Azure Native v1.103.0, Jun 2 23

Azure Native v1.103.0 published on Friday, Jun 2, 2023 by Pulumi

azure-native.keyvault.Vault

Explore with Pulumi AI

Azure Native v1.103.0 published on Friday, Jun 2, 2023 by Pulumi

pulumi/pulumi-azure-native

Example Usage

Create a new vault or update an existing vault

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var vault = new AzureNative.KeyVault.Vault("vault", new()
    {
        Location = "westus",
        Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
        {
            AccessPolicies = new[]
            {
                new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
                {
                    ObjectId = "00000000-0000-0000-0000-000000000000",
                    Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
                    {
                        Certificates = new[]
                        {
                            "get",
                            "list",
                            "delete",
                            "create",
                            "import",
                            "update",
                            "managecontacts",
                            "getissuers",
                            "listissuers",
                            "setissuers",
                            "deleteissuers",
                            "manageissuers",
                            "recover",
                            "purge",
                        },
                        Keys = new[]
                        {
                            "encrypt",
                            "decrypt",
                            "wrapKey",
                            "unwrapKey",
                            "sign",
                            "verify",
                            "get",
                            "list",
                            "create",
                            "update",
                            "import",
                            "delete",
                            "backup",
                            "restore",
                            "recover",
                            "purge",
                        },
                        Secrets = new[]
                        {
                            "get",
                            "list",
                            "set",
                            "delete",
                            "backup",
                            "restore",
                            "recover",
                            "purge",
                        },
                    },
                    TenantId = "00000000-0000-0000-0000-000000000000",
                },
            },
            EnabledForDeployment = true,
            EnabledForDiskEncryption = true,
            EnabledForTemplateDeployment = true,
            Sku = new AzureNative.KeyVault.Inputs.SkuArgs
            {
                Family = "A",
                Name = AzureNative.KeyVault.SkuName.Standard,
            },
            TenantId = "00000000-0000-0000-0000-000000000000",
        },
        ResourceGroupName = "sample-resource-group",
        VaultName = "sample-vault",
    });

});

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var vault = new Vault("vault", VaultArgs.builder()        
            .location("westus")
            .properties(Map.ofEntries(
                Map.entry("accessPolicies", Map.ofEntries(
                    Map.entry("objectId", "00000000-0000-0000-0000-000000000000"),
                    Map.entry("permissions", Map.ofEntries(
                        Map.entry("certificates",                         
                            "get",
                            "list",
                            "delete",
                            "create",
                            "import",
                            "update",
                            "managecontacts",
                            "getissuers",
                            "listissuers",
                            "setissuers",
                            "deleteissuers",
                            "manageissuers",
                            "recover",
                            "purge"),
                        Map.entry("keys",                         
                            "encrypt",
                            "decrypt",
                            "wrapKey",
                            "unwrapKey",
                            "sign",
                            "verify",
                            "get",
                            "list",
                            "create",
                            "update",
                            "import",
                            "delete",
                            "backup",
                            "restore",
                            "recover",
                            "purge"),
                        Map.entry("secrets",                         
                            "get",
                            "list",
                            "set",
                            "delete",
                            "backup",
                            "restore",
                            "recover",
                            "purge")
                    )),
                    Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                )),
                Map.entry("enabledForDeployment", true),
                Map.entry("enabledForDiskEncryption", true),
                Map.entry("enabledForTemplateDeployment", true),
                Map.entry("sku", Map.ofEntries(
                    Map.entry("family", "A"),
                    Map.entry("name", "standard")
                )),
                Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
            ))
            .resourceGroupName("sample-resource-group")
            .vaultName("sample-vault")
            .build());

    }
}

import pulumi
import pulumi_azure_native as azure_native

vault = azure_native.keyvault.Vault("vault",
    location="westus",
    properties=azure_native.keyvault.VaultPropertiesResponseArgs(
        access_policies=[{
            "objectId": "00000000-0000-0000-0000-000000000000",
            "permissions": azure_native.keyvault.PermissionsArgs(
                certificates=[
                    "get",
                    "list",
                    "delete",
                    "create",
                    "import",
                    "update",
                    "managecontacts",
                    "getissuers",
                    "listissuers",
                    "setissuers",
                    "deleteissuers",
                    "manageissuers",
                    "recover",
                    "purge",
                ],
                keys=[
                    "encrypt",
                    "decrypt",
                    "wrapKey",
                    "unwrapKey",
                    "sign",
                    "verify",
                    "get",
                    "list",
                    "create",
                    "update",
                    "import",
                    "delete",
                    "backup",
                    "restore",
                    "recover",
                    "purge",
                ],
                secrets=[
                    "get",
                    "list",
                    "set",
                    "delete",
                    "backup",
                    "restore",
                    "recover",
                    "purge",
                ],
            ),
            "tenantId": "00000000-0000-0000-0000-000000000000",
        }],
        enabled_for_deployment=True,
        enabled_for_disk_encryption=True,
        enabled_for_template_deployment=True,
        sku=azure_native.keyvault.SkuArgs(
            family="A",
            name=azure_native.keyvault.SkuName.STANDARD,
        ),
        tenant_id="00000000-0000-0000-0000-000000000000",
    ),
    resource_group_name="sample-resource-group",
    vault_name="sample-vault")

