Docs Home
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.4.0 published on Wednesday, May 7, 2025 by Pulumi
azure-native.keyvault.Vault
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.4.0 published on Wednesday, May 7, 2025 by Pulumi
Resource information with extended details.
Uses Azure REST API version 2024-11-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01.
Other available API versions: 2023-02-01, 2023-07-01, 2024-04-01-preview, 2024-12-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native keyvault [ApiVersion]. See the version guide for details.
Example Usage
Create a new vault or update an existing vault
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var vault = new AzureNative.KeyVault.Vault("vault", new()
{
Location = "westus",
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
AccessPolicies = new[]
{
new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
{
ObjectId = "00000000-0000-0000-0000-000000000000",
Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
{
Certificates = new[]
{
AzureNative.KeyVault.CertificatePermissions.@Get,
AzureNative.KeyVault.CertificatePermissions.List,
AzureNative.KeyVault.CertificatePermissions.Delete,
AzureNative.KeyVault.CertificatePermissions.Create,
AzureNative.KeyVault.CertificatePermissions.Import,
AzureNative.KeyVault.CertificatePermissions.Update,
AzureNative.KeyVault.CertificatePermissions.Managecontacts,
AzureNative.KeyVault.CertificatePermissions.Getissuers,
AzureNative.KeyVault.CertificatePermissions.Listissuers,
AzureNative.KeyVault.CertificatePermissions.Setissuers,
AzureNative.KeyVault.CertificatePermissions.Deleteissuers,
AzureNative.KeyVault.CertificatePermissions.Manageissuers,
AzureNative.KeyVault.CertificatePermissions.Recover,
AzureNative.KeyVault.CertificatePermissions.Purge,
},
Keys = new[]
{
AzureNative.KeyVault.KeyPermissions.Encrypt,
AzureNative.KeyVault.KeyPermissions.Decrypt,
AzureNative.KeyVault.KeyPermissions.WrapKey,
AzureNative.KeyVault.KeyPermissions.UnwrapKey,
AzureNative.KeyVault.KeyPermissions.Sign,
AzureNative.KeyVault.KeyPermissions.Verify,
AzureNative.KeyVault.KeyPermissions.@Get,
AzureNative.KeyVault.KeyPermissions.List,
AzureNative.KeyVault.KeyPermissions.Create,
AzureNative.KeyVault.KeyPermissions.Update,
AzureNative.KeyVault.KeyPermissions.Import,
AzureNative.KeyVault.KeyPermissions.Delete,
AzureNative.KeyVault.KeyPermissions.Backup,
AzureNative.KeyVault.KeyPermissions.Restore,
AzureNative.KeyVault.KeyPermissions.Recover,
AzureNative.KeyVault.KeyPermissions.Purge,
},
Secrets = new[]
{
AzureNative.KeyVault.SecretPermissions.@Get,
AzureNative.KeyVault.SecretPermissions.List,
AzureNative.KeyVault.SecretPermissions.@Set,
AzureNative.KeyVault.SecretPermissions.Delete,
AzureNative.KeyVault.SecretPermissions.Backup,
AzureNative.KeyVault.SecretPermissions.Restore,
AzureNative.KeyVault.SecretPermissions.Recover,
AzureNative.KeyVault.SecretPermissions.Purge,
},
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
},
EnabledForDeployment = true,
EnabledForDiskEncryption = true,
EnabledForTemplateDeployment = true,
PublicNetworkAccess = "Enabled",
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Family = AzureNative.KeyVault.SkuFamily.A,
Name = AzureNative.KeyVault.SkuName.Standard,
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
ResourceGroupName = "sample-resource-group",
VaultName = "sample-vault",
});
});
package main
import (
keyvault "github.com/pulumi/pulumi-azure-native-sdk/keyvault/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keyvault.NewVault(ctx, "vault", &keyvault.VaultArgs{
Location: pulumi.String("westus"),
Properties: &keyvault.VaultPropertiesArgs{
AccessPolicies: keyvault.AccessPolicyEntryArray{
&keyvault.AccessPolicyEntryArgs{
ObjectId: pulumi.String("00000000-0000-0000-0000-000000000000"),
Permissions: &keyvault.PermissionsArgs{
Certificates: pulumi.StringArray{
pulumi.String(keyvault.CertificatePermissionsGet),
pulumi.String(keyvault.CertificatePermissionsList),
pulumi.String(keyvault.CertificatePermissionsDelete),
pulumi.String(keyvault.CertificatePermissionsCreate),
pulumi.String(keyvault.CertificatePermissionsImport),
pulumi.String(keyvault.CertificatePermissionsUpdate),
pulumi.String(keyvault.CertificatePermissionsManagecontacts),
pulumi.String(keyvault.CertificatePermissionsGetissuers),
pulumi.String(keyvault.CertificatePermissionsListissuers),
pulumi.String(keyvault.CertificatePermissionsSetissuers),
pulumi.String(keyvault.CertificatePermissionsDeleteissuers),
pulumi.String(keyvault.CertificatePermissionsManageissuers),
pulumi.String(keyvault.CertificatePermissionsRecover),
pulumi.String(keyvault.CertificatePermissionsPurge),
},
Keys: pulumi.StringArray{
pulumi.String(keyvault.KeyPermissionsEncrypt),
pulumi.String(keyvault.KeyPermissionsDecrypt),
pulumi.String(keyvault.KeyPermissionsWrapKey),
pulumi.String(keyvault.KeyPermissionsUnwrapKey),
pulumi.String(keyvault.KeyPermissionsSign),
pulumi.String(keyvault.KeyPermissionsVerify),
pulumi.String(keyvault.KeyPermissionsGet),
pulumi.String(keyvault.KeyPermissionsList),
pulumi.String(keyvault.KeyPermissionsCreate),
pulumi.String(keyvault.KeyPermissionsUpdate),
pulumi.String(keyvault.KeyPermissionsImport),
pulumi.String(keyvault.KeyPermissionsDelete),
pulumi.String(keyvault.KeyPermissionsBackup),
pulumi.String(keyvault.KeyPermissionsRestore),
pulumi.String(keyvault.KeyPermissionsRecover),
pulumi.String(keyvault.KeyPermissionsPurge),
},
Secrets: pulumi.StringArray{
pulumi.String(keyvault.SecretPermissionsGet),
pulumi.String(keyvault.SecretPermissionsList),
pulumi.String(keyvault.SecretPermissionsSet),
pulumi.String(keyvault.SecretPermissionsDelete),
pulumi.String(keyvault.SecretPermissionsBackup),
pulumi.String(keyvault.SecretPermissionsRestore),
pulumi.String(keyvault.SecretPermissionsRecover),
pulumi.String(keyvault.SecretPermissionsPurge),
},
},
TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
},
},
EnabledForDeployment: pulumi.Bool(true),
EnabledForDiskEncryption: pulumi.Bool(true),
EnabledForTemplateDeployment: pulumi.Bool(true),
PublicNetworkAccess: pulumi.String("Enabled"),
Sku: &keyvault.SkuArgs{
Family: pulumi.String(keyvault.SkuFamilyA),
Name: keyvault.SkuNameStandard,
},
TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
},
ResourceGroupName: pulumi.String("sample-resource-group"),
VaultName: pulumi.String("sample-vault"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import com.pulumi.azurenative.keyvault.inputs.VaultPropertiesArgs;
import com.pulumi.azurenative.keyvault.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vault = new Vault("vault", VaultArgs.builder()
.location("westus")
.properties(VaultPropertiesArgs.builder()
.accessPolicies(AccessPolicyEntryArgs.builder()
