1. Packages
  2. Azure Native
  3. API Docs
  4. keyvault
  5. Vault
Azure Native v1.103.0 published on Friday, Jun 2, 2023 by Pulumi

azure-native.keyvault.Vault

Explore with Pulumi AI

azure-native logo
Azure Native v1.103.0 published on Friday, Jun 2, 2023 by Pulumi

    Resource information with extended details. API Version: 2019-09-01.

    Example Usage

    Create a new vault or update an existing vault

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var vault = new AzureNative.KeyVault.Vault("vault", new()
        {
            Location = "westus",
            Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
            {
                AccessPolicies = new[]
                {
                    new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
                    {
                        ObjectId = "00000000-0000-0000-0000-000000000000",
                        Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
                        {
                            Certificates = new[]
                            {
                                "get",
                                "list",
                                "delete",
                                "create",
                                "import",
                                "update",
                                "managecontacts",
                                "getissuers",
                                "listissuers",
                                "setissuers",
                                "deleteissuers",
                                "manageissuers",
                                "recover",
                                "purge",
                            },
                            Keys = new[]
                            {
                                "encrypt",
                                "decrypt",
                                "wrapKey",
                                "unwrapKey",
                                "sign",
                                "verify",
                                "get",
                                "list",
                                "create",
                                "update",
                                "import",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge",
                            },
                            Secrets = new[]
                            {
                                "get",
                                "list",
                                "set",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge",
                            },
                        },
                        TenantId = "00000000-0000-0000-0000-000000000000",
                    },
                },
                EnabledForDeployment = true,
                EnabledForDiskEncryption = true,
                EnabledForTemplateDeployment = true,
                Sku = new AzureNative.KeyVault.Inputs.SkuArgs
                {
                    Family = "A",
                    Name = AzureNative.KeyVault.SkuName.Standard,
                },
                TenantId = "00000000-0000-0000-0000-000000000000",
            },
            ResourceGroupName = "sample-resource-group",
            VaultName = "sample-vault",
        });
    
    });
    

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.keyvault.Vault;
    import com.pulumi.azurenative.keyvault.VaultArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var vault = new Vault("vault", VaultArgs.builder()        
                .location("westus")
                .properties(Map.ofEntries(
                    Map.entry("accessPolicies", Map.ofEntries(
                        Map.entry("objectId", "00000000-0000-0000-0000-000000000000"),
                        Map.entry("permissions", Map.ofEntries(
                            Map.entry("certificates",                         
                                "get",
                                "list",
                                "delete",
                                "create",
                                "import",
                                "update",
                                "managecontacts",
                                "getissuers",
                                "listissuers",
                                "setissuers",
                                "deleteissuers",
                                "manageissuers",
                                "recover",
                                "purge"),
                            Map.entry("keys",                         
                                "encrypt",
                                "decrypt",
                                "wrapKey",
                                "unwrapKey",
                                "sign",
                                "verify",
                                "get",
                                "list",
                                "create",
                                "update",
                                "import",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge"),
                            Map.entry("secrets",                         
                                "get",
                                "list",
                                "set",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge")
                        )),
                        Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                    )),
                    Map.entry("enabledForDeployment", true),
                    Map.entry("enabledForDiskEncryption", true),
                    Map.entry("enabledForTemplateDeployment", true),
                    Map.entry("sku", Map.ofEntries(
                        Map.entry("family", "A"),
                        Map.entry("name", "standard")
                    )),
                    Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                ))
                .resourceGroupName("sample-resource-group")
                .vaultName("sample-vault")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    vault = azure_native.keyvault.Vault("vault",
        location="westus",
        properties=azure_native.keyvault.VaultPropertiesResponseArgs(
            access_policies=[{
                "objectId": "00000000-0000-0000-0000-000000000000",
                "permissions": azure_native.keyvault.PermissionsArgs(
                    certificates=[
                        "get",
                        "list",
                        "delete",
                        "create",
                        "import",
                        "update",
                        "managecontacts",
                        "getissuers",
                        "listissuers",
                        "setissuers",
                        "deleteissuers",
                        "manageissuers",
                        "recover",
                        "purge",
                    ],
                    keys=[
                        "encrypt",
                        "decrypt",
                        "wrapKey",
                        "unwrapKey",
                        "sign",
                        "verify",
                        "get",
                        "list",
                        "create",
                        "update",
                        "import",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                    secrets=[
                        "get",
                        "list",
                        "set",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                ),
                "tenantId": "00000000-0000-0000-0000-000000000000",
            }],
            enabled_for_deployment=True,
            enabled_for_disk_encryption=True,
            enabled_for_template_deployment=True,
            sku=azure_native.keyvault.SkuArgs(
                family="A",
                name=azure_native.keyvault.SkuName.STANDARD,
            ),
            tenant_id="00000000-0000-0000-0000-000000000000",
        ),
        resource_group_name="sample-resource-group",
        vault_name="sample-vault")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const vault = new azure_native.keyvault.Vault("vault", {
        location: "westus",
        properties: {
            accessPolicies: [{
                objectId: "00000000-0000-0000-0000-000000000000",
                permissions: {
                    certificates: [
                        "get",
                        "list",
                        "delete",
                        "create",
                        "import",
                        "update",
                        "managecontacts",
                        "getissuers",
                        "listissuers",
                        "setissuers",
                        "deleteissuers",
                        "manageissuers",
                        "recover",
                        "purge",
                    ],
                    keys: [
                        "encrypt",
                        "decrypt",
                        "wrapKey",
                        "unwrapKey",
                        "sign",
                        "verify",
                        "get",
                        "list",
                        "create",
                        "update",
                        "import",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                    secrets: [
                        "get",
                        "list",
                        "set",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                },
                tenantId: "00000000-0000-0000-0000-000000000000",
            }],
            enabledForDeployment: true,
            enabledForDiskEncryption: true,
            enabledForTemplateDeployment: true,
            sku: {
                family: "A",
                name: azure_native.keyvault.SkuName.Standard,
            },
            tenantId: "00000000-0000-0000-0000-000000000000",
        },
        resourceGroupName: "sample-resource-group",
        vaultName: "sample-vault",
    });
    