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const vault = new azure_native.keyvault.Vault("vault", {
    location: "westus",
    properties: {
        accessPolicies: [{
            objectId: "00000000-0000-0000-0000-000000000000",
            permissions: {
                certificates: [
                    "get",
                    "list",
                    "delete",
                    "create",
                    "import",
                    "update",
                    "managecontacts",
                    "getissuers",
                    "listissuers",
                    "setissuers",
                    "deleteissuers",
                    "manageissuers",
                    "recover",
                    "purge",
                ],
                keys: [
                    "encrypt",
                    "decrypt",
                    "wrapKey",
                    "unwrapKey",
                    "sign",
                    "verify",
                    "get",
                    "list",
                    "create",
                    "update",
                    "import",
                    "delete",
                    "backup",
                    "restore",
                    "recover",
                    "purge",
                ],
                secrets: [
                    "get",
                    "list",
                    "set",
                    "delete",
                    "backup",
                    "restore",
                    "recover",
                    "purge",
                ],
            },
            tenantId: "00000000-0000-0000-0000-000000000000",
        }],
        enabledForDeployment: true,
        enabledForDiskEncryption: true,
        enabledForTemplateDeployment: true,
        sku: {
            family: "A",
            name: azure_native.keyvault.SkuName.Standard,
        },
        tenantId: "00000000-0000-0000-0000-000000000000",
    },
    resourceGroupName: "sample-resource-group",
    vaultName: "sample-vault",
});

resources:
  vault:
    type: azure-native:keyvault:Vault
    properties:
      location: westus
      properties:
        accessPolicies:
          - objectId: 00000000-0000-0000-0000-000000000000
            permissions:
              certificates:
                - get
                - list
                - delete
                - create
                - import
                - update
                - managecontacts
                - getissuers
                - listissuers
                - setissuers
                - deleteissuers
                - manageissuers
                - recover
                - purge
              keys:
                - encrypt
                - decrypt
                - wrapKey
                - unwrapKey
                - sign
                - verify
                - get
                - list
                - create
                - update
                - import
                - delete
                - backup
                - restore
                - recover
                - purge
              secrets:
                - get
                - list
                - set
                - delete
                - backup
                - restore
                - recover
                - purge
            tenantId: 00000000-0000-0000-0000-000000000000
        enabledForDeployment: true
        enabledForDiskEncryption: true
        enabledForTemplateDeployment: true
        sku:
          family: A
          name: standard
        tenantId: 00000000-0000-0000-0000-000000000000
      resourceGroupName: sample-resource-group
      vaultName: sample-vault

Create or update a vault with network acls

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var vault = new AzureNative.KeyVault.Vault("vault", new()
    {
        Location = "westus",
        Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
        {
            EnabledForDeployment = true,
            EnabledForDiskEncryption = true,
            EnabledForTemplateDeployment = true,
            NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
            {
                Bypass = "AzureServices",
                DefaultAction = "Deny",
                IpRules = new[]
                {
                    new AzureNative.KeyVault.Inputs.IPRuleArgs
                    {
                        Value = "124.56.78.91",
                    },
                    new AzureNative.KeyVault.Inputs.IPRuleArgs
                    {
                        Value = "'10.91.4.0/24'",
                    },
                },
                VirtualNetworkRules = new[]
                {
                    new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                    },
                },
            },
            Sku = new AzureNative.KeyVault.Inputs.SkuArgs
            {
                Family = "A",
                Name = AzureNative.KeyVault.SkuName.Standard,
            },
            TenantId = "00000000-0000-0000-0000-000000000000",
        },
        ResourceGroupName = "sample-resource-group",
        VaultName = "sample-vault",
    });

});

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var vault = new Vault("vault", VaultArgs.builder()        
            .location("westus")
            .properties(Map.ofEntries(
                Map.entry("enabledForDeployment", true),
                Map.entry("enabledForDiskEncryption", true),
                Map.entry("enabledForTemplateDeployment", true),
                Map.entry("networkAcls", Map.ofEntries(
                    Map.entry("bypass", "AzureServices"),
                    Map.entry("defaultAction", "Deny"),
                    Map.entry("ipRules",                     
                        Map.of("value", "124.56.78.91"),
                        Map.of("value", "'10.91.4.0/24'")),
                    Map.entry("virtualNetworkRules", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"))
                )),
                Map.entry("sku", Map.ofEntries(
                    Map.entry("family", "A"),
                    Map.entry("name", "standard")
                )),
                Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
            ))
            .resourceGroupName("sample-resource-group")
            .vaultName("sample-vault")
            .build());

    }
}

import pulumi
import pulumi_azure_native as azure_native

vault = azure_native.keyvault.Vault("vault",
    location="westus",
    properties=azure_native.keyvault.VaultPropertiesResponseArgs(
        enabled_for_deployment=True,
        enabled_for_disk_encryption=True,
        enabled_for_template_deployment=True,
        network_acls={
            "bypass": "AzureServices",
            "defaultAction": "Deny",
            "ipRules": [
                azure_native.keyvault.IPRuleArgs(
                    value="124.56.78.91",
                ),
                azure_native.keyvault.IPRuleArgs(
                    value="'10.91.4.0/24'",
                ),
            ],
            "virtualNetworkRules": [azure_native.keyvault.VirtualNetworkRuleArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
            )],
        },
        sku=azure_native.keyvault.SkuArgs(
            family="A",
            name=azure_native.keyvault.SkuName.STANDARD,
        ),
        tenant_id="00000000-0000-0000-0000-000000000000",
    ),
    resource_group_name="sample-resource-group",
    vault_name="sample-vault")

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const vault = new azure_native.keyvault.Vault("vault", {
    location: "westus",
    properties: {
        enabledForDeployment: true,
        enabledForDiskEncryption: true,
        enabledForTemplateDeployment: true,
        networkAcls: {
            bypass: "AzureServices",
            defaultAction: "Deny",
            ipRules: [
                {
                    value: "124.56.78.91",
                },
                {
                    value: "'10.91.4.0/24'",
                },
            ],
            virtualNetworkRules: [{
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
            }],
        },
        sku: {
            family: "A",
            name: azure_native.keyvault.SkuName.Standard,
        },
        tenantId: "00000000-0000-0000-0000-000000000000",
    },
    resourceGroupName: "sample-resource-group",
    vaultName: "sample-vault",
});

resources:
  vault:
    type: azure-native:keyvault:Vault
    properties:
      location: westus
      properties:
        enabledForDeployment: true
        enabledForDiskEncryption: true
        enabledForTemplateDeployment: true
        networkAcls:
          bypass: AzureServices
          defaultAction: Deny
          ipRules:
            - value: 124.56.78.91
            - value: '''10.91.4.0/24'''
          virtualNetworkRules:
            - id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1
        sku:
          family: A
          name: standard
        tenantId: 00000000-0000-0000-0000-000000000000
      resourceGroupName: sample-resource-group
      vaultName: sample-vault