.objectId("00000000-0000-0000-0000-000000000000")
.permissions(PermissionsArgs.builder()
.certificates(
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge")
.keys(
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge")
.secrets(
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge")
.build())
.tenantId("00000000-0000-0000-0000-000000000000")
.build())
.enabledForDeployment(true)
.enabledForDiskEncryption(true)
.enabledForTemplateDeployment(true)
.publicNetworkAccess("Enabled")
.sku(SkuArgs.builder()
.family("A")
.name("standard")
.build())
.tenantId("00000000-0000-0000-0000-000000000000")
.build())
.resourceGroupName("sample-resource-group")
.vaultName("sample-vault")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const vault = new azure_native.keyvault.Vault("vault", {
location: "westus",
properties: {
accessPolicies: [{
objectId: "00000000-0000-0000-0000-000000000000",
permissions: {
certificates: [
azure_native.keyvault.CertificatePermissions.Get,
azure_native.keyvault.CertificatePermissions.List,
azure_native.keyvault.CertificatePermissions.Delete,
azure_native.keyvault.CertificatePermissions.Create,
azure_native.keyvault.CertificatePermissions.Import,
azure_native.keyvault.CertificatePermissions.Update,
azure_native.keyvault.CertificatePermissions.Managecontacts,
azure_native.keyvault.CertificatePermissions.Getissuers,
azure_native.keyvault.CertificatePermissions.Listissuers,
azure_native.keyvault.CertificatePermissions.Setissuers,
azure_native.keyvault.CertificatePermissions.Deleteissuers,
azure_native.keyvault.CertificatePermissions.Manageissuers,
azure_native.keyvault.CertificatePermissions.Recover,
azure_native.keyvault.CertificatePermissions.Purge,
],
keys: [
azure_native.keyvault.KeyPermissions.Encrypt,
azure_native.keyvault.KeyPermissions.Decrypt,
azure_native.keyvault.KeyPermissions.WrapKey,
azure_native.keyvault.KeyPermissions.UnwrapKey,
azure_native.keyvault.KeyPermissions.Sign,
azure_native.keyvault.KeyPermissions.Verify,
azure_native.keyvault.KeyPermissions.Get,
azure_native.keyvault.KeyPermissions.List,
azure_native.keyvault.KeyPermissions.Create,
azure_native.keyvault.KeyPermissions.Update,
azure_native.keyvault.KeyPermissions.Import,
azure_native.keyvault.KeyPermissions.Delete,
azure_native.keyvault.KeyPermissions.Backup,
azure_native.keyvault.KeyPermissions.Restore,
azure_native.keyvault.KeyPermissions.Recover,
azure_native.keyvault.KeyPermissions.Purge,
],
secrets: [
azure_native.keyvault.SecretPermissions.Get,
azure_native.keyvault.SecretPermissions.List,
azure_native.keyvault.SecretPermissions.Set,
azure_native.keyvault.SecretPermissions.Delete,
azure_native.keyvault.SecretPermissions.Backup,
azure_native.keyvault.SecretPermissions.Restore,
azure_native.keyvault.SecretPermissions.Recover,
azure_native.keyvault.SecretPermissions.Purge,
],
},
tenantId: "00000000-0000-0000-0000-000000000000",
}],
enabledForDeployment: true,
enabledForDiskEncryption: true,
enabledForTemplateDeployment: true,
publicNetworkAccess: "Enabled",
sku: {
family: azure_native.keyvault.SkuFamily.A,
name: azure_native.keyvault.SkuName.Standard,
},
tenantId: "00000000-0000-0000-0000-000000000000",
},
resourceGroupName: "sample-resource-group",
vaultName: "sample-vault",
});
import pulumi
import pulumi_azure_native as azure_native
vault = azure_native.keyvault.Vault("vault",
location="westus",
properties={
"access_policies": [{
"object_id": "00000000-0000-0000-0000-000000000000",
"permissions": {
"certificates": [
azure_native.keyvault.CertificatePermissions.GET,
azure_native.keyvault.CertificatePermissions.LIST,
azure_native.keyvault.CertificatePermissions.DELETE,
azure_native.keyvault.CertificatePermissions.CREATE,
azure_native.keyvault.CertificatePermissions.IMPORT_,
azure_native.keyvault.CertificatePermissions.UPDATE,
azure_native.keyvault.CertificatePermissions.MANAGECONTACTS,
azure_native.keyvault.CertificatePermissions.GETISSUERS,
azure_native.keyvault.CertificatePermissions.LISTISSUERS,
azure_native.keyvault.CertificatePermissions.SETISSUERS,
azure_native.keyvault.CertificatePermissions.DELETEISSUERS,
azure_native.keyvault.CertificatePermissions.MANAGEISSUERS,
azure_native.keyvault.CertificatePermissions.RECOVER,
azure_native.keyvault.CertificatePermissions.PURGE,
],
"keys": [
azure_native.keyvault.KeyPermissions.ENCRYPT,
azure_native.keyvault.KeyPermissions.DECRYPT,
azure_native.keyvault.KeyPermissions.WRAP_KEY,
azure_native.keyvault.KeyPermissions.UNWRAP_KEY,
azure_native.keyvault.KeyPermissions.SIGN,
azure_native.keyvault.KeyPermissions.VERIFY,
azure_native.keyvault.KeyPermissions.GET,
azure_native.keyvault.KeyPermissions.LIST,
azure_native.keyvault.KeyPermissions.CREATE,
azure_native.keyvault.KeyPermissions.UPDATE,
azure_native.keyvault.KeyPermissions.IMPORT_,
azure_native.keyvault.KeyPermissions.DELETE,
azure_native.keyvault.KeyPermissions.BACKUP,
azure_native.keyvault.KeyPermissions.RESTORE,
azure_native.keyvault.KeyPermissions.RECOVER,
azure_native.keyvault.KeyPermissions.PURGE,
],
"secrets": [
azure_native.keyvault.SecretPermissions.GET,
azure_native.keyvault.SecretPermissions.LIST,
azure_native.keyvault.SecretPermissions.SET,
azure_native.keyvault.SecretPermissions.DELETE,
azure_native.keyvault.SecretPermissions.BACKUP,
azure_native.keyvault.SecretPermissions.RESTORE,
azure_native.keyvault.SecretPermissions.RECOVER,
azure_native.keyvault.SecretPermissions.PURGE,
],
},
"tenant_id": "00000000-0000-0000-0000-000000000000",
}],
"enabled_for_deployment": True,
"enabled_for_disk_encryption": True,
"enabled_for_template_deployment": True,
"public_network_access": "Enabled",
"sku": {
"family": azure_native.keyvault.SkuFamily.A,
"name": azure_native.keyvault.SkuName.STANDARD,
},
"tenant_id": "00000000-0000-0000-0000-000000000000",
},
resource_group_name="sample-resource-group",
vault_name="sample-vault")
resources:
vault:
type: azure-native:keyvault:Vault
properties:
location: westus
properties:
accessPolicies:
- objectId: 00000000-0000-0000-0000-000000000000
permissions:
certificates:
- get
- list
- delete
- create
- import
- update
- managecontacts
- getissuers
- listissuers
- setissuers
- deleteissuers
- manageissuers
- recover
- purge
keys:
- encrypt
- decrypt
- wrapKey
- unwrapKey
- sign
- verify
- get
- list
- create
- update
- import
- delete
- backup
- restore
- recover
- purge
secrets:
- get
- list
- set
- delete
- backup
- restore
- recover
- purge
tenantId: 00000000-0000-0000-0000-000000000000
enabledForDeployment: true
enabledForDiskEncryption: true
enabledForTemplateDeployment: true
publicNetworkAccess: Enabled
sku:
family: A
name: standard
tenantId: 00000000-0000-0000-0000-000000000000
resourceGroupName: sample-resource-group
vaultName: sample-vault
Create or update a vault with network acls
