1. Packages
  2. Azure Native
  3. API Docs
  4. keyvault
  5. Vault
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi

azure-native.keyvault.Vault

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi

    Resource information with extended details. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-09-01.

    Other available API versions: 2018-02-14-preview, 2023-07-01.

    Example Usage

    Create a new vault or update an existing vault

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var vault = new AzureNative.KeyVault.Vault("vault", new()
        {
            Location = "westus",
            Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
            {
                AccessPolicies = new[]
                {
                    new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
                    {
                        ObjectId = "00000000-0000-0000-0000-000000000000",
                        Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
                        {
                            Certificates = new[]
                            {
                                "get",
                                "list",
                                "delete",
                                "create",
                                "import",
                                "update",
                                "managecontacts",
                                "getissuers",
                                "listissuers",
                                "setissuers",
                                "deleteissuers",
                                "manageissuers",
                                "recover",
                                "purge",
                            },
                            Keys = new[]
                            {
                                "encrypt",
                                "decrypt",
                                "wrapKey",
                                "unwrapKey",
                                "sign",
                                "verify",
                                "get",
                                "list",
                                "create",
                                "update",
                                "import",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge",
                            },
                            Secrets = new[]
                            {
                                "get",
                                "list",
                                "set",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge",
                            },
                        },
                        TenantId = "00000000-0000-0000-0000-000000000000",
                    },
                },
                EnabledForDeployment = true,
                EnabledForDiskEncryption = true,
                EnabledForTemplateDeployment = true,
                PublicNetworkAccess = "Enabled",
                Sku = new AzureNative.KeyVault.Inputs.SkuArgs
                {
                    Family = "A",
                    Name = AzureNative.KeyVault.SkuName.Standard,
                },
                TenantId = "00000000-0000-0000-0000-000000000000",
            },
            ResourceGroupName = "sample-resource-group",
            VaultName = "sample-vault",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/keyvault/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    _, err := keyvault.NewVault(ctx, "vault", &keyvault.VaultArgs{
    Location: pulumi.String("westus"),
    Properties: keyvault.VaultPropertiesResponse{
    AccessPolicies: keyvault.AccessPolicyEntryArray{
    interface{}{
    ObjectId: pulumi.String("00000000-0000-0000-0000-000000000000"),
    Permissions: &keyvault.PermissionsArgs{
    Certificates: pulumi.StringArray{
    pulumi.String("get"),
    pulumi.String("list"),
    pulumi.String("delete"),
    pulumi.String("create"),
    pulumi.String("import"),
    pulumi.String("update"),
    pulumi.String("managecontacts"),
    pulumi.String("getissuers"),
    pulumi.String("listissuers"),
    pulumi.String("setissuers"),
    pulumi.String("deleteissuers"),
    pulumi.String("manageissuers"),
    pulumi.String("recover"),
    pulumi.String("purge"),
    },
    Keys: pulumi.StringArray{
    pulumi.String("encrypt"),
    pulumi.String("decrypt"),
    pulumi.String("wrapKey"),
    pulumi.String("unwrapKey"),
    pulumi.String("sign"),
    pulumi.String("verify"),
    pulumi.String("get"),
    pulumi.String("list"),
    pulumi.String("create"),
    pulumi.String("update"),
    pulumi.String("import"),
    pulumi.String("delete"),
    pulumi.String("backup"),
    pulumi.String("restore"),
    pulumi.String("recover"),
    pulumi.String("purge"),
    },
    Secrets: pulumi.StringArray{
    pulumi.String("get"),
    pulumi.String("list"),
    pulumi.String("set"),
    pulumi.String("delete"),
    pulumi.String("backup"),
    pulumi.String("restore"),
    pulumi.String("recover"),
    pulumi.String("purge"),
    },
    },
    TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
    },
    },
    EnabledForDeployment: pulumi.Bool(true),
    EnabledForDiskEncryption: pulumi.Bool(true),
    EnabledForTemplateDeployment: pulumi.Bool(true),
    PublicNetworkAccess: pulumi.String("Enabled"),
    Sku: &keyvault.SkuArgs{
    Family: pulumi.String("A"),
    Name: keyvault.SkuNameStandard,
    },
    TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
    },
    ResourceGroupName: pulumi.String("sample-resource-group"),
    VaultName: pulumi.String("sample-vault"),
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.keyvault.Vault;
    import com.pulumi.azurenative.keyvault.VaultArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var vault = new Vault("vault", VaultArgs.builder()        
                .location("westus")
                .properties(Map.ofEntries(
                    Map.entry("accessPolicies", Map.ofEntries(
                        Map.entry("objectId", "00000000-0000-0000-0000-000000000000"),
                        Map.entry("permissions", Map.ofEntries(
                            Map.entry("certificates",                         
                                "get",
                                "list",
                                "delete",
                                "create",
                                "import",
                                "update",