Create Vault Resource

new Vault(name: string, args: VaultArgs, opts?: CustomResourceOptions);

@overload
def Vault(resource_name: str,
          opts: Optional[ResourceOptions] = None,
          location: Optional[str] = None,
          properties: Optional[VaultPropertiesArgs] = None,
          resource_group_name: Optional[str] = None,
          tags: Optional[Mapping[str, str]] = None,
          vault_name: Optional[str] = None)
@overload
def Vault(resource_name: str,
          args: VaultArgs,
          opts: Optional[ResourceOptions] = None)

func NewVault(ctx *Context, name string, args VaultArgs, opts ...ResourceOption) (*Vault, error)

public Vault(string name, VaultArgs args, CustomResourceOptions? opts = null)

public Vault(String name, VaultArgs args)
public Vault(String name, VaultArgs args, CustomResourceOptions options)

type: azure-native:keyvault:Vault
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VaultArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VaultArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VaultArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VaultArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VaultArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Vault Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Vault resource accepts the following input properties:

Properties Pulumi.AzureNative.KeyVault.Inputs.VaultPropertiesArgs: Properties of the vault
ResourceGroupName string: The name of the Resource Group to which the server belongs.
Location string: The supported Azure location where the key vault should be created.
Tags Dictionary<string, string>: The tags that will be assigned to the key vault.
VaultName string: Name of the vault

Properties VaultPropertiesArgs: Properties of the vault
ResourceGroupName string: The name of the Resource Group to which the server belongs.
Location string: The supported Azure location where the key vault should be created.
Tags map[string]string: The tags that will be assigned to the key vault.
VaultName string: Name of the vault

properties VaultPropertiesArgs: Properties of the vault
resourceGroupName String: The name of the Resource Group to which the server belongs.
location String: The supported Azure location where the key vault should be created.
tags Map<String,String>: The tags that will be assigned to the key vault.
vaultName String: Name of the vault

properties VaultPropertiesArgs: Properties of the vault
resourceGroupName string: The name of the Resource Group to which the server belongs.
location string: The supported Azure location where the key vault should be created.
tags {[key: string]: string}: The tags that will be assigned to the key vault.
vaultName string: Name of the vault

properties VaultPropertiesArgs: Properties of the vault
resource_group_name str: The name of the Resource Group to which the server belongs.
location str: The supported Azure location where the key vault should be created.
tags Mapping[str, str]: The tags that will be assigned to the key vault.
vault_name str: Name of the vault

properties Property Map: Properties of the vault
resourceGroupName String: The name of the Resource Group to which the server belongs.
location String: The supported Azure location where the key vault should be created.
tags Map<String>: The tags that will be assigned to the key vault.
vaultName String: Name of the vault

Outputs

All input properties are implicitly available as output properties. Additionally, the Vault resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: Name of the key vault resource.
Type string: Resource type of the key vault resource.

Id string: The provider-assigned unique ID for this managed resource.
Name string: Name of the key vault resource.
Type string: Resource type of the key vault resource.

id String: The provider-assigned unique ID for this managed resource.
name String: Name of the key vault resource.
type String: Resource type of the key vault resource.

id string: The provider-assigned unique ID for this managed resource.
name string: Name of the key vault resource.
type string: Resource type of the key vault resource.

id str: The provider-assigned unique ID for this managed resource.
name str: Name of the key vault resource.
type str: Resource type of the key vault resource.

id String: The provider-assigned unique ID for this managed resource.
name String: Name of the key vault resource.
type String: Resource type of the key vault resource.

Supporting Types

AccessPolicyEntry

ObjectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
Permissions Pulumi.AzureNative.KeyVault.Inputs.Permissions: Permissions the identity has for keys, secrets and certificates.
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
ApplicationId string: Application ID of the client making request on behalf of a principal

ObjectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
Permissions Permissions: Permissions the identity has for keys, secrets and certificates.
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
ApplicationId string: Application ID of the client making request on behalf of a principal

objectId String: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions Permissions: Permissions the identity has for keys, secrets and certificates.
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId String: Application ID of the client making request on behalf of a principal

objectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions Permissions: Permissions the identity has for keys, secrets and certificates.
tenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId string: Application ID of the client making request on behalf of a principal

object_id str: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions Permissions: Permissions the identity has for keys, secrets and certificates.
tenant_id str: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
application_id str: Application ID of the client making request on behalf of a principal

objectId String: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions Property Map: Permissions the identity has for keys, secrets and certificates.
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId String: Application ID of the client making request on behalf of a principal

AccessPolicyEntryResponse

ObjectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
Permissions Pulumi.AzureNative.KeyVault.Inputs.PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
ApplicationId string: Application ID of the client making request on behalf of a principal

ObjectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
Permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
ApplicationId string: Application ID of the client making request on behalf of a principal

objectId String: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId String: Application ID of the client making request on behalf of a principal

objectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
tenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId string: Application ID of the client making request on behalf of a principal

object_id str: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
tenant_id str: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
application_id str: Application ID of the client making request on behalf of a principal

objectId String: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions Property Map: Permissions the identity has for keys, secrets and certificates.
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId String: Application ID of the client making request on behalf of a principal