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var vault = new AzureNative.KeyVault.Vault("vault", new()
{
Location = "westus",
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
EnabledForDeployment = true,
EnabledForDiskEncryption = true,
EnabledForTemplateDeployment = true,
NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
{
Bypass = AzureNative.KeyVault.NetworkRuleBypassOptions.AzureServices,
DefaultAction = AzureNative.KeyVault.NetworkRuleAction.Deny,
IpRules = new[]
{
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "124.56.78.91",
},
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "'10.91.4.0/24'",
},
},
VirtualNetworkRules = new[]
{
new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
},
},
},
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Family = AzureNative.KeyVault.SkuFamily.A,
Name = AzureNative.KeyVault.SkuName.Standard,
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
ResourceGroupName = "sample-resource-group",
VaultName = "sample-vault",
});
});
package main
import (
keyvault "github.com/pulumi/pulumi-azure-native-sdk/keyvault/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keyvault.NewVault(ctx, "vault", &keyvault.VaultArgs{
Location: pulumi.String("westus"),
Properties: &keyvault.VaultPropertiesArgs{
EnabledForDeployment: pulumi.Bool(true),
EnabledForDiskEncryption: pulumi.Bool(true),
EnabledForTemplateDeployment: pulumi.Bool(true),
NetworkAcls: &keyvault.NetworkRuleSetArgs{
Bypass: pulumi.String(keyvault.NetworkRuleBypassOptionsAzureServices),
DefaultAction: pulumi.String(keyvault.NetworkRuleActionDeny),
IpRules: keyvault.IPRuleArray{
&keyvault.IPRuleArgs{
Value: pulumi.String("124.56.78.91"),
},
&keyvault.IPRuleArgs{
Value: pulumi.String("'10.91.4.0/24'"),
},
},
VirtualNetworkRules: keyvault.VirtualNetworkRuleArray{
&keyvault.VirtualNetworkRuleArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"),
},
},
},
Sku: &keyvault.SkuArgs{
Family: pulumi.String(keyvault.SkuFamilyA),
Name: keyvault.SkuNameStandard,
},
TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
},
ResourceGroupName: pulumi.String("sample-resource-group"),
VaultName: pulumi.String("sample-vault"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import com.pulumi.azurenative.keyvault.inputs.VaultPropertiesArgs;
import com.pulumi.azurenative.keyvault.inputs.NetworkRuleSetArgs;
import com.pulumi.azurenative.keyvault.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vault = new Vault("vault", VaultArgs.builder()
.location("westus")
.properties(VaultPropertiesArgs.builder()
.enabledForDeployment(true)
.enabledForDiskEncryption(true)
.enabledForTemplateDeployment(true)
.networkAcls(NetworkRuleSetArgs.builder()
.bypass("AzureServices")
.defaultAction("Deny")
.ipRules(
IPRuleArgs.builder()
.value("124.56.78.91")
.build(),
IPRuleArgs.builder()
.value("'10.91.4.0/24'")
.build())
.virtualNetworkRules(VirtualNetworkRuleArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1")
.build())
.build())
.sku(SkuArgs.builder()
.family("A")
.name("standard")
.build())
.tenantId("00000000-0000-0000-0000-000000000000")
.build())
.resourceGroupName("sample-resource-group")
.vaultName("sample-vault")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const vault = new azure_native.keyvault.Vault("vault", {
location: "westus",
properties: {
enabledForDeployment: true,
enabledForDiskEncryption: true,
enabledForTemplateDeployment: true,
networkAcls: {
bypass: azure_native.keyvault.NetworkRuleBypassOptions.AzureServices,
defaultAction: azure_native.keyvault.NetworkRuleAction.Deny,
ipRules: [
{
value: "124.56.78.91",
},
{
value: "'10.91.4.0/24'",
},
],
virtualNetworkRules: [{
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
}],
},
sku: {
family: azure_native.keyvault.SkuFamily.A,
name: azure_native.keyvault.SkuName.Standard,
},
tenantId: "00000000-0000-0000-0000-000000000000",
},
resourceGroupName: "sample-resource-group",
vaultName: "sample-vault",
});
import pulumi
import pulumi_azure_native as azure_native
vault = azure_native.keyvault.Vault("vault",
location="westus",
properties={
"enabled_for_deployment": True,
"enabled_for_disk_encryption": True,
"enabled_for_template_deployment": True,
"network_acls": {
"bypass": azure_native.keyvault.NetworkRuleBypassOptions.AZURE_SERVICES,
"default_action": azure_native.keyvault.NetworkRuleAction.DENY,
"ip_rules": [
{
"value": "124.56.78.91",
},
{
"value": "'10.91.4.0/24'",
},
],
"virtual_network_rules": [{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
}],
},
"sku": {
"family": azure_native.keyvault.SkuFamily.A,
"name": azure_native.keyvault.SkuName.STANDARD,
},
"tenant_id": "00000000-0000-0000-0000-000000000000",
},
resource_group_name="sample-resource-group",
vault_name="sample-vault")
resources:
vault:
type: azure-native:keyvault:Vault
properties:
location: westus
properties:
enabledForDeployment: true
enabledForDiskEncryption: true
enabledForTemplateDeployment: true
networkAcls:
bypass: AzureServices
defaultAction: Deny
ipRules:
- value: 124.56.78.91
- value: '''10.91.4.0/24'''
virtualNetworkRules:
- id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1
sku:
family: A
name: standard
tenantId: 00000000-0000-0000-0000-000000000000
resourceGroupName: sample-resource-group
vaultName: sample-vault
Create Vault Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Vault(name: string, args: VaultArgs, opts?: CustomResourceOptions);@overload
def Vault(resource_name: str,
args: VaultArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Vault(resource_name: str,
opts: Optional[ResourceOptions] = None,
properties: Optional[VaultPropertiesArgs] = None,
resource_group_name: Optional[str] = None,
location: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
vault_name: Optional[str] = None)func NewVault(ctx *Context, name string, args VaultArgs, opts ...ResourceOption) (*Vault, error)public Vault(string name, VaultArgs args, CustomResourceOptions? opts = null)type: azure-native:keyvault:Vault
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VaultArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VaultArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VaultArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VaultArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VaultArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azure_nativeVaultResource = new AzureNative.KeyVault.Vault("azure-nativeVaultResource", new()
{
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Family = "string",
Name = AzureNative.KeyVault.SkuName.Standard,
},
TenantId = "string",
EnabledForDiskEncryption = false,
EnableRbacAuthorization = false,
EnableSoftDelete = false,
EnabledForDeployment = false,
AccessPolicies = new[]
{