                                "managecontacts",
                                "getissuers",
                                "listissuers",
                                "setissuers",
                                "deleteissuers",
                                "manageissuers",
                                "recover",
                                "purge"),
                            Map.entry("keys",                         
                                "encrypt",
                                "decrypt",
                                "wrapKey",
                                "unwrapKey",
                                "sign",
                                "verify",
                                "get",
                                "list",
                                "create",
                                "update",
                                "import",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge"),
                            Map.entry("secrets",                         
                                "get",
                                "list",
                                "set",
                                "delete",
                                "backup",
                                "restore",
                                "recover",
                                "purge")
                        )),
                        Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                    )),
                    Map.entry("enabledForDeployment", true),
                    Map.entry("enabledForDiskEncryption", true),
                    Map.entry("enabledForTemplateDeployment", true),
                    Map.entry("publicNetworkAccess", "Enabled"),
                    Map.entry("sku", Map.ofEntries(
                        Map.entry("family", "A"),
                        Map.entry("name", "standard")
                    )),
                    Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                ))
                .resourceGroupName("sample-resource-group")
                .vaultName("sample-vault")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    vault = azure_native.keyvault.Vault("vault",
        location="westus",
        properties=azure_native.keyvault.VaultPropertiesResponseArgs(
            access_policies=[{
                "objectId": "00000000-0000-0000-0000-000000000000",
                "permissions": azure_native.keyvault.PermissionsArgs(
                    certificates=[
                        "get",
                        "list",
                        "delete",
                        "create",
                        "import",
                        "update",
                        "managecontacts",
                        "getissuers",
                        "listissuers",
                        "setissuers",
                        "deleteissuers",
                        "manageissuers",
                        "recover",
                        "purge",
                    ],
                    keys=[
                        "encrypt",
                        "decrypt",
                        "wrapKey",
                        "unwrapKey",
                        "sign",
                        "verify",
                        "get",
                        "list",
                        "create",
                        "update",
                        "import",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                    secrets=[
                        "get",
                        "list",
                        "set",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                ),
                "tenantId": "00000000-0000-0000-0000-000000000000",
            }],
            enabled_for_deployment=True,
            enabled_for_disk_encryption=True,
            enabled_for_template_deployment=True,
            public_network_access="Enabled",
            sku=azure_native.keyvault.SkuArgs(
                family="A",
                name=azure_native.keyvault.SkuName.STANDARD,
            ),
            tenant_id="00000000-0000-0000-0000-000000000000",
        ),
        resource_group_name="sample-resource-group",
        vault_name="sample-vault")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const vault = new azure_native.keyvault.Vault("vault", {
        location: "westus",
        properties: {
            accessPolicies: [{
                objectId: "00000000-0000-0000-0000-000000000000",
                permissions: {
                    certificates: [
                        "get",
                        "list",
                        "delete",
                        "create",
                        "import",
                        "update",
                        "managecontacts",
                        "getissuers",
                        "listissuers",
                        "setissuers",
                        "deleteissuers",
                        "manageissuers",
                        "recover",
                        "purge",
                    ],
                    keys: [
                        "encrypt",
                        "decrypt",
                        "wrapKey",
                        "unwrapKey",
                        "sign",
                        "verify",
                        "get",
                        "list",
                        "create",
                        "update",
                        "import",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                    secrets: [
                        "get",
                        "list",
                        "set",
                        "delete",
                        "backup",
                        "restore",
                        "recover",
                        "purge",
                    ],
                },
                tenantId: "00000000-0000-0000-0000-000000000000",
            }],
            enabledForDeployment: true,
            enabledForDiskEncryption: true,
            enabledForTemplateDeployment: true,
            publicNetworkAccess: "Enabled",
            sku: {
                family: "A",
                name: azure_native.keyvault.SkuName.Standard,
            },
            tenantId: "00000000-0000-0000-0000-000000000000",
        },
        resourceGroupName: "sample-resource-group",
        vaultName: "sample-vault",
    });
    