CertificatePermissions

All: all
@Get: get
List: list
Delete: delete
Create: create
Import: import
Update: update
Managecontacts: managecontacts
Getissuers: getissuers
Listissuers: listissuers
Setissuers: setissuers
Deleteissuers: deleteissuers
Manageissuers: manageissuers
Recover: recover
Purge: purge
Backup: backup
Restore: restore

CertificatePermissionsAll: all
CertificatePermissionsGet: get
CertificatePermissionsList: list
CertificatePermissionsDelete: delete
CertificatePermissionsCreate: create
CertificatePermissionsImport: import
CertificatePermissionsUpdate: update
CertificatePermissionsManagecontacts: managecontacts
CertificatePermissionsGetissuers: getissuers
CertificatePermissionsListissuers: listissuers
CertificatePermissionsSetissuers: setissuers
CertificatePermissionsDeleteissuers: deleteissuers
CertificatePermissionsManageissuers: manageissuers
CertificatePermissionsRecover: recover
CertificatePermissionsPurge: purge
CertificatePermissionsBackup: backup
CertificatePermissionsRestore: restore

All: all
Get: get
List: list
Delete: delete
Create: create
Import_: import
Update: update
Managecontacts: managecontacts
Getissuers: getissuers
Listissuers: listissuers
Setissuers: setissuers
Deleteissuers: deleteissuers
Manageissuers: manageissuers
Recover: recover
Purge: purge
Backup: backup
Restore: restore

All: all
Get: get
List: list
Delete: delete
Create: create
Import: import
Update: update
Managecontacts: managecontacts
Getissuers: getissuers
Listissuers: listissuers
Setissuers: setissuers
Deleteissuers: deleteissuers
Manageissuers: manageissuers
Recover: recover
Purge: purge
Backup: backup
Restore: restore

ALL: all
GET: get
LIST: list
DELETE: delete
CREATE: create
IMPORT_: import
UPDATE: update
MANAGECONTACTS: managecontacts
GETISSUERS: getissuers
LISTISSUERS: listissuers
SETISSUERS: setissuers
DELETEISSUERS: deleteissuers
MANAGEISSUERS: manageissuers
RECOVER: recover
PURGE: purge
BACKUP: backup
RESTORE: restore

"all": all
"get": get
"list": list
"delete": delete
"create": create
"import": import
"update": update
"managecontacts": managecontacts
"getissuers": getissuers
"listissuers": listissuers
"setissuers": setissuers
"deleteissuers": deleteissuers
"manageissuers": manageissuers
"recover": recover
"purge": purge
"backup": backup
"restore": restore

CreateMode

Recover: recover
@Default: default

CreateModeRecover: recover
CreateModeDefault: default

Recover: recover
Default_: default

Recover: recover
Default: default

RECOVER: recover
DEFAULT: default

"recover": recover
"default": default

IPRule

Value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

Value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value String: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value str: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value String: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

IPRuleResponse

Value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

Value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value String: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value str: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value String: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

KeyPermissions

All: all
Encrypt: encrypt
Decrypt: decrypt
WrapKey: wrapKey
UnwrapKey: unwrapKey
Sign: sign
Verify: verify
@Get: get
List: list
Create: create
Update: update
Import: import
Delete: delete
Backup: backup
Restore: restore
Recover: recover
Purge: purge

KeyPermissionsAll: all
KeyPermissionsEncrypt: encrypt
KeyPermissionsDecrypt: decrypt
KeyPermissionsWrapKey: wrapKey
KeyPermissionsUnwrapKey: unwrapKey
KeyPermissionsSign: sign
KeyPermissionsVerify: verify
KeyPermissionsGet: get
KeyPermissionsList: list
KeyPermissionsCreate: create
KeyPermissionsUpdate: update
KeyPermissionsImport: import
KeyPermissionsDelete: delete
KeyPermissionsBackup: backup
KeyPermissionsRestore: restore
KeyPermissionsRecover: recover
KeyPermissionsPurge: purge

All: all
Encrypt: encrypt
Decrypt: decrypt
WrapKey: wrapKey
UnwrapKey: unwrapKey
Sign: sign
Verify: verify
Get: get
List: list
Create: create
Update: update
Import_: import
Delete: delete
Backup: backup
Restore: restore
Recover: recover
Purge: purge

All: all
Encrypt: encrypt
Decrypt: decrypt
WrapKey: wrapKey
UnwrapKey: unwrapKey
Sign: sign
Verify: verify
Get: get
List: list
Create: create
Update: update
Import: import
Delete: delete
Backup: backup
Restore: restore
Recover: recover
Purge: purge

ALL: all
ENCRYPT: encrypt
DECRYPT: decrypt
WRAP_KEY: wrapKey
UNWRAP_KEY: unwrapKey
SIGN: sign
VERIFY: verify
GET: get
LIST: list
CREATE: create
UPDATE: update
IMPORT_: import
DELETE: delete
BACKUP: backup
RESTORE: restore
RECOVER: recover
PURGE: purge

"all": all
"encrypt": encrypt
"decrypt": decrypt
"wrapKey": wrapKey
"unwrapKey": unwrapKey
"sign": sign
"verify": verify
"get": get
"list": list
"create": create
"update": update
"import": import
"delete": delete
"backup": backup
"restore": restore
"recover": recover
"purge": purge

NetworkRuleAction

Allow: Allow
Deny: Deny

NetworkRuleActionAllow: Allow
NetworkRuleActionDeny: Deny

Allow: Allow
Deny: Deny

Allow: Allow
Deny: Deny

ALLOW: Allow
DENY: Deny

"Allow": Allow
"Deny": Deny

NetworkRuleBypassOptions

AzureServices: AzureServices
None: None

NetworkRuleBypassOptionsAzureServices: AzureServices
NetworkRuleBypassOptionsNone: None

AzureServices: AzureServices
None: None

AzureServices: AzureServices
None: None

AZURE_SERVICES: AzureServices
NONE: None

"AzureServices": AzureServices
"None": None

NetworkRuleSet

Bypass string | Pulumi.AzureNative.KeyVault.NetworkRuleBypassOptions: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
DefaultAction string | Pulumi.AzureNative.KeyVault.NetworkRuleAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRule>: The list of IP address rules.
VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRule>: The list of virtual network rules.