new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
{
ObjectId = "string",
Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
{
Certificates = new[]
{
"string",
},
Keys = new[]
{
"string",
},
Secrets = new[]
{
"string",
},
Storage = new[]
{
"string",
},
},
TenantId = "string",
ApplicationId = "string",
},
},
EnabledForTemplateDeployment = false,
NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
{
Bypass = "string",
DefaultAction = "string",
IpRules = new[]
{
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "string",
},
},
VirtualNetworkRules = new[]
{
new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
{
Id = "string",
IgnoreMissingVnetServiceEndpoint = false,
},
},
},
PublicNetworkAccess = "string",
EnablePurgeProtection = false,
SoftDeleteRetentionInDays = 0,
CreateMode = AzureNative.KeyVault.CreateMode.Recover,
},
ResourceGroupName = "string",
Location = "string",
Tags =
{
{ "string", "string" },
},
VaultName = "string",
});
example, err := keyvault.NewVault(ctx, "azure-nativeVaultResource", &keyvault.VaultArgs{
Properties: &keyvault.VaultPropertiesArgs{
Sku: &keyvault.SkuArgs{
Family: pulumi.String("string"),
Name: keyvault.SkuNameStandard,
},
TenantId: pulumi.String("string"),
EnabledForDiskEncryption: pulumi.Bool(false),
EnableRbacAuthorization: pulumi.Bool(false),
EnableSoftDelete: pulumi.Bool(false),
EnabledForDeployment: pulumi.Bool(false),
AccessPolicies: keyvault.AccessPolicyEntryArray{
&keyvault.AccessPolicyEntryArgs{
ObjectId: pulumi.String("string"),
Permissions: &keyvault.PermissionsArgs{
Certificates: pulumi.StringArray{
pulumi.String("string"),
},
Keys: pulumi.StringArray{
pulumi.String("string"),
},
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Storage: pulumi.StringArray{
pulumi.String("string"),
},
},
TenantId: pulumi.String("string"),
ApplicationId: pulumi.String("string"),
},
},
EnabledForTemplateDeployment: pulumi.Bool(false),
NetworkAcls: &keyvault.NetworkRuleSetArgs{
Bypass: pulumi.String("string"),
DefaultAction: pulumi.String("string"),
IpRules: keyvault.IPRuleArray{
&keyvault.IPRuleArgs{
Value: pulumi.String("string"),
},
},
VirtualNetworkRules: keyvault.VirtualNetworkRuleArray{
&keyvault.VirtualNetworkRuleArgs{
Id: pulumi.String("string"),
IgnoreMissingVnetServiceEndpoint: pulumi.Bool(false),
},
},
},
PublicNetworkAccess: pulumi.String("string"),
EnablePurgeProtection: pulumi.Bool(false),
SoftDeleteRetentionInDays: pulumi.Int(0),
CreateMode: keyvault.CreateModeRecover,
},
ResourceGroupName: pulumi.String("string"),
Location: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
VaultName: pulumi.String("string"),
})
var azure_nativeVaultResource = new com.pulumi.azurenative.keyvault.Vault("azure-nativeVaultResource", com.pulumi.azurenative.keyvault.VaultArgs.builder()
.properties(VaultPropertiesArgs.builder()
.sku(SkuArgs.builder()
.family("string")
.name("standard")
.build())
.tenantId("string")
.enabledForDiskEncryption(false)
.enableRbacAuthorization(false)
.enableSoftDelete(false)
.enabledForDeployment(false)
.accessPolicies(AccessPolicyEntryArgs.builder()
.objectId("string")
.permissions(PermissionsArgs.builder()
.certificates("string")
.keys("string")
.secrets("string")
.storage("string")
.build())
.tenantId("string")
.applicationId("string")
.build())
.enabledForTemplateDeployment(false)
.networkAcls(NetworkRuleSetArgs.builder()
.bypass("string")
.defaultAction("string")
.ipRules(IPRuleArgs.builder()
.value("string")
.build())
.virtualNetworkRules(VirtualNetworkRuleArgs.builder()
.id("string")
.ignoreMissingVnetServiceEndpoint(false)
.build())
.build())
.publicNetworkAccess("string")
.enablePurgeProtection(false)
.softDeleteRetentionInDays(0)
.createMode("recover")
.build())
.resourceGroupName("string")
.location("string")
.tags(Map.of("string", "string"))
.vaultName("string")
.build());
azure_native_vault_resource = azure_native.keyvault.Vault("azure-nativeVaultResource",
properties={
"sku": {
"family": "string",
"name": azure_native.keyvault.SkuName.STANDARD,
},
"tenant_id": "string",
"enabled_for_disk_encryption": False,
"enable_rbac_authorization": False,
"enable_soft_delete": False,
"enabled_for_deployment": False,
"access_policies": [{
"object_id": "string",
"permissions": {
"certificates": ["string"],
"keys": ["string"],
"secrets": ["string"],
"storage": ["string"],
},
"tenant_id": "string",
"application_id": "string",
}],
"enabled_for_template_deployment": False,
"network_acls": {
"bypass": "string",
"default_action": "string",
"ip_rules": [{
"value": "string",
}],
"virtual_network_rules": [{
"id": "string",
"ignore_missing_vnet_service_endpoint": False,
}],
},
"public_network_access": "string",
"enable_purge_protection": False,
"soft_delete_retention_in_days": 0,
"create_mode": azure_native.keyvault.CreateMode.RECOVER,
},
resource_group_name="string",
location="string",
tags={
"string": "string",
},
vault_name="string")
const azure_nativeVaultResource = new azure_native.keyvault.Vault("azure-nativeVaultResource", {
properties: {
sku: {
family: "string",
name: azure_native.keyvault.SkuName.Standard,
},
tenantId: "string",
enabledForDiskEncryption: false,
enableRbacAuthorization: false,
enableSoftDelete: false,
enabledForDeployment: false,
accessPolicies: [{
objectId: "string",
permissions: {
certificates: ["string"],
keys: ["string"],
secrets: ["string"],
storage: ["string"],
},
tenantId: "string",
applicationId: "string",
}],
enabledForTemplateDeployment: false,
networkAcls: {
bypass: "string",
defaultAction: "string",
ipRules: [{
value: "string",
}],
virtualNetworkRules: [{
id: "string",
ignoreMissingVnetServiceEndpoint: false,
}],
},
publicNetworkAccess: "string",
enablePurgeProtection: false,
softDeleteRetentionInDays: 0,
createMode: azure_native.keyvault.CreateMode.Recover,
},
resourceGroupName: "string",
location: "string",
tags: {
string: "string",
},
vaultName: "string",
});
type: azure-native:keyvault:Vault
properties:
location: string
properties:
accessPolicies:
- applicationId: string
objectId: string
permissions:
certificates:
- string
keys:
- string
secrets:
- string
storage:
- string
tenantId: string
createMode: recover
enablePurgeProtection: false
enableRbacAuthorization: false
enableSoftDelete: false
enabledForDeployment: false
enabledForDiskEncryption: false
enabledForTemplateDeployment: false
networkAcls:
bypass: string
defaultAction: string
ipRules:
- value: string
virtualNetworkRules:
- id: string
ignoreMissingVnetServiceEndpoint: false
publicNetworkAccess: string
sku:
family: string
name: standard
softDeleteRetentionInDays: 0
tenantId: string
resourceGroupName: string
tags:
string: string
vaultName: string
Vault Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Vault resource accepts the following input properties:
- Properties
Pulumi.