    resources:
      vault:
        type: azure-native:keyvault:Vault
        properties:
          location: westus
          properties:
            accessPolicies:
              - objectId: 00000000-0000-0000-0000-000000000000
                permissions:
                  certificates:
                    - get
                    - list
                    - delete
                    - create
                    - import
                    - update
                    - managecontacts
                    - getissuers
                    - listissuers
                    - setissuers
                    - deleteissuers
                    - manageissuers
                    - recover
                    - purge
                  keys:
                    - encrypt
                    - decrypt
                    - wrapKey
                    - unwrapKey
                    - sign
                    - verify
                    - get
                    - list
                    - create
                    - update
                    - import
                    - delete
                    - backup
                    - restore
                    - recover
                    - purge
                  secrets:
                    - get
                    - list
                    - set
                    - delete
                    - backup
                    - restore
                    - recover
                    - purge
                tenantId: 00000000-0000-0000-0000-000000000000
            enabledForDeployment: true
            enabledForDiskEncryption: true
            enabledForTemplateDeployment: true
            sku:
              family: A
              name: standard
            tenantId: 00000000-0000-0000-0000-000000000000
          resourceGroupName: sample-resource-group
          vaultName: sample-vault
    

    Create or update a vault with network acls

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var vault = new AzureNative.KeyVault.Vault("vault", new()
        {
            Location = "westus",
            Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
            {
                EnabledForDeployment = true,
                EnabledForDiskEncryption = true,
                EnabledForTemplateDeployment = true,
                NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
                {
                    Bypass = "AzureServices",
                    DefaultAction = "Deny",
                    IpRules = new[]
                    {
                        new AzureNative.KeyVault.Inputs.IPRuleArgs
                        {
                            Value = "124.56.78.91",
                        },
                        new AzureNative.KeyVault.Inputs.IPRuleArgs
                        {
                            Value = "'10.91.4.0/24'",
                        },
                    },
                    VirtualNetworkRules = new[]
                    {
                        new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
                        {
                            Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                        },
                    },
                },
                Sku = new AzureNative.KeyVault.Inputs.SkuArgs
                {
                    Family = "A",
                    Name = AzureNative.KeyVault.SkuName.Standard,
                },
                TenantId = "00000000-0000-0000-0000-000000000000",
            },
            ResourceGroupName = "sample-resource-group",
            VaultName = "sample-vault",
        });
    
    });
    

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.keyvault.Vault;
    import com.pulumi.azurenative.keyvault.VaultArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var vault = new Vault("vault", VaultArgs.builder()        
                .location("westus")
                .properties(Map.ofEntries(
                    Map.entry("enabledForDeployment", true),
                    Map.entry("enabledForDiskEncryption", true),
                    Map.entry("enabledForTemplateDeployment", true),
                    Map.entry("networkAcls", Map.ofEntries(
                        Map.entry("bypass", "AzureServices"),
                        Map.entry("defaultAction", "Deny"),
                        Map.entry("ipRules",                     
                            Map.of("value", "124.56.78.91"),
                            Map.of("value", "'10.91.4.0/24'")),
                        Map.entry("virtualNetworkRules", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"))
                    )),
                    Map.entry("sku", Map.ofEntries(
                        Map.entry("family", "A"),
                        Map.entry("name", "standard")
                    )),
                    Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                ))
                .resourceGroupName("sample-resource-group")
                .vaultName("sample-vault")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    vault = azure_native.keyvault.Vault("vault",
        location="westus",
        properties=azure_native.keyvault.VaultPropertiesResponseArgs(
            enabled_for_deployment=True,
            enabled_for_disk_encryption=True,
            enabled_for_template_deployment=True,
            network_acls={
                "bypass": "AzureServices",
                "defaultAction": "Deny",
                "ipRules": [
                    azure_native.keyvault.IPRuleArgs(
                        value="124.56.78.91",
                    ),
                    azure_native.keyvault.IPRuleArgs(
                        value="'10.91.4.0/24'",
                    ),
                ],
                "virtualNetworkRules": [azure_native.keyvault.VirtualNetworkRuleArgs(
                    id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                )],
            },
            sku=azure_native.keyvault.SkuArgs(
                family="A",
                name=azure_native.keyvault.SkuName.STANDARD,
            ),
            tenant_id="00000000-0000-0000-0000-000000000000",
        ),
        resource_group_name="sample-resource-group",
        vault_name="sample-vault")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const vault = new azure_native.keyvault.Vault("vault", {
        location: "westus",
        properties: {
            enabledForDeployment: true,
            enabledForDiskEncryption: true,
            enabledForTemplateDeployment: true,
            networkAcls: {
                bypass: "AzureServices",
                defaultAction: "Deny",
                ipRules: [
                    {
                        value: "124.56.78.91",
                    },
                    {
                        value: "'10.91.4.0/24'",
                    },
                ],
                virtualNetworkRules: [{
                    id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                }],
            },
            sku: {
                family: "A",
                name: azure_native.keyvault.SkuName.Standard,
            },
            tenantId: "00000000-0000-0000-0000-000000000000",
        },
        resourceGroupName: "sample-resource-group",
        vaultName: "sample-vault",
    });
    
    resources:
      vault:
        type: azure-native:keyvault:Vault
        properties:
          location: westus
          properties:
            enabledForDeployment: true
            enabledForDiskEncryption: true
            enabledForTemplateDeployment: true
            networkAcls:
              bypass: AzureServices
              defaultAction: Deny
              ipRules:
                - value: 124.56.78.91
                - value: '''10.91.4.0/24'''
              virtualNetworkRules:
                - id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1
            sku:
              family: A
              name: standard
            tenantId: 00000000-0000-0000-0000-000000000000
          resourceGroupName: sample-resource-group
          vaultName: sample-vault
    