Bypass string | NetworkRuleBypassOptions: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
DefaultAction string | NetworkRuleAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
IpRules []IPRule: The list of IP address rules.
VirtualNetworkRules []VirtualNetworkRule: The list of virtual network rules.

bypass String | NetworkRuleBypassOptions: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction String | NetworkRuleAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules List<IPRule>: The list of IP address rules.
virtualNetworkRules List<VirtualNetworkRule>: The list of virtual network rules.

bypass string | NetworkRuleBypassOptions: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction string | NetworkRuleAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules IPRule[]: The list of IP address rules.
virtualNetworkRules VirtualNetworkRule[]: The list of virtual network rules.

bypass str | NetworkRuleBypassOptions: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
default_action str | NetworkRuleAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ip_rules Sequence[IPRule]: The list of IP address rules.
virtual_network_rules Sequence[VirtualNetworkRule]: The list of virtual network rules.

bypass String | "AzureServices" | "None": Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction String | "Allow" | "Deny": The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules List<Property Map>: The list of IP address rules.
virtualNetworkRules List<Property Map>: The list of virtual network rules.

NetworkRuleSetResponse

Bypass string: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
DefaultAction string: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRuleResponse>: The list of IP address rules.
VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRuleResponse>: The list of virtual network rules.

Bypass string: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
DefaultAction string: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
IpRules []IPRuleResponse: The list of IP address rules.
VirtualNetworkRules []VirtualNetworkRuleResponse: The list of virtual network rules.

bypass String: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction String: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules List<IPRuleResponse>: The list of IP address rules.
virtualNetworkRules List<VirtualNetworkRuleResponse>: The list of virtual network rules.

bypass string: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction string: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules IPRuleResponse[]: The list of IP address rules.
virtualNetworkRules VirtualNetworkRuleResponse[]: The list of virtual network rules.

bypass str: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
default_action str: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ip_rules Sequence[IPRuleResponse]: The list of IP address rules.
virtual_network_rules Sequence[VirtualNetworkRuleResponse]: The list of virtual network rules.

bypass String: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction String: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules List<Property Map>: The list of IP address rules.
virtualNetworkRules List<Property Map>: The list of virtual network rules.

Permissions

Certificates List<Union<string, Pulumi.AzureNative.KeyVault.CertificatePermissions>>: Permissions to certificates
Keys List<Union<string, Pulumi.AzureNative.KeyVault.KeyPermissions>>: Permissions to keys
Secrets List<Union<string, Pulumi.AzureNative.KeyVault.SecretPermissions>>: Permissions to secrets
Storage List<Union<string, Pulumi.AzureNative.KeyVault.StoragePermissions>>: Permissions to storage accounts

Certificates []string: Permissions to certificates
Keys []string: Permissions to keys
Secrets []string: Permissions to secrets
Storage []string: Permissions to storage accounts

certificates List<Either<String,CertificatePermissions>>: Permissions to certificates
keys List<Either<String,KeyPermissions>>: Permissions to keys
secrets List<Either<String,SecretPermissions>>: Permissions to secrets
storage List<Either<String,StoragePermissions>>: Permissions to storage accounts

certificates (string | CertificatePermissions)[]: Permissions to certificates
keys (string | KeyPermissions)[]: Permissions to keys
secrets (string | SecretPermissions)[]: Permissions to secrets
storage (string | StoragePermissions)[]: Permissions to storage accounts

certificates Sequence[Union[str, CertificatePermissions]]: Permissions to certificates
keys Sequence[Union[str, KeyPermissions]]: Permissions to keys
secrets Sequence[Union[str, SecretPermissions]]: Permissions to secrets
storage Sequence[Union[str, StoragePermissions]]: Permissions to storage accounts

certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">: Permissions to certificates
keys List<String | "all" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge">: Permissions to keys
secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">: Permissions to secrets
storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">: Permissions to storage accounts

PermissionsResponse

Certificates List<string>: Permissions to certificates
Keys List<string>: Permissions to keys
Secrets List<string>: Permissions to secrets
Storage List<string>: Permissions to storage accounts

Certificates []string: Permissions to certificates
Keys []string: Permissions to keys
Secrets []string: Permissions to secrets
Storage []string: Permissions to storage accounts

certificates List<String>: Permissions to certificates
keys List<String>: Permissions to keys
secrets List<String>: Permissions to secrets
storage List<String>: Permissions to storage accounts

certificates string[]: Permissions to certificates
keys string[]: Permissions to keys
secrets string[]: Permissions to secrets
storage string[]: Permissions to storage accounts

certificates Sequence[str]: Permissions to certificates
keys Sequence[str]: Permissions to keys
secrets Sequence[str]: Permissions to secrets
storage Sequence[str]: Permissions to storage accounts

certificates List<String>: Permissions to certificates
keys List<String>: Permissions to keys
secrets List<String>: Permissions to secrets
storage List<String>: Permissions to storage accounts

PrivateEndpointConnectionItemResponse

ProvisioningState string: Provisioning state of the private endpoint connection.
Etag string: Modified whenever there is a change in the state of private endpoint connection.
Id string: Id of private endpoint connection.
PrivateEndpoint Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointResponse: Properties of the private endpoint object.
PrivateLinkServiceConnectionState Pulumi.AzureNative.KeyVault.Inputs.PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