Azure Native. Key Vault. Inputs. Vault Properties - Properties of the vault
- Resource
Group stringName - The name of the Resource Group to which the server belongs.
- Location string
- The supported Azure location where the key vault should be created.
- Dictionary<string, string>
- The tags that will be assigned to the key vault.
- Vault
Name string - Name of the vault
- Properties
Vault
Properties Args - Properties of the vault
- Resource
Group stringName - The name of the Resource Group to which the server belongs.
- Location string
- The supported Azure location where the key vault should be created.
- map[string]string
- The tags that will be assigned to the key vault.
- Vault
Name string - Name of the vault
- properties
Vault
Properties - Properties of the vault
- resource
Group StringName - The name of the Resource Group to which the server belongs.
- location String
- The supported Azure location where the key vault should be created.
- Map<String,String>
- The tags that will be assigned to the key vault.
- vault
Name String - Name of the vault
- properties
Vault
Properties - Properties of the vault
- resource
Group stringName - The name of the Resource Group to which the server belongs.
- location string
- The supported Azure location where the key vault should be created.
- {[key: string]: string}
- The tags that will be assigned to the key vault.
- vault
Name string - Name of the vault
- properties
Vault
Properties Args - Properties of the vault
- resource_
group_ strname - The name of the Resource Group to which the server belongs.
- location str
- The supported Azure location where the key vault should be created.
- Mapping[str, str]
- The tags that will be assigned to the key vault.
- vault_
name str - Name of the vault
- properties Property Map
- Properties of the vault
- resource
Group StringName - The name of the Resource Group to which the server belongs.
- location String
- The supported Azure location where the key vault should be created.
- Map<String>
- The tags that will be assigned to the key vault.
- vault
Name String - Name of the vault
Outputs
All input properties are implicitly available as output properties. Additionally, the Vault resource produces the following output properties:
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Name of the key vault resource.
- System
Data Pulumi.Azure Native. Key Vault. Outputs. System Data Response - System metadata for the key vault.
- Type string
- Resource type of the key vault resource.
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Name of the key vault resource.
- System
Data SystemData Response - System metadata for the key vault.
- Type string
- Resource type of the key vault resource.
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Name of the key vault resource.
- system
Data SystemData Response - System metadata for the key vault.
- type String
- Resource type of the key vault resource.
- azure
Api stringVersion - The Azure API version of the resource.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Name of the key vault resource.
- system
Data SystemData Response - System metadata for the key vault.
- type string
- Resource type of the key vault resource.
- azure_
api_ strversion - The Azure API version of the resource.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Name of the key vault resource.
- system_
data SystemData Response - System metadata for the key vault.
- type str
- Resource type of the key vault resource.
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Name of the key vault resource.
- system
Data Property Map - System metadata for the key vault.
- type String
- Resource type of the key vault resource.
Supporting Types
AccessPolicyEntry, AccessPolicyEntryArgs
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
Pulumi.
Azure Native. Key Vault. Inputs. Permissions - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
- object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id string - Application ID of the client making request on behalf of a principal
- object_
id str - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application_
id str - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Property Map
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
AccessPolicyEntryResponse, AccessPolicyEntryResponseArgs
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
Pulumi.
Azure Native. Key Vault. Inputs. Permissions Response - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
- object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id string - Application ID of the client making request on behalf of a principal
- object_
id str - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application_
id str - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Property Map
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
CertificatePermissions, CertificatePermissionsArgs
- All
- all
- @Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Certificate
Permissions All - all
- Certificate
Permissions Get - get
- Certificate
Permissions List - list
- Certificate
Permissions Delete - delete
- Certificate
Permissions Create - create
- Certificate
Permissions Import - import
- Certificate
Permissions Update - update
- Certificate
Permissions Managecontacts - managecontacts
- Certificate
Permissions Getissuers - getissuers
- Certificate
Permissions Listissuers - listissuers
- Certificate
Permissions Setissuers - setissuers
- Certificate
Permissions Deleteissuers - deleteissuers
- Certificate
Permissions Manageissuers - manageissuers
- Certificate
Permissions Recover - recover
- Certificate
Permissions Purge - purge
- Certificate
Permissions Backup - backup
- Certificate
Permissions Restore - restore
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import_
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- ALL
- all
- GET
- get
- LIST
- list
- DELETE
- delete
- CREATE
- create
- IMPORT_
- import
- UPDATE
- update
- MANAGECONTACTS
- managecontacts
- GETISSUERS
- getissuers
- LISTISSUERS
- listissuers
- SETISSUERS
- setissuers
- DELETEISSUERS
- deleteissuers
- MANAGEISSUERS
- manageissuers
- RECOVER
- recover
- PURGE
- purge
- BACKUP
- backup
- RESTORE
- restore
- "all"
- all
- "get"
- get
- "list"
- list
- "delete"
- delete
- "create"
- create
- "import"
- import
- "update"
- update
- "managecontacts"
- managecontacts
- "getissuers"
- getissuers
- "listissuers"
- listissuers
- "setissuers"
- setissuers
- "deleteissuers"
- deleteissuers
- "manageissuers"
- manageissuers
- "recover"
- recover
- "purge"
- purge
- "backup"
- backup
- "restore"
- restore
CreateMode, CreateModeArgs
- Recover
- recover
- @Default
- default
- Create
Mode Recover - recover
- Create
Mode Default - default
- Recover
- recover
- Default_
- default
- Recover
- recover
- Default
- default
- RECOVER
- recover
- DEFAULT
- default
- "recover"
- recover
- "default"
- default
IPRule, IPRuleArgs
- Value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- Value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value String
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value str
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value String
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
IPRuleResponse, IPRuleResponseArgs
- Value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- Value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value String
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value str
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value String
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
KeyPermissions, KeyPermissionsArgs
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- @Get
- get
- List
- list
- Create
- create
- Update
- update
- Import
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Release
- release
- Rotate
- rotate
- Getrotationpolicy
- getrotationpolicy
- Setrotationpolicy
- setrotationpolicy
- Key
Permissions All - all
- Key
Permissions Encrypt - encrypt
- Key
Permissions Decrypt - decrypt
- Key
Permissions Wrap Key - wrapKey
- Key
Permissions Unwrap Key - unwrapKey
- Key
Permissions Sign - sign
- Key
Permissions Verify - verify
- Key
Permissions Get - get
- Key
Permissions List - list
- Key
Permissions Create - create
- Key
Permissions Update - update
- Key
Permissions Import - import
- Key
Permissions Delete - delete
- Key
Permissions Backup - backup
- Key
Permissions Restore - restore
- Key
Permissions Recover - recover
- Key
Permissions Purge - purge
- Key
Permissions Release - release
- Key
Permissions Rotate - rotate
- Key
Permissions Getrotationpolicy - getrotationpolicy
- Key
Permissions Setrotationpolicy - setrotationpolicy
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- Get
- get
- List
- list
- Create
- create
