changing this forces a new resource to be created.

  • password (str) - The password associated with the certificate. Changing this forces a new resource to be created.

certificate_data = None

The raw Key Vault Certificate.

certificate_policy = None

A certificate_policy block as defined below.

  • issuerParameters (dict) - A issuer_parameters block as defined below.

    • name (str) - The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • keyProperties (dict) - A key_properties block as defined below.

    • exportable (bool) - Is this Certificate Exportable? Changing this forces a new resource to be created.

    • key_size (float) - The size of the Key used in the Certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created.

    • key_type (str) - Specifies the Type of Key, such as RSA. Changing this forces a new resource to be created.

    • reuseKey (bool) - Is the key reusable? Changing this forces a new resource to be created.

  • lifetimeActions (list) - A lifetime_action block as defined below.

    • action (dict) - A action block as defined below.

      • actionType (str) - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

    • trigger (dict) - A trigger block as defined below.

      • daysBeforeExpiry (float) - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.

      • lifetimePercentage (float) - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

  • secretProperties (dict) - A secret_properties block as defined below.

    • content_type (str) - The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

  • x509CertificateProperties (dict) - A x509_certificate_properties block as defined below.

    • extendedKeyUsages (list) - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.

    • keyUsages (list) - A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.

    • subject (str) - The Certificate’s Subject. Changing this forces a new resource to be created.

    • subjectAlternativeNames (dict) - A subject_alternative_names block as defined below.

      • dnsNames (list) - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.

      • emails (list) - A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.

      • upns (list) - A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

    • validityInMonths (float) - The Certificates Validity Period in Months. Changing this forces a new resource to be created.

key_vault_id = None

The ID of the Key Vault where the Certificate should be created.

name = None

The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

secret_id = None

The ID of the associated Key Vault Secret.

tags = None

A mapping of tags to assign to the resource.

thumbprint = None

The X509 Thumbprint of the Key Vault Certificate returned as hex string.

version = None

The current version of the Key Vault Certificate.

static get(resource_name, id, opts=None, certificate=None, certificate_data=None, certificate_policy=None, key_vault_id=None, name=None, secret_id=None, tags=None, thumbprint=None, vault_uri=None, version=None)

Get an existing Certifiate resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate (pulumi.Input[dict]) – A certificate block as defined below, used to Import an existing certificate.

  • certificate_data (pulumi.Input[str]) – The raw Key Vault Certificate.

  • certificate_policy (pulumi.Input[dict]) – A certificate_policy block as defined below.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Certificate should be created.

  • name (pulumi.Input[str]) – The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • secret_id (pulumi.Input[str]) – The ID of the associated Key Vault Secret.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • thumbprint (pulumi.Input[str]) – The X509 Thumbprint of the Key Vault Certificate returned as hex string.

  • version (pulumi.Input[str]) – The current version of the Key Vault Certificate.

The certificate object supports the following:

  • contents (pulumi.Input[str]) - The base64-encoded certificate contents. Changing this forces a new resource to be created.

  • password (pulumi.Input[str]) - The password associated with the certificate. Changing this forces a new resource to be created.

The certificate_policy object supports the following:

  • issuerParameters (pulumi.Input[dict]) - A issuer_parameters block as defined below.

    • name (pulumi.Input[str]) - The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • keyProperties (pulumi.Input[dict]) - A key_properties block as defined below.

    • exportable (pulumi.Input[bool]) - Is this Certificate Exportable? Changing this forces a new resource to be created.

    • key_size (pulumi.Input[float]) - The size of the Key used in the Certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created.

    • key_type (pulumi.Input[str]) - Specifies the Type of Key, such as RSA. Changing this forces a new resource to be created.

    • reuseKey (pulumi.Input[bool]) - Is the key reusable? Changing this forces a new resource to be created.

  • lifetimeActions (pulumi.Input[list]) - A lifetime_action block as defined below.

    • action (pulumi.Input[dict]) - A action block as defined below.

      • actionType (pulumi.Input[str]) - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

    • trigger (pulumi.Input[dict]) - A trigger block as defined below.

      • daysBeforeExpiry (pulumi.Input[float]) - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.