ProvisioningState string: Provisioning state of the private endpoint connection.
Etag string: Modified whenever there is a change in the state of private endpoint connection.
Id string: Id of private endpoint connection.
PrivateEndpoint PrivateEndpointResponse: Properties of the private endpoint object.
PrivateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioningState String: Provisioning state of the private endpoint connection.
etag String: Modified whenever there is a change in the state of private endpoint connection.
id String: Id of private endpoint connection.
privateEndpoint PrivateEndpointResponse: Properties of the private endpoint object.
privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioningState string: Provisioning state of the private endpoint connection.
etag string: Modified whenever there is a change in the state of private endpoint connection.
id string: Id of private endpoint connection.
privateEndpoint PrivateEndpointResponse: Properties of the private endpoint object.
privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioning_state str: Provisioning state of the private endpoint connection.
etag str: Modified whenever there is a change in the state of private endpoint connection.
id str: Id of private endpoint connection.
private_endpoint PrivateEndpointResponse: Properties of the private endpoint object.
private_link_service_connection_state PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioningState String: Provisioning state of the private endpoint connection.
etag String: Modified whenever there is a change in the state of private endpoint connection.
id String: Id of private endpoint connection.
privateEndpoint Property Map: Properties of the private endpoint object.
privateLinkServiceConnectionState Property Map: Approval state of the private link connection.

PrivateEndpointResponse

Id string: Full identifier of the private endpoint resource.

Id string: Full identifier of the private endpoint resource.

id String: Full identifier of the private endpoint resource.

id string: Full identifier of the private endpoint resource.

id str: Full identifier of the private endpoint resource.

id String: Full identifier of the private endpoint resource.

PrivateLinkServiceConnectionStateResponse

ActionsRequired string: A message indicating if changes on the service provider require any updates on the consumer.
Description string: The reason for approval or rejection.
Status string: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

ActionsRequired string: A message indicating if changes on the service provider require any updates on the consumer.
Description string: The reason for approval or rejection.
Status string: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actionsRequired String: A message indicating if changes on the service provider require any updates on the consumer.
description String: The reason for approval or rejection.
status String: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actionsRequired string: A message indicating if changes on the service provider require any updates on the consumer.
description string: The reason for approval or rejection.
status string: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actions_required str: A message indicating if changes on the service provider require any updates on the consumer.
description str: The reason for approval or rejection.
status str: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actionsRequired String: A message indicating if changes on the service provider require any updates on the consumer.
description String: The reason for approval or rejection.
status String: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

SecretPermissions

All: all
@Get: get
List: list
@Set: set
Delete: delete
Backup: backup
Restore: restore
Recover: recover
Purge: purge

SecretPermissionsAll: all
SecretPermissionsGet: get
SecretPermissionsList: list
SecretPermissionsSet: set
SecretPermissionsDelete: delete
SecretPermissionsBackup: backup
SecretPermissionsRestore: restore
SecretPermissionsRecover: recover
SecretPermissionsPurge: purge

All: all
Get: get
List: list
Set: set
Delete: delete
Backup: backup
Restore: restore
Recover: recover
Purge: purge

All: all
Get: get
List: list
Set: set
Delete: delete
Backup: backup
Restore: restore
Recover: recover
Purge: purge

ALL: all
GET: get
LIST: list
SET: set
DELETE: delete
BACKUP: backup
RESTORE: restore
RECOVER: recover
PURGE: purge

"all": all
"get": get
"list": list
"set": set
"delete": delete
"backup": backup
"restore": restore
"recover": recover
"purge": purge

Sku

Family string | Pulumi.AzureNative.KeyVault.SkuFamily: SKU family name
Name Pulumi.AzureNative.KeyVault.SkuName: SKU name to specify whether the key vault is a standard vault or a premium vault.

Family string | SkuFamily: SKU family name
Name SkuName: SKU name to specify whether the key vault is a standard vault or a premium vault.

family String | SkuFamily: SKU family name
name SkuName: SKU name to specify whether the key vault is a standard vault or a premium vault.

family string | SkuFamily: SKU family name
name SkuName: SKU name to specify whether the key vault is a standard vault or a premium vault.

family str | SkuFamily: SKU family name
name SkuName: SKU name to specify whether the key vault is a standard vault or a premium vault.

family String | "A": SKU family name
name "standard" | "premium": SKU name to specify whether the key vault is a standard vault or a premium vault.

SkuFamily

A: A

SkuFamilyA: A

A: A

A: A

A: A

"A": A

SkuName

Standard: standard
Premium: premium

SkuNameStandard: standard
SkuNamePremium: premium

Standard: standard
Premium: premium

Standard: standard
Premium: premium

STANDARD: standard
PREMIUM: premium

"standard": standard
"premium": premium

SkuResponse

Family string: SKU family name
Name string: SKU name to specify whether the key vault is a standard vault or a premium vault.

Family string: SKU family name
Name string: SKU name to specify whether the key vault is a standard vault or a premium vault.

family String: SKU family name
name String: SKU name to specify whether the key vault is a standard vault or a premium vault.

family string: SKU family name
name string: SKU name to specify whether the key vault is a standard vault or a premium vault.

family str: SKU family name
name str: SKU name to specify whether the key vault is a standard vault or a premium vault.

family String: SKU family name
name String: SKU name to specify whether the key vault is a standard vault or a premium vault.