- Update
- update
- Import_
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Release
- release
- Rotate
- rotate
- Getrotationpolicy
- getrotationpolicy
- Setrotationpolicy
- setrotationpolicy
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- Get
- get
- List
- list
- Create
- create
- Update
- update
- Import
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Release
- release
- Rotate
- rotate
- Getrotationpolicy
- getrotationpolicy
- Setrotationpolicy
- setrotationpolicy
- ALL
- all
- ENCRYPT
- encrypt
- DECRYPT
- decrypt
- WRAP_KEY
- wrapKey
- UNWRAP_KEY
- unwrapKey
- SIGN
- sign
- VERIFY
- verify
- GET
- get
- LIST
- list
- CREATE
- create
- UPDATE
- update
- IMPORT_
- import
- DELETE
- delete
- BACKUP
- backup
- RESTORE
- restore
- RECOVER
- recover
- PURGE
- purge
- RELEASE
- release
- ROTATE
- rotate
- GETROTATIONPOLICY
- getrotationpolicy
- SETROTATIONPOLICY
- setrotationpolicy
- "all"
- all
- "encrypt"
- encrypt
- "decrypt"
- decrypt
- "wrap
Key" - wrapKey
- "unwrap
Key" - unwrapKey
- "sign"
- sign
- "verify"
- verify
- "get"
- get
- "list"
- list
- "create"
- create
- "update"
- update
- "import"
- import
- "delete"
- delete
- "backup"
- backup
- "restore"
- restore
- "recover"
- recover
- "purge"
- purge
- "release"
- release
- "rotate"
- rotate
- "getrotationpolicy"
- getrotationpolicy
- "setrotationpolicy"
- setrotationpolicy
NetworkRuleAction, NetworkRuleActionArgs
- Allow
- Allow
- Deny
- Deny
- Network
Rule Action Allow - Allow
- Network
Rule Action Deny - Deny
- Allow
- Allow
- Deny
- Deny
- Allow
- Allow
- Deny
- Deny
- ALLOW
- Allow
- DENY
- Deny
- "Allow"
- Allow
- "Deny"
- Deny
NetworkRuleBypassOptions, NetworkRuleBypassOptionsArgs
- Azure
Services - AzureServices
- None
- None
- Network
Rule Bypass Options Azure Services - AzureServices
- Network
Rule Bypass Options None - None
- Azure
Services - AzureServices
- None
- None
- Azure
Services - AzureServices
- None
- None
- AZURE_SERVICES
- AzureServices
- NONE
- None
- "Azure
Services" - AzureServices
- "None"
- None
NetworkRuleSet, NetworkRuleSetArgs
- Bypass
string | Pulumi.
Azure Native. Key Vault. Network Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string | Pulumi.Azure Native. Key Vault. Network Rule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules List<Pulumi.Azure Native. Key Vault. Inputs. IPRule> - The list of IP address rules.
- Virtual
Network List<Pulumi.Rules Azure Native. Key Vault. Inputs. Virtual Network Rule> - The list of virtual network rules.
- Bypass
string | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules []IPRule - The list of IP address rules.
- Virtual
Network []VirtualRules Network Rule - The list of virtual network rules.
- bypass
String | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<IPRule> - The list of IP address rules.
- virtual
Network List<VirtualRules Network Rule> - The list of virtual network rules.
- bypass
string | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action string | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules IPRule[] - The list of IP address rules.
- virtual
Network VirtualRules Network Rule[] - The list of virtual network rules.
- bypass
str | Network
Rule Bypass Options - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default_
action str | NetworkRule Action - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip_
rules Sequence[IPRule] - The list of IP address rules.
- virtual_
network_ Sequence[Virtualrules Network Rule] - The list of virtual network rules.
- bypass
String | "Azure
Services" | "None" - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String | "Allow" | "Deny" - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<Property Map> - The list of IP address rules.
- virtual
Network List<Property Map>Rules - The list of virtual network rules.
NetworkRuleSetResponse, NetworkRuleSetResponseArgs
- Bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules List<Pulumi.Azure Native. Key Vault. Inputs. IPRule Response> - The list of IP address rules.
- Virtual
Network List<Pulumi.Rules Azure Native. Key Vault. Inputs. Virtual Network Rule Response> - The list of virtual network rules.
- Bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules []IPRuleResponse - The list of IP address rules.
- Virtual
Network []VirtualRules Network Rule Response - The list of virtual network rules.
- bypass String
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<IPRuleResponse> - The list of IP address rules.
- virtual
Network List<VirtualRules Network Rule Response> - The list of virtual network rules.
- bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules IPRuleResponse[] - The list of IP address rules.
- virtual
Network VirtualRules Network Rule Response[] - The list of virtual network rules.
- bypass str
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default_
action str - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip_
rules Sequence[IPRuleResponse] - The list of IP address rules.
- virtual_
network_ Sequence[Virtualrules Network Rule Response] - The list of virtual network rules.
- bypass String
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<Property Map> - The list of IP address rules.
- virtual
Network List<Property Map>Rules - The list of virtual network rules.
Permissions, PermissionsArgs
- Certificates
List<Union<string, Pulumi.
Azure Native. Key Vault. Certificate Permissions>> - Permissions to certificates
- Keys
List<Union<string, Pulumi.
Azure Native. Key Vault. Key Permissions>> - Permissions to keys
- Secrets
List<Union<string, Pulumi.
Azure Native. Key Vault. Secret Permissions>> - Permissions to secrets
- Storage
List<Union<string, Pulumi.
Azure Native. Key Vault. Storage Permissions>> - Permissions to storage accounts
- Certificates []string
- Permissions to certificates
- Keys []string
- Permissions to keys
- Secrets []string
- Permissions to secrets
- Storage []string
- Permissions to storage accounts
- certificates
List<Either<String,Certificate
Permissions>> - Permissions to certificates
- keys
List<Either<String,Key
Permissions>> - Permissions to keys
- secrets
List<Either<String,Secret
Permissions>> - Permissions to secrets
- storage
List<Either<String,Storage
Permissions>> - Permissions to storage accounts
- certificates
(string | Certificate
Permissions)[] - Permissions to certificates
- keys
(string | Key
Permissions)[] - Permissions to keys
- secrets
(string | Secret
Permissions)[] - Permissions to secrets
- storage
(string | Storage
Permissions)[] - Permissions to storage accounts
- certificates
Sequence[Union[str, Certificate
Permissions]] - Permissions to certificates
- keys
Sequence[Union[str, Key
Permissions]] - Permissions to keys
- secrets
Sequence[Union[str, Secret
Permissions]] - Permissions to secrets
- storage
Sequence[Union[str, Storage
Permissions]] - Permissions to storage accounts
- certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">
- Permissions to certificates
- keys
List<String | "all" | "encrypt" | "decrypt" | "wrap
Key" | "unwrap Key" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge" | "release" | "rotate" | "getrotationpolicy" | "setrotationpolicy"> - Permissions to keys
- secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">
- Permissions to secrets
- storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">
- Permissions to storage accounts
PermissionsResponse, PermissionsResponseArgs
- Certificates List<string>
- Permissions to certificates
- Keys List<string>
- Permissions to keys
- Secrets List<string>
- Permissions to secrets
- Storage List<string>
- Permissions to storage accounts
- Certificates []string
- Permissions to certificates
- Keys []string
- Permissions to keys
- Secrets []string
- Permissions to secrets
- Storage []string
- Permissions to storage accounts
- certificates List<String>
- Permissions to certificates
- keys List<String>
- Permissions to keys
- secrets List<String>
- Permissions to secrets
- storage List<String>
- Permissions to storage accounts
- certificates string[]
- Permissions to certificates
- keys string[]
- Permissions to keys
- secrets string[]
- Permissions to secrets
- storage string[]
- Permissions to storage accounts
- certificates Sequence[str]
- Permissions to certificates
- keys Sequence[str]
- Permissions to keys
- secrets Sequence[str]
- Permissions to secrets
- storage Sequence[str]
- Permissions to storage accounts
- certificates List<String>
- Permissions to certificates
- keys List<String>
- Permissions to keys
- secrets List<String>
- Permissions to secrets
- storage List<String>
- Permissions to storage accounts
PrivateEndpointConnectionItemResponse, PrivateEndpointConnectionItemResponseArgs
- Provisioning
State string - Provisioning state of the private endpoint connection.