    Create Vault Resource

    new Vault(name: string, args: VaultArgs, opts?: CustomResourceOptions);
    @overload
    def Vault(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              location: Optional[str] = None,
              properties: Optional[VaultPropertiesArgs] = None,
              resource_group_name: Optional[str] = None,
              tags: Optional[Mapping[str, str]] = None,
              vault_name: Optional[str] = None)
    @overload
    def Vault(resource_name: str,
              args: VaultArgs,
              opts: Optional[ResourceOptions] = None)
    func NewVault(ctx *Context, name string, args VaultArgs, opts ...ResourceOption) (*Vault, error)
    public Vault(string name, VaultArgs args, CustomResourceOptions? opts = null)
    public Vault(String name, VaultArgs args)
    public Vault(String name, VaultArgs args, CustomResourceOptions options)
    
    type: azure-native:keyvault:Vault
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Vault Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Vault resource accepts the following input properties:

    Properties Pulumi.AzureNative.KeyVault.Inputs.VaultPropertiesArgs

    Properties of the vault

    ResourceGroupName string

    The name of the Resource Group to which the server belongs.

    Location string

    The supported Azure location where the key vault should be created.

    Tags Dictionary<string, string>

    The tags that will be assigned to the key vault.

    VaultName string

    Name of the vault

    Properties VaultPropertiesArgs

    Properties of the vault

    ResourceGroupName string

    The name of the Resource Group to which the server belongs.

    Location string

    The supported Azure location where the key vault should be created.

    Tags map[string]string

    The tags that will be assigned to the key vault.

    VaultName string

    Name of the vault

    properties VaultPropertiesArgs

    Properties of the vault

    resourceGroupName String

    The name of the Resource Group to which the server belongs.

    location String

    The supported Azure location where the key vault should be created.

    tags Map<String,String>

    The tags that will be assigned to the key vault.

    vaultName String

    Name of the vault

    properties VaultPropertiesArgs

    Properties of the vault

    resourceGroupName string

    The name of the Resource Group to which the server belongs.

    location string

    The supported Azure location where the key vault should be created.

    tags {[key: string]: string}

    The tags that will be assigned to the key vault.

    vaultName string

    Name of the vault

    properties VaultPropertiesArgs

    Properties of the vault

    resource_group_name str

    The name of the Resource Group to which the server belongs.

    location str

    The supported Azure location where the key vault should be created.

    tags Mapping[str, str]

    The tags that will be assigned to the key vault.

    vault_name str

    Name of the vault

    properties Property Map

    Properties of the vault

    resourceGroupName String

    The name of the Resource Group to which the server belongs.

    location String

    The supported Azure location where the key vault should be created.

    tags Map<String>

    The tags that will be assigned to the key vault.

    vaultName String

    Name of the vault

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Vault resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    Name of the key vault resource.

    Type string

    Resource type of the key vault resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    Name of the key vault resource.

    Type string

    Resource type of the key vault resource.

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    Name of the key vault resource.

    type String

    Resource type of the key vault resource.

    id string

    The provider-assigned unique ID for this managed resource.

    name string

    Name of the key vault resource.

    type string

    Resource type of the key vault resource.

    id str

    The provider-assigned unique ID for this managed resource.

    name str

    Name of the key vault resource.

    type str

    Resource type of the key vault resource.

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    Name of the key vault resource.

    type String

    Resource type of the key vault resource.

    Supporting Types

    AccessPolicyEntry

    ObjectId string

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    Permissions Pulumi.AzureNative.KeyVault.Inputs.Permissions

    Permissions the identity has for keys, secrets and certificates.

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    ApplicationId string

    Application ID of the client making request on behalf of a principal

    ObjectId string

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    Permissions Permissions

    Permissions the identity has for keys, secrets and certificates.

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    ApplicationId string

    Application ID of the client making request on behalf of a principal

    objectId String

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions Permissions

    Permissions the identity has for keys, secrets and certificates.

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    applicationId String

    Application ID of the client making request on behalf of a principal

    objectId string

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions Permissions

    Permissions the identity has for keys, secrets and certificates.

    tenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    applicationId string

    Application ID of the client making request on behalf of a principal

    object_id str

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions Permissions

    Permissions the identity has for keys, secrets and certificates.

    tenant_id str

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    application_id str

    Application ID of the client making request on behalf of a principal

    objectId String

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions Property Map

    Permissions the identity has for keys, secrets and certificates.

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    applicationId String

    Application ID of the client making request on behalf of a principal

    AccessPolicyEntryResponse

    ObjectId string

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    Permissions Pulumi.AzureNative.KeyVault.Inputs.PermissionsResponse

    Permissions the identity has for keys, secrets and certificates.

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    ApplicationId string

    Application ID of the client making request on behalf of a principal

    ObjectId string

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    Permissions PermissionsResponse

    Permissions the identity has for keys, secrets and certificates.

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    ApplicationId string

    Application ID of the client making request on behalf of a principal

    objectId String

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions PermissionsResponse

    Permissions the identity has for keys, secrets and certificates.

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    applicationId String

    Application ID of the client making request on behalf of a principal

    objectId string

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions PermissionsResponse

    Permissions the identity has for keys, secrets and certificates.

    tenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    applicationId string

    Application ID of the client making request on behalf of a principal

    object_id str

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions PermissionsResponse

    Permissions the identity has for keys, secrets and certificates.

    tenant_id str

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    application_id str

    Application ID of the client making request on behalf of a principal

    objectId String

    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

    permissions Property Map

    Permissions the identity has for keys, secrets and certificates.