StoragePermissions

All: all
@Get: get
List: list
Delete: delete
@Set: set
Update: update
Regeneratekey: regeneratekey
Recover: recover
Purge: purge
Backup: backup
Restore: restore
Setsas: setsas
Listsas: listsas
Getsas: getsas
Deletesas: deletesas

StoragePermissionsAll: all
StoragePermissionsGet: get
StoragePermissionsList: list
StoragePermissionsDelete: delete
StoragePermissionsSet: set
StoragePermissionsUpdate: update
StoragePermissionsRegeneratekey: regeneratekey
StoragePermissionsRecover: recover
StoragePermissionsPurge: purge
StoragePermissionsBackup: backup
StoragePermissionsRestore: restore
StoragePermissionsSetsas: setsas
StoragePermissionsListsas: listsas
StoragePermissionsGetsas: getsas
StoragePermissionsDeletesas: deletesas

All: all
Get: get
List: list
Delete: delete
Set: set
Update: update
Regeneratekey: regeneratekey
Recover: recover
Purge: purge
Backup: backup
Restore: restore
Setsas: setsas
Listsas: listsas
Getsas: getsas
Deletesas: deletesas

All: all
Get: get
List: list
Delete: delete
Set: set
Update: update
Regeneratekey: regeneratekey
Recover: recover
Purge: purge
Backup: backup
Restore: restore
Setsas: setsas
Listsas: listsas
Getsas: getsas
Deletesas: deletesas

ALL: all
GET: get
LIST: list
DELETE: delete
SET: set
UPDATE: update
REGENERATEKEY: regeneratekey
RECOVER: recover
PURGE: purge
BACKUP: backup
RESTORE: restore
SETSAS: setsas
LISTSAS: listsas
GETSAS: getsas
DELETESAS: deletesas

"all": all
"get": get
"list": list
"delete": delete
"set": set
"update": update
"regeneratekey": regeneratekey
"recover": recover
"purge": purge
"backup": backup
"restore": restore
"setsas": setsas
"listsas": listsas
"getsas": getsas
"deletesas": deletesas

VaultProperties

Sku Pulumi.AzureNative.KeyVault.Inputs.Sku: SKU details
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntry>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
CreateMode Pulumi.AzureNative.KeyVault.CreateMode: The vault's create mode to indicate whether the vault need to be recovered or not.
EnablePurgeProtection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
EnableRbacAuthorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
EnableSoftDelete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
EnabledForDeployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
EnabledForDiskEncryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
EnabledForTemplateDeployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSet: Rules governing the accessibility of the key vault from specific network locations.
ProvisioningState string | Pulumi.AzureNative.KeyVault.VaultProvisioningState: Provisioning state of the vault.
SoftDeleteRetentionInDays int: softDelete data retention days. It accepts >=7 and <=90.
VaultUri string: The URI of the vault for performing operations on keys and secrets. This property is readonly

Sku Sku: SKU details
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AccessPolicies []AccessPolicyEntry: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
CreateMode CreateMode: The vault's create mode to indicate whether the vault need to be recovered or not.
EnablePurgeProtection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
EnableRbacAuthorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
EnableSoftDelete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
EnabledForDeployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
EnabledForDiskEncryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
EnabledForTemplateDeployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
NetworkAcls NetworkRuleSet: Rules governing the accessibility of the key vault from specific network locations.
ProvisioningState string | VaultProvisioningState: Provisioning state of the vault.
SoftDeleteRetentionInDays int: softDelete data retention days. It accepts >=7 and <=90.
VaultUri string: The URI of the vault for performing operations on keys and secrets. This property is readonly

sku Sku: SKU details
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
accessPolicies List<AccessPolicyEntry>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
createMode CreateMode: The vault's create mode to indicate whether the vault need to be recovered or not.
enablePurgeProtection Boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization Boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete Boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment Boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls NetworkRuleSet: Rules governing the accessibility of the key vault from specific network locations.
provisioningState String | VaultProvisioningState: Provisioning state of the vault.
softDeleteRetentionInDays Integer: softDelete data retention days. It accepts >=7 and <=90.
vaultUri String: The URI of the vault for performing operations on keys and secrets. This property is readonly

sku Sku: SKU details
tenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
accessPolicies AccessPolicyEntry[]: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
createMode CreateMode: The vault's create mode to indicate whether the vault need to be recovered or not.
enablePurgeProtection boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls NetworkRuleSet: Rules governing the accessibility of the key vault from specific network locations.
provisioningState string | VaultProvisioningState: Provisioning state of the vault.
softDeleteRetentionInDays number: softDelete data retention days. It accepts >=7 and <=90.
vaultUri string: The URI of the vault for performing operations on keys and secrets. This property is readonly

sku Sku: SKU details
tenant_id str: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
access_policies Sequence[AccessPolicyEntry]: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
create_mode CreateMode: The vault's create mode to indicate whether the vault need to be recovered or not.
enable_purge_protection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enable_rbac_authorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enable_soft_delete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabled_for_deployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabled_for_disk_encryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabled_for_template_deployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
network_acls NetworkRuleSet: Rules governing the accessibility of the key vault from specific network locations.
provisioning_state str | VaultProvisioningState: Provisioning state of the vault.
soft_delete_retention_in_days int: softDelete data retention days. It accepts >=7 and <=90.
vault_uri str: The URI of the vault for performing operations on keys and secrets. This property is readonly

sku Property Map: SKU details
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
accessPolicies List<Property Map>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
createMode "recover" | "default": The vault's create mode to indicate whether the vault need to be recovered or not.
enablePurgeProtection Boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization Boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete Boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment Boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls Property Map: Rules governing the accessibility of the key vault from specific network locations.
provisioningState String | "Succeeded" | "RegisteringDns": Provisioning state of the vault.
softDeleteRetentionInDays Number: softDelete data retention days. It accepts >=7 and <=90.
vaultUri String: The URI of the vault for performing operations on keys and secrets. This property is readonly