- Etag string
- Modified whenever there is a change in the state of private endpoint connection.
- Id string
- Id of private endpoint connection.
- Private
Endpoint Pulumi.Azure Native. Key Vault. Inputs. Private Endpoint Response - Properties of the private endpoint object.
- Private
Link Pulumi.Service Connection State Azure Native. Key Vault. Inputs. Private Link Service Connection State Response - Approval state of the private link connection.
- Provisioning
State string - Provisioning state of the private endpoint connection.
- Etag string
- Modified whenever there is a change in the state of private endpoint connection.
- Id string
- Id of private endpoint connection.
- Private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- Private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State String - Provisioning state of the private endpoint connection.
- etag String
- Modified whenever there is a change in the state of private endpoint connection.
- id String
- Id of private endpoint connection.
- private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State string - Provisioning state of the private endpoint connection.
- etag string
- Modified whenever there is a change in the state of private endpoint connection.
- id string
- Id of private endpoint connection.
- private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning_
state str - Provisioning state of the private endpoint connection.
- etag str
- Modified whenever there is a change in the state of private endpoint connection.
- id str
- Id of private endpoint connection.
- private_
endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private_
link_ Privateservice_ connection_ state Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State String - Provisioning state of the private endpoint connection.
- etag String
- Modified whenever there is a change in the state of private endpoint connection.
- id String
- Id of private endpoint connection.
- private
Endpoint Property Map - Properties of the private endpoint object.
- private
Link Property MapService Connection State - Approval state of the private link connection.
PrivateEndpointResponse, PrivateEndpointResponseArgs
- Id string
- Full identifier of the private endpoint resource.
- Id string
- Full identifier of the private endpoint resource.
- id String
- Full identifier of the private endpoint resource.
- id string
- Full identifier of the private endpoint resource.
- id str
- Full identifier of the private endpoint resource.
- id String
- Full identifier of the private endpoint resource.
PrivateLinkServiceConnectionStateResponse, PrivateLinkServiceConnectionStateResponseArgs
- Actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- Description string
- The reason for approval or rejection.
- Status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- Actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- Description string
- The reason for approval or rejection.
- Status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required String - A message indicating if changes on the service provider require any updates on the consumer.
- description String
- The reason for approval or rejection.
- status String
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- description string
- The reason for approval or rejection.
- status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions_
required str - A message indicating if changes on the service provider require any updates on the consumer.
- description str
- The reason for approval or rejection.
- status str
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required String - A message indicating if changes on the service provider require any updates on the consumer.
- description String
- The reason for approval or rejection.
- status String
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
SecretPermissions, SecretPermissionsArgs
- All
- all
- @Get
- get
- List
- list
- @Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Secret
Permissions All - all
- Secret
Permissions Get - get
- Secret
Permissions List - list
- Secret
Permissions Set - set
- Secret
Permissions Delete - delete
- Secret
Permissions Backup - backup
- Secret
Permissions Restore - restore
- Secret
Permissions Recover - recover
- Secret
Permissions Purge - purge
- All
- all
- Get
- get
- List
- list
- Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- All
- all
- Get
- get
- List
- list
- Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- ALL
- all
- GET
- get
- LIST
- list
- SET
- set
- DELETE
- delete
- BACKUP
- backup
- RESTORE
- restore
- RECOVER
- recover
- PURGE
- purge
- "all"
- all
- "get"
- get
- "list"
- list
- "set"
- set
- "delete"
- delete
- "backup"
- backup
- "restore"
- restore
- "recover"
- recover
- "purge"
- purge
Sku, SkuArgs
- Family
string | Pulumi.
Azure Native. Key Vault. Sku Family - SKU family name
- Name
Pulumi.
Azure Native. Key Vault. Sku Name - SKU name to specify whether the key vault is a standard vault or a premium vault.
- family String | "A"
- SKU family name
- name "standard" | "premium"
- SKU name to specify whether the key vault is a standard vault or a premium vault.
SkuFamily, SkuFamilyArgs
- A
- A
- Sku
Family A - A
- A
- A
- A
- A
- A
- A
- "A"
- A
SkuName, SkuNameArgs
- Standard
- standard
- Premium
- premium
- Sku
Name Standard - standard
- Sku
Name Premium - premium
- Standard
- standard
- Premium
- premium
- Standard
- standard
- Premium
- premium
- STANDARD
- standard
- PREMIUM
- premium
- "standard"
- standard
- "premium"
- premium
SkuResponse, SkuResponseArgs
StoragePermissions, StoragePermissionsArgs
- All
- all
- @Get
- get
- List
- list
- Delete
- delete
- @Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- Storage
Permissions All - all
- Storage
Permissions Get - get
- Storage
Permissions List - list
- Storage
Permissions Delete - delete
- Storage
Permissions Set - set
- Storage
Permissions Update - update
- Storage
Permissions Regeneratekey - regeneratekey
- Storage
Permissions Recover - recover
- Storage
Permissions Purge - purge
- Storage
Permissions Backup - backup
- Storage
Permissions Restore - restore
- Storage
Permissions Setsas - setsas
- Storage
Permissions Listsas - listsas
- Storage
Permissions Getsas - getsas
- Storage
Permissions Deletesas - deletesas
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- ALL
- all
- GET
- get
- LIST
- list
- DELETE
- delete
- SET
- set
- UPDATE
- update
- REGENERATEKEY
- regeneratekey
- RECOVER
- recover
- PURGE
- purge
- BACKUP
- backup
- RESTORE
- restore
- SETSAS
- setsas
- LISTSAS
- listsas
- GETSAS
- getsas
- DELETESAS
- deletesas
- "all"
- all
- "get"
- get
- "list"
- list
- "delete"
- delete
- "set"
- set
- "update"
- update
- "regeneratekey"
- regeneratekey
- "recover"
- recover
- "purge"
- purge
- "backup"
- backup
- "restore"
- restore
- "setsas"
- setsas
- "listsas"
- listsas
- "getsas"
- getsas
- "deletesas"
- deletesas
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of the key vault resource creation (UTC).
- Created
By string - The identity that created the key vault resource.
- Created
By stringType - The type of identity that created the key vault resource.
- Last
Modified stringAt - The timestamp of the key vault resource last modification (UTC).