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    applicationId String

    Application ID of the client making request on behalf of a principal

    CertificatePermissions

    All
    all
    @Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    CertificatePermissionsAll
    all
    CertificatePermissionsGet
    get
    CertificatePermissionsList
    list
    CertificatePermissionsDelete
    delete
    CertificatePermissionsCreate
    create
    CertificatePermissionsImport
    import
    CertificatePermissionsUpdate
    update
    CertificatePermissionsManagecontacts
    managecontacts
    CertificatePermissionsGetissuers
    getissuers
    CertificatePermissionsListissuers
    listissuers
    CertificatePermissionsSetissuers
    setissuers
    CertificatePermissionsDeleteissuers
    deleteissuers
    CertificatePermissionsManageissuers
    manageissuers
    CertificatePermissionsRecover
    recover
    CertificatePermissionsPurge
    purge
    CertificatePermissionsBackup
    backup
    CertificatePermissionsRestore
    restore
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import_
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    ALL
    all
    GET
    get
    LIST
    list
    DELETE
    delete
    CREATE
    create
    IMPORT_
    import
    UPDATE
    update
    MANAGECONTACTS
    managecontacts
    GETISSUERS
    getissuers
    LISTISSUERS
    listissuers
    SETISSUERS
    setissuers
    DELETEISSUERS
    deleteissuers
    MANAGEISSUERS
    manageissuers
    RECOVER
    recover
    PURGE
    purge
    BACKUP
    backup
    RESTORE
    restore
    "all"
    all
    "get"
    get
    "list"
    list
    "delete"
    delete
    "create"
    create
    "import"
    import
    "update"
    update
    "managecontacts"
    managecontacts
    "getissuers"
    getissuers
    "listissuers"
    listissuers
    "setissuers"
    setissuers
    "deleteissuers"
    deleteissuers
    "manageissuers"
    manageissuers
    "recover"
    recover
    "purge"
    purge
    "backup"
    backup
    "restore"
    restore

    CreateMode

    Recover
    recover
    @Default
    default
    CreateModeRecover
    recover
    CreateModeDefault
    default
    Recover
    recover
    Default_
    default
    Recover
    recover
    Default
    default
    RECOVER
    recover
    DEFAULT
    default
    "recover"
    recover
    "default"
    default

    IPRule

    Value string

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    Value string

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value String

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value string

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value str

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value String

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    IPRuleResponse

    Value string

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    Value string

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value String

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value string

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value str

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    value String

    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    KeyPermissions

    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    @Get
    get
    List
    list
    Create
    create
    Update
    update
    Import
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    KeyPermissionsAll
    all
    KeyPermissionsEncrypt
    encrypt
    KeyPermissionsDecrypt
    decrypt
    KeyPermissionsWrapKey
    wrapKey
    KeyPermissionsUnwrapKey
    unwrapKey
    KeyPermissionsSign
    sign
    KeyPermissionsVerify
    verify
    KeyPermissionsGet
    get
    KeyPermissionsList
    list
    KeyPermissionsCreate
    create
    KeyPermissionsUpdate
    update
    KeyPermissionsImport
    import
    KeyPermissionsDelete
    delete
    KeyPermissionsBackup
    backup
    KeyPermissionsRestore
    restore
    KeyPermissionsRecover
    recover
    KeyPermissionsPurge
    purge
    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    Get
    get
    List
    list
    Create
    create
    Update
    update
    Import_
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    Get
    get
    List
    list
    Create
    create
    Update
    update
    Import
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    ALL
    all
    ENCRYPT
    encrypt
    DECRYPT
    decrypt
    WRAP_KEY
    wrapKey
    UNWRAP_KEY
    unwrapKey
    SIGN
    sign
    VERIFY
    verify
    GET
    get
    LIST
    list
    CREATE
    create
    UPDATE
    update
    IMPORT_
    import
    DELETE
    delete
    BACKUP
    backup
    RESTORE
    restore
    RECOVER
    recover
    PURGE
    purge
    "all"
    all
    "encrypt"
    encrypt
    "decrypt"
    decrypt
    "wrapKey"
    wrapKey
    "unwrapKey"
    unwrapKey
    "sign"
    sign
    "verify"
    verify
    "get"
    get
    "list"
    list
    "create"
    create
    "update"
    update
    "import"
    import
    "delete"
    delete
    "backup"
    backup
    "restore"
    restore
    "recover"
    recover
    "purge"
    purge

    NetworkRuleAction

    Allow
    Allow
    Deny
    Deny
    NetworkRuleActionAllow
    Allow
    NetworkRuleActionDeny
    Deny
    Allow
    Allow
    Deny
    Deny
    Allow
    Allow
    Deny
    Deny
    ALLOW
    Allow
    DENY
    Deny
    "Allow"
    Allow
    "Deny"
    Deny

    NetworkRuleBypassOptions

    AzureServices
    AzureServices
    None
    None
    NetworkRuleBypassOptionsAzureServices
    AzureServices
    NetworkRuleBypassOptionsNone
    None
    AzureServices
    AzureServices
    None
    None
    AzureServices
    AzureServices
    None
    None
    AZURE_SERVICES
    AzureServices
    NONE
    None
    "AzureServices"
    AzureServices
    "None"
    None

    NetworkRuleSet

    Bypass string | Pulumi.AzureNative.KeyVault.NetworkRuleBypassOptions

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    DefaultAction string | Pulumi.AzureNative.KeyVault.NetworkRuleAction

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRule>

    The list of IP address rules.

    VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRule>

    The list of virtual network rules.

    Bypass string | NetworkRuleBypassOptions

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    DefaultAction string | NetworkRuleAction

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    IpRules []IPRule

    The list of IP address rules.