VaultPropertiesResponse

HsmPoolResourceId string: The resource id of HSM Pool.
PrivateEndpointConnections List<Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointConnectionItemResponse>: List of private endpoint connections associated with the key vault.
Sku Pulumi.AzureNative.KeyVault.Inputs.SkuResponse: SKU details
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntryResponse>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
EnablePurgeProtection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
EnableRbacAuthorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
EnableSoftDelete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
EnabledForDeployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
EnabledForDiskEncryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
EnabledForTemplateDeployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
ProvisioningState string: Provisioning state of the vault.
SoftDeleteRetentionInDays int: softDelete data retention days. It accepts >=7 and <=90.
VaultUri string: The URI of the vault for performing operations on keys and secrets. This property is readonly

HsmPoolResourceId string: The resource id of HSM Pool.
PrivateEndpointConnections []PrivateEndpointConnectionItemResponse: List of private endpoint connections associated with the key vault.
Sku SkuResponse: SKU details
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AccessPolicies []AccessPolicyEntryResponse: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
EnablePurgeProtection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
EnableRbacAuthorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
EnableSoftDelete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
EnabledForDeployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
EnabledForDiskEncryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
EnabledForTemplateDeployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
NetworkAcls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
ProvisioningState string: Provisioning state of the vault.
SoftDeleteRetentionInDays int: softDelete data retention days. It accepts >=7 and <=90.
VaultUri string: The URI of the vault for performing operations on keys and secrets. This property is readonly

hsmPoolResourceId String: The resource id of HSM Pool.
privateEndpointConnections List<PrivateEndpointConnectionItemResponse>: List of private endpoint connections associated with the key vault.
sku SkuResponse: SKU details
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
accessPolicies List<AccessPolicyEntryResponse>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
enablePurgeProtection Boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization Boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete Boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment Boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
provisioningState String: Provisioning state of the vault.
softDeleteRetentionInDays Integer: softDelete data retention days. It accepts >=7 and <=90.
vaultUri String: The URI of the vault for performing operations on keys and secrets. This property is readonly

hsmPoolResourceId string: The resource id of HSM Pool.
privateEndpointConnections PrivateEndpointConnectionItemResponse[]: List of private endpoint connections associated with the key vault.
sku SkuResponse: SKU details
tenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
accessPolicies AccessPolicyEntryResponse[]: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
enablePurgeProtection boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
provisioningState string: Provisioning state of the vault.
softDeleteRetentionInDays number: softDelete data retention days. It accepts >=7 and <=90.
vaultUri string: The URI of the vault for performing operations on keys and secrets. This property is readonly

hsm_pool_resource_id str: The resource id of HSM Pool.
private_endpoint_connections Sequence[PrivateEndpointConnectionItemResponse]: List of private endpoint connections associated with the key vault.
sku SkuResponse: SKU details
tenant_id str: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
access_policies Sequence[AccessPolicyEntryResponse]: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
enable_purge_protection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enable_rbac_authorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enable_soft_delete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabled_for_deployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabled_for_disk_encryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabled_for_template_deployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
network_acls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
provisioning_state str: Provisioning state of the vault.
soft_delete_retention_in_days int: softDelete data retention days. It accepts >=7 and <=90.
vault_uri str: The URI of the vault for performing operations on keys and secrets. This property is readonly

hsmPoolResourceId String: The resource id of HSM Pool.
privateEndpointConnections List<Property Map>: List of private endpoint connections associated with the key vault.
sku Property Map: SKU details
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
accessPolicies List<Property Map>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required.
enablePurgeProtection Boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization Boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete Boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment Boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls Property Map: Rules governing the accessibility of the key vault from specific network locations.
provisioningState String: Provisioning state of the vault.
softDeleteRetentionInDays Number: softDelete data retention days. It accepts >=7 and <=90.
vaultUri String: The URI of the vault for performing operations on keys and secrets. This property is readonly

VaultProvisioningState

Succeeded: Succeeded
RegisteringDns: RegisteringDns

VaultProvisioningStateSucceeded: Succeeded
VaultProvisioningStateRegisteringDns: RegisteringDns

Succeeded: Succeeded
RegisteringDns: RegisteringDns

Succeeded: Succeeded
RegisteringDns: RegisteringDns

SUCCEEDED: Succeeded
REGISTERING_DNS: RegisteringDns

"Succeeded": Succeeded
"RegisteringDns": RegisteringDns

VirtualNetworkRule

Id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
IgnoreMissingVnetServiceEndpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

Id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
IgnoreMissingVnetServiceEndpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id String: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint Boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id str: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignore_missing_vnet_service_endpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id String: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint Boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

VirtualNetworkRuleResponse

Id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
IgnoreMissingVnetServiceEndpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

Id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
IgnoreMissingVnetServiceEndpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id String: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint Boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id str: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignore_missing_vnet_service_endpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id String: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint Boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:keyvault:Vault sample-vault /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vault

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

Azure Native v1.103.0 published on Friday, Jun 2, 2023 by Pulumi

pulumi/pulumi-azure-native

azure-native.keyvault.Vault

On this page

On this page

Example Usage

Create a new vault or update an existing vault

Create or update a vault with network acls

Create Vault Resource

Vault Resource Properties

Inputs

Outputs

Supporting Types

AccessPolicyEntry

AccessPolicyEntryResponse

CertificatePermissions

CreateMode

IPRule

IPRuleResponse

KeyPermissions

NetworkRuleAction

NetworkRuleBypassOptions

NetworkRuleSet

NetworkRuleSetResponse

Permissions

PermissionsResponse

PrivateEndpointConnectionItemResponse

PrivateEndpointResponse

PrivateLinkServiceConnectionStateResponse

SecretPermissions

Sku

SkuFamily

SkuName

SkuResponse

StoragePermissions

VaultProperties

VaultPropertiesResponse

VaultProvisioningState

VirtualNetworkRule

VirtualNetworkRuleResponse

Import

Package Details

On this page

On this page