- Last
Modified stringBy - The identity that last modified the key vault resource.
- Last
Modified stringBy Type - The type of identity that last modified the key vault resource.
- Created
At string - The timestamp of the key vault resource creation (UTC).
- Created
By string - The identity that created the key vault resource.
- Created
By stringType - The type of identity that created the key vault resource.
- Last
Modified stringAt - The timestamp of the key vault resource last modification (UTC).
- Last
Modified stringBy - The identity that last modified the key vault resource.
- Last
Modified stringBy Type - The type of identity that last modified the key vault resource.
- created
At String - The timestamp of the key vault resource creation (UTC).
- created
By String - The identity that created the key vault resource.
- created
By StringType - The type of identity that created the key vault resource.
- last
Modified StringAt - The timestamp of the key vault resource last modification (UTC).
- last
Modified StringBy - The identity that last modified the key vault resource.
- last
Modified StringBy Type - The type of identity that last modified the key vault resource.
- created
At string - The timestamp of the key vault resource creation (UTC).
- created
By string - The identity that created the key vault resource.
- created
By stringType - The type of identity that created the key vault resource.
- last
Modified stringAt - The timestamp of the key vault resource last modification (UTC).
- last
Modified stringBy - The identity that last modified the key vault resource.
- last
Modified stringBy Type - The type of identity that last modified the key vault resource.
- created_
at str - The timestamp of the key vault resource creation (UTC).
- created_
by str - The identity that created the key vault resource.
- created_
by_ strtype - The type of identity that created the key vault resource.
- last_
modified_ strat - The timestamp of the key vault resource last modification (UTC).
- last_
modified_ strby - The identity that last modified the key vault resource.
- last_
modified_ strby_ type - The type of identity that last modified the key vault resource.
- created
At String - The timestamp of the key vault resource creation (UTC).
- created
By String - The identity that created the key vault resource.
- created
By StringType - The type of identity that created the key vault resource.
- last
Modified StringAt - The timestamp of the key vault resource last modification (UTC).
- last
Modified StringBy - The identity that last modified the key vault resource.
- last
Modified StringBy Type - The type of identity that last modified the key vault resource.
VaultProperties, VaultPropertiesArgs
- Sku
Pulumi.
Azure Native. Key Vault. Inputs. Sku - SKU details
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies List<Pulumi.Azure Native. Key Vault. Inputs. Access Policy Entry> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - Create
Mode Pulumi.Azure Native. Key Vault. Create Mode - The vault's create mode to indicate whether the vault need to be recovered or not.
- Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls Pulumi.Azure Native. Key Vault. Inputs. Network Rule Set - Rules governing the accessibility of the key vault from specific network locations.
- Public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Sku Sku
- SKU details
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies []AccessPolicy Entry - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - Create
Mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- Public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- sku Sku
- SKU details
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<AccessPolicy Entry> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - create
Mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- public
Network StringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete IntegerRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- sku Sku
- SKU details
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies AccessPolicy Entry[] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - create
Mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable
Purge booleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft booleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For booleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For booleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For booleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete numberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- sku Sku
- SKU details
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access_
policies Sequence[AccessPolicy Entry] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - create_
mode CreateMode - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable_
purge_ boolprotection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable_
soft_ booldelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled_
for_ booldeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled_
for_ booldisk_ encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled_
for_ booltemplate_ deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network_
acls NetworkRule Set - Rules governing the accessibility of the key vault from specific network locations.
- public_
network_ straccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft_
delete_ intretention_ in_ days - softDelete data retention days. It accepts >=7 and <=90.
- sku Property Map
- SKU details
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<Property Map> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - create
Mode "recover" | "default" - The vault's create mode to indicate whether the vault need to be recovered or not.
- enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls Property Map - Rules governing the accessibility of the key vault from specific network locations.
- public
Network StringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete NumberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
VaultPropertiesResponse, VaultPropertiesResponseArgs
- Hsm
Pool stringResource Id - The resource id of HSM Pool.
- Private
Endpoint List<Pulumi.Connections Azure Native. Key Vault. Inputs. Private Endpoint Connection Item Response> - List of private endpoint connections associated with the key vault.
- Provisioning
State string - Provisioning state of the vault.
- Sku
Pulumi.
Azure Native. Key Vault. Inputs. Sku Response - SKU details
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- Access
Policies List<Pulumi.Azure Native. Key Vault. Inputs. Access Policy Entry Response> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls Pulumi.Azure Native. Key Vault. Inputs. Network Rule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- Public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Hsm
Pool stringResource Id - The resource id of HSM Pool.
- Private
Endpoint []PrivateConnections Endpoint Connection Item Response - List of private endpoint connections associated with the key vault.
- Provisioning
State string - Provisioning state of the vault.
- Sku
Sku
Response - SKU details
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- Access
Policies []AccessPolicy Entry Response - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- Public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- hsm
Pool StringResource Id - The resource id of HSM Pool.
- private
Endpoint List<PrivateConnections Endpoint Connection Item Response> - List of private endpoint connections associated with the key vault.
- provisioning
State String - Provisioning state of the vault.
- sku
Sku
Response - SKU details
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
- access
Policies List<AccessPolicy Entry Response> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- public
Network StringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete IntegerRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- hsm
Pool stringResource Id - The resource id of HSM Pool.
- private
Endpoint PrivateConnections Endpoint Connection Item Response[] - List of private endpoint connections associated with the key vault.
- provisioning
State string - Provisioning state of the vault.
- sku
Sku
Response - SKU details
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- access
Policies AccessPolicy Entry Response[] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable
Purge booleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft booleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For booleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For booleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For booleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete numberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- hsm_
pool_ strresource_ id - The resource id of HSM Pool.
- private_
endpoint_ Sequence[Privateconnections Endpoint Connection Item Response] - List of private endpoint connections associated with the key vault.
- provisioning_
state str - Provisioning state of the vault.
- sku
Sku
Response - SKU details
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- vault_
uri str - The URI of the vault for performing operations on keys and secrets.
- access_
policies Sequence[AccessPolicy Entry Response] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable_
purge_ boolprotection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable_
soft_ booldelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled_
for_ booldeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled_
for_ booldisk_ encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled_
for_ booltemplate_ deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network_
acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- public_
network_ straccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft_
delete_ intretention_ in_ days - softDelete data retention days. It accepts >=7 and <=90.
- hsm
Pool StringResource Id - The resource id of HSM Pool.
- private
Endpoint List<Property Map>Connections - List of private endpoint connections associated with the key vault.
- provisioning
State String - Provisioning state of the vault.
- sku Property Map
- SKU details
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
- access
Policies List<Property Map> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createModeis set torecover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls Property Map - Rules governing the accessibility of the key vault from specific network locations.
- public
Network StringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete NumberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
VirtualNetworkRule, VirtualNetworkRuleArgs
- Id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- Id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id String
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing booleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id str
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore_
missing_ boolvnet_ service_ endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id String
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
VirtualNetworkRuleResponse, VirtualNetworkRuleResponseArgs
- Id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- Id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id String
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing booleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id str
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore_
missing_ boolvnet_ service_ endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id String
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:keyvault:Vault sample-vault /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.4.0 published on Wednesday, May 7, 2025 by Pulumi