    VirtualNetworkRules []VirtualNetworkRule

    The list of virtual network rules.

    bypass String | NetworkRuleBypassOptions

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    defaultAction String | NetworkRuleAction

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ipRules List<IPRule>

    The list of IP address rules.

    virtualNetworkRules List<VirtualNetworkRule>

    The list of virtual network rules.

    bypass string | NetworkRuleBypassOptions

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    defaultAction string | NetworkRuleAction

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ipRules IPRule[]

    The list of IP address rules.

    virtualNetworkRules VirtualNetworkRule[]

    The list of virtual network rules.

    bypass str | NetworkRuleBypassOptions

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    default_action str | NetworkRuleAction

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ip_rules Sequence[IPRule]

    The list of IP address rules.

    virtual_network_rules Sequence[VirtualNetworkRule]

    The list of virtual network rules.

    bypass String | "AzureServices" | "None"

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    defaultAction String | "Allow" | "Deny"

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ipRules List<Property Map>

    The list of IP address rules.

    virtualNetworkRules List<Property Map>

    The list of virtual network rules.

    NetworkRuleSetResponse

    Bypass string

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    DefaultAction string

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRuleResponse>

    The list of IP address rules.

    VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRuleResponse>

    The list of virtual network rules.

    Bypass string

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    DefaultAction string

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    IpRules []IPRuleResponse

    The list of IP address rules.

    VirtualNetworkRules []VirtualNetworkRuleResponse

    The list of virtual network rules.

    bypass String

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    defaultAction String

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ipRules List<IPRuleResponse>

    The list of IP address rules.

    virtualNetworkRules List<VirtualNetworkRuleResponse>

    The list of virtual network rules.

    bypass string

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    defaultAction string

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ipRules IPRuleResponse[]

    The list of IP address rules.

    virtualNetworkRules VirtualNetworkRuleResponse[]

    The list of virtual network rules.

    bypass str

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    default_action str

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ip_rules Sequence[IPRuleResponse]

    The list of IP address rules.

    virtual_network_rules Sequence[VirtualNetworkRuleResponse]

    The list of virtual network rules.

    bypass String

    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

    defaultAction String

    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

    ipRules List<Property Map>

    The list of IP address rules.

    virtualNetworkRules List<Property Map>

    The list of virtual network rules.

    Permissions

    Certificates List<Union<string, Pulumi.AzureNative.KeyVault.CertificatePermissions>>

    Permissions to certificates

    Keys List<Union<string, Pulumi.AzureNative.KeyVault.KeyPermissions>>

    Permissions to keys

    Secrets List<Union<string, Pulumi.AzureNative.KeyVault.SecretPermissions>>

    Permissions to secrets

    Storage List<Union<string, Pulumi.AzureNative.KeyVault.StoragePermissions>>

    Permissions to storage accounts

    Certificates []string

    Permissions to certificates

    Keys []string

    Permissions to keys

    Secrets []string

    Permissions to secrets

    Storage []string

    Permissions to storage accounts

    certificates List<Either<String,CertificatePermissions>>

    Permissions to certificates

    keys List<Either<String,KeyPermissions>>

    Permissions to keys

    secrets List<Either<String,SecretPermissions>>

    Permissions to secrets

    storage List<Either<String,StoragePermissions>>

    Permissions to storage accounts

    certificates (string | CertificatePermissions)[]

    Permissions to certificates

    keys (string | KeyPermissions)[]

    Permissions to keys

    secrets (string | SecretPermissions)[]

    Permissions to secrets

    storage (string | StoragePermissions)[]

    Permissions to storage accounts

    certificates Sequence[Union[str, CertificatePermissions]]

    Permissions to certificates

    keys Sequence[Union[str, KeyPermissions]]

    Permissions to keys

    secrets Sequence[Union[str, SecretPermissions]]

    Permissions to secrets

    storage Sequence[Union[str, StoragePermissions]]

    Permissions to storage accounts

    certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">

    Permissions to certificates

    keys List<String | "all" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge">

    Permissions to keys

    secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">

    Permissions to secrets

    storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">

    Permissions to storage accounts

    PermissionsResponse

    Certificates List<string>

    Permissions to certificates

    Keys List<string>

    Permissions to keys

    Secrets List<string>

    Permissions to secrets

    Storage List<string>

    Permissions to storage accounts

    Certificates []string

    Permissions to certificates

    Keys []string

    Permissions to keys

    Secrets []string

    Permissions to secrets

    Storage []string

    Permissions to storage accounts

    certificates List<String>

    Permissions to certificates

    keys List<String>

    Permissions to keys

    secrets List<String>

    Permissions to secrets

    storage List<String>

    Permissions to storage accounts

    certificates string[]

    Permissions to certificates

    keys string[]

    Permissions to keys

    secrets string[]

    Permissions to secrets

    storage string[]

    Permissions to storage accounts

    certificates Sequence[str]

    Permissions to certificates

    keys Sequence[str]

    Permissions to keys

    secrets Sequence[str]

    Permissions to secrets

    storage Sequence[str]

    Permissions to storage accounts

    certificates List<String>

    Permissions to certificates

    keys List<String>

    Permissions to keys

    secrets List<String>

    Permissions to secrets

    storage List<String>

    Permissions to storage accounts

    PrivateEndpointConnectionItemResponse

    ProvisioningState string

    Provisioning state of the private endpoint connection.

    Etag string

    Modified whenever there is a change in the state of private endpoint connection.

    Id string

    Id of private endpoint connection.

    PrivateEndpoint Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointResponse

    Properties of the private endpoint object.

    PrivateLinkServiceConnectionState Pulumi.AzureNative.KeyVault.Inputs.PrivateLinkServiceConnectionStateResponse

    Approval state of the private link connection.

    ProvisioningState string

    Provisioning state of the private endpoint connection.

    Etag string

    Modified whenever there is a change in the state of private endpoint connection.

    Id string

    Id of private endpoint connection.

    PrivateEndpoint PrivateEndpointResponse

    Properties of the private endpoint object.

    PrivateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse

    Approval state of the private link connection.

    provisioningState String

    Provisioning state of the private endpoint connection.

    etag String

    Modified whenever there is a change in the state of private endpoint connection.

    id String

    Id of private endpoint connection.

    privateEndpoint PrivateEndpointResponse

    Properties of the private endpoint object.

    privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse

    Approval state of the private link connection.

    provisioningState string

    Provisioning state of the private endpoint connection.

    etag string

    Modified whenever there is a change in the state of private endpoint connection.

    id string

    Id of private endpoint connection.

    privateEndpoint PrivateEndpointResponse

    Properties of the private endpoint object.

    privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse

    Approval state of the private link connection.

    provisioning_state str

    Provisioning state of the private endpoint connection.

    etag str

    Modified whenever there is a change in the state of private endpoint connection.

    id str

    Id of private endpoint connection.

    private_endpoint PrivateEndpointResponse

    Properties of the private endpoint object.

    private_link_service_connection_state PrivateLinkServiceConnectionStateResponse

    Approval state of the private link connection.

    provisioningState String

    Provisioning state of the private endpoint connection.

    etag String

    Modified whenever there is a change in the state of private endpoint connection.

    id String

    Id of private endpoint connection.

    privateEndpoint Property Map

    Properties of the private endpoint object.

    privateLinkServiceConnectionState Property Map

    Approval state of the private link connection.

    PrivateEndpointResponse

    Id string

    Full identifier of the private endpoint resource.

    Id string

    Full identifier of the private endpoint resource.

    id String

    Full identifier of the private endpoint resource.

    id string

    Full identifier of the private endpoint resource.

    id str

    Full identifier of the private endpoint resource.

    id String

    Full identifier of the private endpoint resource.

    PrivateLinkServiceConnectionStateResponse

    ActionsRequired string

    A message indicating if changes on the service provider require any updates on the consumer.

    Description string

    The reason for approval or rejection.

    Status string

    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    ActionsRequired string

    A message indicating if changes on the service provider require any updates on the consumer.

    Description string

    The reason for approval or rejection.

    Status string

    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    actionsRequired String

    A message indicating if changes on the service provider require any updates on the consumer.

    description String

    The reason for approval or rejection.

    status String

    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    actionsRequired string

    A message indicating if changes on the service provider require any updates on the consumer.

    description string

    The reason for approval or rejection.

    status string

    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    actions_required str

    A message indicating if changes on the service provider require any updates on the consumer.

    description str

    The reason for approval or rejection.

    status str

    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    actionsRequired String

    A message indicating if changes on the service provider require any updates on the consumer.

    description String

    The reason for approval or rejection.

    status String

    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    SecretPermissions

    All
    all
    @Get
    get
    List
    list
    @Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    SecretPermissionsAll
    all
    SecretPermissionsGet
    get
    SecretPermissionsList
    list
    SecretPermissionsSet
    set
    SecretPermissionsDelete
    delete
    SecretPermissionsBackup
    backup
    SecretPermissionsRestore
    restore
    SecretPermissionsRecover
    recover
    SecretPermissionsPurge
    purge
    All
    all
    Get
    get
    List
    list
    Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    All
    all
    Get
    get
    List
    list
    Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    ALL
    all
    GET
    get
    LIST
    list
    SET
    set
    DELETE
    delete
    BACKUP
    backup
    RESTORE
    restore
    RECOVER
    recover
    PURGE
    purge
    "all"
    all
    "get"
    get
    "list"
    list
    "set"
    set
    "delete"
    delete
    "backup"
    backup
    "restore"
    restore
    "recover"
    recover
    "purge"
    purge

    Sku

    Family string | Pulumi.AzureNative.KeyVault.SkuFamily

    SKU family name

    Name Pulumi.AzureNative.KeyVault.SkuName

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    Family string | SkuFamily

    SKU family name

    Name SkuName

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family String | SkuFamily

    SKU family name

    name SkuName

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family string | SkuFamily

    SKU family name

    name SkuName

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family str | SkuFamily

    SKU family name

    name SkuName

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family String | "A"

    SKU family name

    name "standard" | "premium"

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    SkuFamily

    A
    A
    SkuFamilyA
    A
    A
    A
    A
    A
    A
    A
    "A"
    A

    SkuName

    Standard
    standard
    Premium
    premium
    SkuNameStandard
    standard
    SkuNamePremium
    premium
    Standard
    standard
    Premium
    premium
    Standard
    standard
    Premium
    premium
    STANDARD
    standard
    PREMIUM
    premium
    "standard"
    standard
    "premium"
    premium

    SkuResponse

    Family string

    SKU family name

    Name string

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    Family string

    SKU family name

    Name string

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family String

    SKU family name

    name String

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family string

    SKU family name

    name string

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family str

    SKU family name

    name str

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    family String

    SKU family name

    name String

    SKU name to specify whether the key vault is a standard vault or a premium vault.

    StoragePermissions

    All
    all
    @Get
    get
    List
    list
    Delete
    delete
    @Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    StoragePermissionsAll
    all
    StoragePermissionsGet
    get
    StoragePermissionsList
    list
    StoragePermissionsDelete
    delete
    StoragePermissionsSet
    set
    StoragePermissionsUpdate
    update
    StoragePermissionsRegeneratekey
    regeneratekey
    StoragePermissionsRecover
    recover
    StoragePermissionsPurge
    purge
    StoragePermissionsBackup
    backup
    StoragePermissionsRestore
    restore
    StoragePermissionsSetsas
    setsas
    StoragePermissionsListsas
    listsas
    StoragePermissionsGetsas
    getsas
    StoragePermissionsDeletesas
    deletesas
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    ALL
    all
    GET
    get
    LIST
    list
    DELETE
    delete
    SET
    set
    UPDATE
    update
    REGENERATEKEY
    regeneratekey
    RECOVER
    recover
    PURGE
    purge
    BACKUP
    backup
    RESTORE
    restore
    SETSAS
    setsas
    LISTSAS
    listsas
    GETSAS
    getsas
    DELETESAS
    deletesas
    "all"
    all
    "get"
    get
    "list"
    list
    "delete"
    delete
    "set"
    set
    "update"
    update
    "regeneratekey"
    regeneratekey
    "recover"
    recover
    "purge"
    purge
    "backup"
    backup
    "restore"
    restore
    "setsas"
    setsas
    "listsas"
    listsas
    "getsas"
    getsas
    "deletesas"
    deletesas