      • lifetimePercentage (pulumi.Input[float]) - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

  • secretProperties (pulumi.Input[dict]) - A secret_properties block as defined below.

    • content_type (pulumi.Input[str]) - The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

  • x509CertificateProperties (pulumi.Input[dict]) - A x509_certificate_properties block as defined below.

    • extendedKeyUsages (pulumi.Input[list]) - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.

    • keyUsages (pulumi.Input[list]) - A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.

    • subject (pulumi.Input[str]) - The Certificate’s Subject. Changing this forces a new resource to be created.

    • subjectAlternativeNames (pulumi.Input[dict]) - A subject_alternative_names block as defined below.

      • dnsNames (pulumi.Input[list]) - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.

      • emails (pulumi.Input[list]) - A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.

      • upns (pulumi.Input[list]) - A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

    • validityInMonths (pulumi.Input[float]) - The Certificates Validity Period in Months. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.keyvault.Certificate(resource_name, opts=None, certificate=None, certificate_policy=None, key_vault_id=None, name=None, tags=None, vault_uri=None, __props__=None, __name__=None, __opts__=None)

Manages a Key Vault Certificate.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate (pulumi.Input[dict]) – A certificate block as defined below, used to Import an existing certificate.

  • certificate_policy (pulumi.Input[dict]) – A certificate_policy block as defined below.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Certificate should be created.

  • name (pulumi.Input[str]) – The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

The certificate object supports the following:

  • contents (pulumi.Input[str]) - The base64-encoded certificate contents. Changing this forces a new resource to be created.

  • password (pulumi.Input[str]) - The password associated with the certificate. Changing this forces a new resource to be created.

The certificate_policy object supports the following:

  • issuerParameters (pulumi.Input[dict]) - A issuer_parameters block as defined below.

    • name (pulumi.Input[str]) - The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • keyProperties (pulumi.Input[dict]) - A key_properties block as defined below.

    • exportable (pulumi.Input[bool]) - Is this Certificate Exportable? Changing this forces a new resource to be created.

    • key_size (pulumi.Input[float]) - The size of the Key used in the Certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created.

    • key_type (pulumi.Input[str]) - Specifies the Type of Key, such as RSA. Changing this forces a new resource to be created.

    • reuseKey (pulumi.Input[bool]) - Is the key reusable? Changing this forces a new resource to be created.

  • lifetimeActions (pulumi.Input[list]) - A lifetime_action block as defined below.

    • action (pulumi.Input[dict]) - A action block as defined below.

      • actionType (pulumi.Input[str]) - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

    • trigger (pulumi.Input[dict]) - A trigger block as defined below.

      • daysBeforeExpiry (pulumi.Input[float]) - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.

      • lifetimePercentage (pulumi.Input[float]) - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

  • secretProperties (pulumi.Input[dict]) - A secret_properties block as defined below.

    • content_type (pulumi.Input[str]) - The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

  • x509CertificateProperties (pulumi.Input[dict]) - A x509_certificate_properties block as defined below.

    • extendedKeyUsages (pulumi.Input[list]) - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.

    • keyUsages (pulumi.Input[list]) - A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.

    • subject (pulumi.Input[str]) - The Certificate’s Subject. Changing this forces a new resource to be created.

    • subjectAlternativeNames (pulumi.Input[dict]) - A subject_alternative_names block as defined below.

      • dnsNames (pulumi.Input[list]) - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.

      • emails (pulumi.Input[list]) - A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.

      • upns (pulumi.Input[list]) - A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

    • validityInMonths (pulumi.Input[float]) - The Certificates Validity Period in Months. Changing this forces a new resource to be created.

certificate = None

A certificate block as defined below, used to Import an existing certificate.

  • contents (str) - The base64-encoded certificate contents. Changing this forces a new resource to be created.

  • password (str) - The password associated with the certificate. Changing this forces a new resource to be created.

certificate_data = None

The raw Key Vault Certificate.

certificate_policy = None

A certificate_policy block as defined below.

  • issuerParameters (dict) - A issuer_parameters block as defined below.

    • name (str) - The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • keyProperties (dict) - A key_properties block as defined below.

    • exportable (bool) - Is this Certificate Exportable? Changing this forces a new resource to be created.

    • key_size (float) - The size of the Key used in the Certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created.

    • key_type (str) - Specifies the Type of Key, such as RSA. Changing this forces a new resource to be created.

    • reuseKey (bool) - Is the key reusable? Changing this forces a new resource to be created.

  • lifetimeActions (list) - A lifetime_action block as defined below.

    • action (dict) - A action block as defined below.

      • actionType (str) - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

    • trigger (dict) - A trigger block as defined below.

      • daysBeforeExpiry (float) - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.

      • lifetimePercentage (float) - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

  • secretProperties (dict) - A secret_properties block as defined below.

    • content_type (str) - The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

  • x509CertificateProperties (dict) - A x509_certificate_properties block as defined below.

    • extendedKeyUsages (list) - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.

    • keyUsages (list) - A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.

    • subject (str) - The Certificate’s Subject. Changing this forces a new resource to be created.

    • subjectAlternativeNames (dict) - A subject_alternative_names block as defined below.

      • dnsNames (list) - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.

      • emails (list) - A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.

      • upns (list) - A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

    • validityInMonths (float) - The Certificates Validity Period in Months. Changing this forces a new resource to be created.

key_vault_id = None

The ID of the Key Vault where the Certificate should be created.

name = None

The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

secret_id = None

The ID of the associated Key Vault Secret.

tags = None

A mapping of tags to assign to the resource.

thumbprint = None

The X509 Thumbprint of the Key Vault Certificate returned as hex string.

version = None

The current version of the Key Vault Certificate.

static get(resource_name, id, opts=None, certificate=None, certificate_data=None, certificate_policy=None, key_vault_id=None, name=None, secret_id=None, tags=None, thumbprint=None, vault_uri=None, version=None)

Get an existing Certificate resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate (pulumi.Input[dict]) – A certificate block as defined below, used to Import an existing certificate.

  • certificate_data (pulumi.Input[str]) – The raw Key Vault Certificate.

  • certificate_policy (pulumi.Input[dict]) – A certificate_policy block as defined below.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Certificate should be created.

  • name (pulumi.Input[str]) – The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • secret_id (pulumi.Input[str]) – The ID of the associated Key Vault Secret.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • thumbprint (pulumi.Input[str]) – The X509 Thumbprint of the Key Vault Certificate returned as hex string.

  • version (pulumi.Input[str]) – The current version of the Key Vault Certificate.

The certificate object supports the following:

  • contents (pulumi.Input[str]) - The base64-encoded certificate contents. Changing this forces a new resource to be created.

  • password (pulumi.Input[str]) - The password associated with the certificate. Changing this forces a new resource to be created.

The certificate_policy object supports the following:

  • issuerParameters (pulumi.Input[dict]) - A issuer_parameters block as defined below.

    • name (pulumi.Input[str]) - The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

  • keyProperties (pulumi.Input[dict]) - A key_properties block as defined below.

    • exportable (pulumi.Input[bool]) - Is this Certificate Exportable? Changing this forces a new resource to be created.

    • key_size (pulumi.Input[float]) - The size of the Key used in the Certificate. Possible values include 2048 and 4096. Changing this forces a new resource to be created.

    • key_type (pulumi.Input[str]) - Specifies the Type of Key, such as RSA. Changing this forces a new resource to be created.

    • reuseKey (pulumi.Input[bool]) - Is the key reusable? Changing this forces a new resource to be created.

  • lifetimeActions (pulumi.Input[list]) - A lifetime_action block as defined below.

    • action (pulumi.Input[dict]) - A action block as defined below.

      • actionType (pulumi.Input[str]) - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

    • trigger (pulumi.Input[dict]) - A trigger block as defined below.

      • daysBeforeExpiry (pulumi.Input[float]) - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.

      • lifetimePercentage (pulumi.Input[float]) - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

  • secretProperties (pulumi.Input[dict]) - A secret_properties block as defined below.

    • content_type (pulumi.Input[str]) - The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

  • x509CertificateProperties (pulumi.Input[dict]) - A x509_certificate_properties block as defined below.