    VaultProperties

    Sku Pulumi.AzureNative.KeyVault.Inputs.Sku

    SKU details

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntry>

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    CreateMode Pulumi.AzureNative.KeyVault.CreateMode

    The vault's create mode to indicate whether the vault need to be recovered or not.

    EnablePurgeProtection bool

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    EnableRbacAuthorization bool

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    EnableSoftDelete bool

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    EnabledForDeployment bool

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    EnabledForDiskEncryption bool

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    EnabledForTemplateDeployment bool

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSet

    Rules governing the accessibility of the key vault from specific network locations.

    ProvisioningState string | Pulumi.AzureNative.KeyVault.VaultProvisioningState

    Provisioning state of the vault.

    SoftDeleteRetentionInDays int

    softDelete data retention days. It accepts >=7 and <=90.

    VaultUri string

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    Sku Sku

    SKU details

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    AccessPolicies []AccessPolicyEntry

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    CreateMode CreateMode

    The vault's create mode to indicate whether the vault need to be recovered or not.

    EnablePurgeProtection bool

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    EnableRbacAuthorization bool

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    EnableSoftDelete bool

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    EnabledForDeployment bool

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    EnabledForDiskEncryption bool

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    EnabledForTemplateDeployment bool

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    NetworkAcls NetworkRuleSet

    Rules governing the accessibility of the key vault from specific network locations.

    ProvisioningState string | VaultProvisioningState

    Provisioning state of the vault.

    SoftDeleteRetentionInDays int

    softDelete data retention days. It accepts >=7 and <=90.

    VaultUri string

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    sku Sku

    SKU details

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    accessPolicies List<AccessPolicyEntry>

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    createMode CreateMode

    The vault's create mode to indicate whether the vault need to be recovered or not.

    enablePurgeProtection Boolean

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enableRbacAuthorization Boolean

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enableSoftDelete Boolean

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabledForDeployment Boolean

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabledForDiskEncryption Boolean

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabledForTemplateDeployment Boolean

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    networkAcls NetworkRuleSet

    Rules governing the accessibility of the key vault from specific network locations.

    provisioningState String | VaultProvisioningState

    Provisioning state of the vault.

    softDeleteRetentionInDays Integer

    softDelete data retention days. It accepts >=7 and <=90.

    vaultUri String

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    sku Sku

    SKU details

    tenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    accessPolicies AccessPolicyEntry[]

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    createMode CreateMode

    The vault's create mode to indicate whether the vault need to be recovered or not.

    enablePurgeProtection boolean

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enableRbacAuthorization boolean

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enableSoftDelete boolean

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabledForDeployment boolean

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabledForDiskEncryption boolean

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabledForTemplateDeployment boolean

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    networkAcls NetworkRuleSet

    Rules governing the accessibility of the key vault from specific network locations.

    provisioningState string | VaultProvisioningState

    Provisioning state of the vault.

    softDeleteRetentionInDays number

    softDelete data retention days. It accepts >=7 and <=90.

    vaultUri string

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    sku Sku

    SKU details

    tenant_id str

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    access_policies Sequence[AccessPolicyEntry]

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    create_mode CreateMode

    The vault's create mode to indicate whether the vault need to be recovered or not.

    enable_purge_protection bool

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enable_rbac_authorization bool

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enable_soft_delete bool

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabled_for_deployment bool

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabled_for_disk_encryption bool

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabled_for_template_deployment bool

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    network_acls NetworkRuleSet

    Rules governing the accessibility of the key vault from specific network locations.

    provisioning_state str | VaultProvisioningState

    Provisioning state of the vault.

    soft_delete_retention_in_days int

    softDelete data retention days. It accepts >=7 and <=90.

    vault_uri str

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    sku Property Map

    SKU details

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    accessPolicies List<Property Map>

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    createMode "recover" | "default"

    The vault's create mode to indicate whether the vault need to be recovered or not.

    enablePurgeProtection Boolean

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enableRbacAuthorization Boolean

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enableSoftDelete Boolean

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabledForDeployment Boolean

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabledForDiskEncryption Boolean

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabledForTemplateDeployment Boolean

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    networkAcls Property Map

    Rules governing the accessibility of the key vault from specific network locations.

    provisioningState String | "Succeeded" | "RegisteringDns"

    Provisioning state of the vault.

    softDeleteRetentionInDays Number

    softDelete data retention days. It accepts >=7 and <=90.

    vaultUri String

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    VaultPropertiesResponse

    HsmPoolResourceId string

    The resource id of HSM Pool.

    PrivateEndpointConnections List<Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointConnectionItemResponse>

    List of private endpoint connections associated with the key vault.

    Sku Pulumi.AzureNative.KeyVault.Inputs.SkuResponse

    SKU details

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntryResponse>

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    EnablePurgeProtection bool

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    EnableRbacAuthorization bool

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    EnableSoftDelete bool

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    EnabledForDeployment bool

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    EnabledForDiskEncryption bool

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    EnabledForTemplateDeployment bool

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSetResponse

    Rules governing the accessibility of the key vault from specific network locations.

    ProvisioningState string

    Provisioning state of the vault.

    SoftDeleteRetentionInDays int

    softDelete data retention days. It accepts >=7 and <=90.