    • extendedKeyUsages (pulumi.Input[list]) - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.

    • keyUsages (pulumi.Input[list]) - A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.

    • subject (pulumi.Input[str]) - The Certificate’s Subject. Changing this forces a new resource to be created.

    • subjectAlternativeNames (pulumi.Input[dict]) - A subject_alternative_names block as defined below.

      • dnsNames (pulumi.Input[list]) - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.

      • emails (pulumi.Input[list]) - A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.

      • upns (pulumi.Input[list]) - A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

    • validityInMonths (pulumi.Input[float]) - The Certificates Validity Period in Months. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.keyvault.GetAccessPolicyResult(certificate_permissions=None, key_permissions=None, name=None, secret_permissions=None, id=None)

A collection of values returned by getAccessPolicy.

certificate_permissions = None

the certificate permissions for the access policy

key_permissions = None

the key permissions for the access policy

secret_permissions = None

the secret permissions for the access policy

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.GetKeyResult(e=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, n=None, name=None, tags=None, vault_uri=None, version=None, id=None)

A collection of values returned by getKey.

e = None

The RSA public exponent of this Key Vault Key.

key_opts = None

A list of JSON web key operations assigned to this Key Vault Key

key_size = None

Specifies the Size of this Key Vault Key.

key_type = None

Specifies the Key Type of this Key Vault Key

n = None

The RSA modulus of this Key Vault Key.

tags = None

A mapping of tags assigned to this Key Vault Key.

version = None

The current version of the Key Vault Key.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.GetKeyVaultResult(access_policies=None, enabled_for_deployment=None, enabled_for_disk_encryption=None, enabled_for_template_deployment=None, location=None, name=None, network_acls=None, resource_group_name=None, sku=None, sku_name=None, tags=None, tenant_id=None, vault_uri=None, id=None)

A collection of values returned by getKeyVault.

access_policies = None

One or more access_policy blocks as defined below.

enabled_for_deployment = None

Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?

enabled_for_disk_encryption = None

Can Azure Disk Encryption retrieve secrets from the Key Vault?

enabled_for_template_deployment = None

Can Azure Resource Manager retrieve secrets from the Key Vault?

location = None

The Azure Region in which the Key Vault exists.

name = None

The name of the SKU used for this Key Vault.

sku = None

A sku block as described below.

tags = None

A mapping of tags assigned to the Key Vault.

tenant_id = None

The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.

vault_uri = None

The URI of the vault for performing operations on keys and secrets.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.GetSecretResult(content_type=None, key_vault_id=None, name=None, tags=None, value=None, vault_uri=None, version=None, id=None)

A collection of values returned by getSecret.

content_type = None

The content type for the Key Vault Secret.

tags = None

Any tags assigned to this resource.

value = None

The value of the Key Vault Secret.

version = None

The current version of the Key Vault Secret.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.Key(resource_name, opts=None, curve=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, name=None, tags=None, vault_uri=None, __props__=None, __name__=None, __opts__=None)

Manages a Key Vault Key.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • curve (pulumi.Input[str]) – Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

  • key_opts (pulumi.Input[list]) – A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

  • key_size (pulumi.Input[float]) – Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

  • key_type (pulumi.Input[str]) – Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) – Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

curve = None

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

e = None

The RSA public exponent of this Key Vault Key.

key_opts = None

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

key_size = None

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

key_type = None

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

key_vault_id = None

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

n = None

The RSA modulus of this Key Vault Key.

name = None

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

tags = None

A mapping of tags to assign to the resource.

version = None

The current version of the Key Vault Key.

x = None

The EC X component of this Key Vault Key.

y = None

The EC Y component of this Key Vault Key.

static get(resource_name, id, opts=None, curve=None, e=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, n=None, name=None, tags=None, vault_uri=None, version=None, x=None, y=None)

Get an existing Key resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • curve (pulumi.Input[str]) – Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

  • e (pulumi.Input[str]) – The RSA public exponent of this Key Vault Key.

  • key_opts (pulumi.Input[list]) – A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

  • key_size (pulumi.Input[float]) – Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

  • key_type (pulumi.Input[str]) – Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

  • n (pulumi.Input[str]) – The RSA modulus of this Key Vault Key.

  • name (pulumi.Input[str]) – Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • version (pulumi.Input[str]) – The current version of the Key Vault Key.

  • x (pulumi.Input[str]) – The EC X component of this Key Vault Key.

  • y (pulumi.Input[str]) – The EC Y component of this Key Vault Key.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.keyvault.KeyVault(resource_name, opts=None, access_policies=None, enabled_for_deployment=None, enabled_for_disk_encryption=None, enabled_for_template_deployment=None, location=None, name=None, network_acls=None, resource_group_name=None, sku=None, sku_name=None, tags=None, tenant_id=None, __props__=None, __name__=None, __opts__=None)

Manages a Key Vault.

NOTE: It’s possible to define Key Vault Access Policies both within the keyvault.KeyVault resource via the access_policy block and by using the keyvault.AccessPolicy resource. However it’s not possible to use both methods to manage Access Policies within a KeyVault, since there’ll be conflicts.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_policies (pulumi.Input[list]) – A list of up to 16 objects describing access policies, as described below.

  • enabled_for_deployment (pulumi.Input[bool]) – Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false.

  • enabled_for_disk_encryption (pulumi.Input[bool]) – Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false.

  • enabled_for_template_deployment (pulumi.Input[bool]) – Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false.

  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) – Specifies the name of the Key Vault. Changing this forces a new resource to be created.

  • network_acls (pulumi.Input[dict]) – A network_acls block as defined below.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.

  • sku (pulumi.Input[dict]) – ) A sku block as described below.

  • sku_name (pulumi.Input[str]) – The Name of the SKU used for this Key Vault. Possible values are standard and premium.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • tenant_id (pulumi.Input[str]) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

The access_policies object supports the following:

  • application_id (pulumi.Input[str])

  • certificate_permissions (pulumi.Input[list])

  • key_permissions (pulumi.Input[list])

  • object_id (pulumi.Input[str])

  • secret_permissions (pulumi.Input[list])

  • storage_permissions (pulumi.Input[list])

  • tenant_id (pulumi.Input[str]) - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

The network_acls object supports the following:

  • bypass (pulumi.Input[str])

  • defaultAction (pulumi.Input[str])

  • ipRules (pulumi.Input[list])

  • virtualNetworkSubnetIds (pulumi.Input[list])

The sku object supports the following:

  • name (pulumi.Input[str]) - Specifies the name of the Key Vault. Changing this forces a new resource to be created.

access_policies = None

A list of up to 16 objects describing access policies, as described below.

  • application_id (str)

  • certificate_permissions (list)

  • key_permissions (list)

  • object_id (str)

  • secret_permissions (list)

  • storage_permissions (list)

  • tenant_id (str) - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

enabled_for_deployment = None

Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false.

enabled_for_disk_encryption = None

Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false.

enabled_for_template_deployment = None

Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false.

location = None

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

name = None

Specifies the name of the Key Vault. Changing this forces a new resource to be created.

network_acls = None

A network_acls block as defined below.

  • bypass (str)

  • defaultAction (str)

  • ipRules (list)

  • virtualNetworkSubnetIds (list)

resource_group_name = None

The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.

sku = None

) A sku block as described below.

  • name (str) - Specifies the name of the Key Vault. Changing this forces a new resource to be created.

sku_name = None

The Name of the SKU used for this Key Vault. Possible values are standard and premium.

tags = None

A mapping of tags to assign to the resource.

tenant_id = None

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

vault_uri = None

The URI of the Key Vault, used for performing operations on keys and secrets.

static get(resource_name, id, opts=None, access_policies=None, enabled_for_deployment=None, enabled_for_disk_encryption=None, enabled_for_template_deployment=None, location=None, name=None, network_acls=None, resource_group_name=None, sku=None, sku_name=None, tags=None, tenant_id=None, vault_uri=None)

Get an existing KeyVault resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_policies (pulumi.Input[list]) –

    A list of up to 16 objects describing access policies, as described below.

  • enabled_for_deployment (pulumi.Input[bool]) – Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false.