    VaultUri string

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    HsmPoolResourceId string

    The resource id of HSM Pool.

    PrivateEndpointConnections []PrivateEndpointConnectionItemResponse

    List of private endpoint connections associated with the key vault.

    Sku SkuResponse

    SKU details

    TenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    AccessPolicies []AccessPolicyEntryResponse

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    EnablePurgeProtection bool

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    EnableRbacAuthorization bool

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    EnableSoftDelete bool

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    EnabledForDeployment bool

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    EnabledForDiskEncryption bool

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    EnabledForTemplateDeployment bool

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    NetworkAcls NetworkRuleSetResponse

    Rules governing the accessibility of the key vault from specific network locations.

    ProvisioningState string

    Provisioning state of the vault.

    SoftDeleteRetentionInDays int

    softDelete data retention days. It accepts >=7 and <=90.

    VaultUri string

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    hsmPoolResourceId String

    The resource id of HSM Pool.

    privateEndpointConnections List<PrivateEndpointConnectionItemResponse>

    List of private endpoint connections associated with the key vault.

    sku SkuResponse

    SKU details

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    accessPolicies List<AccessPolicyEntryResponse>

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    enablePurgeProtection Boolean

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enableRbacAuthorization Boolean

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enableSoftDelete Boolean

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabledForDeployment Boolean

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabledForDiskEncryption Boolean

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabledForTemplateDeployment Boolean

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    networkAcls NetworkRuleSetResponse

    Rules governing the accessibility of the key vault from specific network locations.

    provisioningState String

    Provisioning state of the vault.

    softDeleteRetentionInDays Integer

    softDelete data retention days. It accepts >=7 and <=90.

    vaultUri String

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    hsmPoolResourceId string

    The resource id of HSM Pool.

    privateEndpointConnections PrivateEndpointConnectionItemResponse[]

    List of private endpoint connections associated with the key vault.

    sku SkuResponse

    SKU details

    tenantId string

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    accessPolicies AccessPolicyEntryResponse[]

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    enablePurgeProtection boolean

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enableRbacAuthorization boolean

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enableSoftDelete boolean

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabledForDeployment boolean

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabledForDiskEncryption boolean

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabledForTemplateDeployment boolean

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    networkAcls NetworkRuleSetResponse

    Rules governing the accessibility of the key vault from specific network locations.

    provisioningState string

    Provisioning state of the vault.

    softDeleteRetentionInDays number

    softDelete data retention days. It accepts >=7 and <=90.

    vaultUri string

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    hsm_pool_resource_id str

    The resource id of HSM Pool.

    private_endpoint_connections Sequence[PrivateEndpointConnectionItemResponse]

    List of private endpoint connections associated with the key vault.

    sku SkuResponse

    SKU details

    tenant_id str

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    access_policies Sequence[AccessPolicyEntryResponse]

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    enable_purge_protection bool

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enable_rbac_authorization bool

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enable_soft_delete bool

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabled_for_deployment bool

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabled_for_disk_encryption bool

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabled_for_template_deployment bool

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    network_acls NetworkRuleSetResponse

    Rules governing the accessibility of the key vault from specific network locations.

    provisioning_state str

    Provisioning state of the vault.

    soft_delete_retention_in_days int

    softDelete data retention days. It accepts >=7 and <=90.

    vault_uri str

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    hsmPoolResourceId String

    The resource id of HSM Pool.

    privateEndpointConnections List<Property Map>

    List of private endpoint connections associated with the key vault.

    sku Property Map

    SKU details

    tenantId String

    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

    accessPolicies List<Property Map>

    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.

    enablePurgeProtection Boolean

    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.

    enableRbacAuthorization Boolean

    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.

    enableSoftDelete Boolean

    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.

    enabledForDeployment Boolean

    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.

    enabledForDiskEncryption Boolean

    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.

    enabledForTemplateDeployment Boolean

    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

    networkAcls Property Map

    Rules governing the accessibility of the key vault from specific network locations.

    provisioningState String

    Provisioning state of the vault.

    softDeleteRetentionInDays Number

    softDelete data retention days. It accepts >=7 and <=90.

    vaultUri String

    The URI of the vault for performing operations on keys and secrets. This property is readonly

    VaultProvisioningState

    Succeeded
    Succeeded
    RegisteringDns
    RegisteringDns
    VaultProvisioningStateSucceeded
    Succeeded
    VaultProvisioningStateRegisteringDns
    RegisteringDns
    Succeeded
    Succeeded
    RegisteringDns
    RegisteringDns
    Succeeded
    Succeeded
    RegisteringDns
    RegisteringDns
    SUCCEEDED
    Succeeded
    REGISTERING_DNS
    RegisteringDns
    "Succeeded"
    Succeeded
    "RegisteringDns"
    RegisteringDns

    VirtualNetworkRule

    Id string

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    IgnoreMissingVnetServiceEndpoint bool

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    Id string

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    IgnoreMissingVnetServiceEndpoint bool

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id String

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignoreMissingVnetServiceEndpoint Boolean

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id string

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignoreMissingVnetServiceEndpoint boolean

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id str

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignore_missing_vnet_service_endpoint bool

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id String

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignoreMissingVnetServiceEndpoint Boolean

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    VirtualNetworkRuleResponse

    Id string

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    IgnoreMissingVnetServiceEndpoint bool

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    Id string

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    IgnoreMissingVnetServiceEndpoint bool

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id String

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignoreMissingVnetServiceEndpoint Boolean

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id string

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignoreMissingVnetServiceEndpoint boolean

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id str

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignore_missing_vnet_service_endpoint bool

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    id String

    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

    ignoreMissingVnetServiceEndpoint Boolean

    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:keyvault:Vault sample-vault /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    Azure Native v1.103.0 published on Friday, Jun 2, 2023 by Pulumi