  • enabled_for_disk_encryption (pulumi.Input[bool]) – Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false.

  • enabled_for_template_deployment (pulumi.Input[bool]) – Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false.

  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) – Specifies the name of the Key Vault. Changing this forces a new resource to be created.

  • network_acls (pulumi.Input[dict]) – A network_acls block as defined below.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.

  • sku (pulumi.Input[dict]) – ) A sku block as described below.

  • sku_name (pulumi.Input[str]) – The Name of the SKU used for this Key Vault. Possible values are standard and premium.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • tenant_id (pulumi.Input[str]) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

  • vault_uri (pulumi.Input[str]) – The URI of the Key Vault, used for performing operations on keys and secrets.

The access_policies object supports the following:

  • application_id (pulumi.Input[str])

  • certificate_permissions (pulumi.Input[list])

  • key_permissions (pulumi.Input[list])

  • object_id (pulumi.Input[str])

  • secret_permissions (pulumi.Input[list])

  • storage_permissions (pulumi.Input[list])

  • tenant_id (pulumi.Input[str]) - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

The network_acls object supports the following:

  • bypass (pulumi.Input[str])

  • defaultAction (pulumi.Input[str])

  • ipRules (pulumi.Input[list])

  • virtualNetworkSubnetIds (pulumi.Input[list])

The sku object supports the following:

  • name (pulumi.Input[str]) - Specifies the name of the Key Vault. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.keyvault.Secret(resource_name, opts=None, content_type=None, key_vault_id=None, name=None, tags=None, value=None, vault_uri=None, __props__=None, __name__=None, __opts__=None)

Manages a Key Vault Secret.

Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • content_type (pulumi.Input[str]) – Specifies the content type for the Key Vault Secret.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Secret should be created.

  • name (pulumi.Input[str]) – Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • value (pulumi.Input[str]) – Specifies the value of the Key Vault Secret.

content_type = None

Specifies the content type for the Key Vault Secret.

key_vault_id = None

The ID of the Key Vault where the Secret should be created.

name = None

Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.

tags = None

A mapping of tags to assign to the resource.

value = None

Specifies the value of the Key Vault Secret.

version = None

The current version of the Key Vault Secret.

static get(resource_name, id, opts=None, content_type=None, key_vault_id=None, name=None, tags=None, value=None, vault_uri=None, version=None)

Get an existing Secret resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • content_type (pulumi.Input[str]) – Specifies the content type for the Key Vault Secret.

  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Secret should be created.

  • name (pulumi.Input[str]) – Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • value (pulumi.Input[str]) – Specifies the value of the Key Vault Secret.

  • version (pulumi.Input[str]) – The current version of the Key Vault Secret.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_azure.keyvault.get_access_policy(name=None, opts=None)

Use this data source to access information about the permissions from the Management Key Vault Templates.

Parameters

name (str) – Specifies the name of the Management Template. Possible values are: Key Management, Secret Management, Certificate Management, Key & Secret Management, Key & Certificate Management, Secret & Certificate Management, Key, Secret, & Certificate Management

pulumi_azure.keyvault.get_key(key_vault_id=None, name=None, vault_uri=None, opts=None)

Use this data source to access information about an existing Key Vault Key.

Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.

Parameters
  • name (str) – Specifies the name of the Key Vault Key.

  • vault_uri (str) – Specifies the ID of the Key Vault Key Vault instance where the Key resides, available on the keyvault.KeyVault Data Source / Resource.

pulumi_azure.keyvault.get_key_vault(name=None, resource_group_name=None, opts=None)

Use this data source to access information about an existing Key Vault.

Parameters
  • name (str) – Specifies the name of the Key Vault.

  • resource_group_name (str) – The name of the Resource Group in which the Key Vault exists.

pulumi_azure.keyvault.get_secret(key_vault_id=None, name=None, vault_uri=None, opts=None)

Use this data source to access information about an existing Key Vault Secret.

Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.

Parameters
  • key_vault_id (str) – Specifies the ID of the Key Vault Key Vault instance where the Secret resides, available on the keyvault.KeyVault Data Source / Resource.

  • name (str) – Specifies the name of the Key Vault Secret.