    resources:
      vault:
        type: azure-native:keyvault:Vault
        properties:
          location: westus
          properties:
            accessPolicies:
              - objectId: 00000000-0000-0000-0000-000000000000
                permissions:
                  certificates:
                    - get
                    - list
                    - delete
                    - create
                    - import
                    - update
                    - managecontacts
                    - getissuers
                    - listissuers
                    - setissuers
                    - deleteissuers
                    - manageissuers
                    - recover
                    - purge
                  keys:
                    - encrypt
                    - decrypt
                    - wrapKey
                    - unwrapKey
                    - sign
                    - verify
                    - get
                    - list
                    - create
                    - update
                    - import
                    - delete
                    - backup
                    - restore
                    - recover
                    - purge
                  secrets:
                    - get
                    - list
                    - set
                    - delete
                    - backup
                    - restore
                    - recover
                    - purge
                tenantId: 00000000-0000-0000-0000-000000000000
            enabledForDeployment: true
            enabledForDiskEncryption: true
            enabledForTemplateDeployment: true
            publicNetworkAccess: Enabled
            sku:
              family: A
              name: standard
            tenantId: 00000000-0000-0000-0000-000000000000
          resourceGroupName: sample-resource-group
          vaultName: sample-vault
    

    Create or update a vault with network acls

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var vault = new AzureNative.KeyVault.Vault("vault", new()
        {
            Location = "westus",
            Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
            {
                EnabledForDeployment = true,
                EnabledForDiskEncryption = true,
                EnabledForTemplateDeployment = true,
                NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
                {
                    Bypass = "AzureServices",
                    DefaultAction = "Deny",
                    IpRules = new[]
                    {
                        new AzureNative.KeyVault.Inputs.IPRuleArgs
                        {
                            Value = "124.56.78.91",
                        },
                        new AzureNative.KeyVault.Inputs.IPRuleArgs
                        {
                            Value = "'10.91.4.0/24'",
                        },
                    },
                    VirtualNetworkRules = new[]
                    {
                        new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
                        {
                            Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                        },
                    },
                },
                Sku = new AzureNative.KeyVault.Inputs.SkuArgs
                {
                    Family = "A",
                    Name = AzureNative.KeyVault.SkuName.Standard,
                },
                TenantId = "00000000-0000-0000-0000-000000000000",
            },
            ResourceGroupName = "sample-resource-group",
            VaultName = "sample-vault",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/keyvault/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    _, err := keyvault.NewVault(ctx, "vault", &keyvault.VaultArgs{
    Location: pulumi.String("westus"),
    Properties: keyvault.VaultPropertiesResponse{
    EnabledForDeployment: pulumi.Bool(true),
    EnabledForDiskEncryption: pulumi.Bool(true),
    EnabledForTemplateDeployment: pulumi.Bool(true),
    NetworkAcls: interface{}{
    Bypass: pulumi.String("AzureServices"),
    DefaultAction: pulumi.String("Deny"),
    IpRules: keyvault.IPRuleArray{
    &keyvault.IPRuleArgs{
    Value: pulumi.String("124.56.78.91"),
    },
    &keyvault.IPRuleArgs{
    Value: pulumi.String("'10.91.4.0/24'"),
    },
    },
    VirtualNetworkRules: keyvault.VirtualNetworkRuleArray{
    &keyvault.VirtualNetworkRuleArgs{
    Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"),
    },
    },
    },
    Sku: &keyvault.SkuArgs{
    Family: pulumi.String("A"),
    Name: keyvault.SkuNameStandard,
    },
    TenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
    },
    ResourceGroupName: pulumi.String("sample-resource-group"),
    VaultName: pulumi.String("sample-vault"),
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.keyvault.Vault;
    import com.pulumi.azurenative.keyvault.VaultArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var vault = new Vault("vault", VaultArgs.builder()        
                .location("westus")
                .properties(Map.ofEntries(
                    Map.entry("enabledForDeployment", true),
                    Map.entry("enabledForDiskEncryption", true),
                    Map.entry("enabledForTemplateDeployment", true),
                    Map.entry("networkAcls", Map.ofEntries(
                        Map.entry("bypass", "AzureServices"),
                        Map.entry("defaultAction", "Deny"),
                        Map.entry("ipRules",                     
                            Map.of("value", "124.56.78.91"),
                            Map.of("value", "'10.91.4.0/24'")),
                        Map.entry("virtualNetworkRules", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"))
                    )),
                    Map.entry("sku", Map.ofEntries(
                        Map.entry("family", "A"),
                        Map.entry("name", "standard")
                    )),
                    Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
                ))
                .resourceGroupName("sample-resource-group")
                .vaultName("sample-vault")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    vault = azure_native.keyvault.Vault("vault",
        location="westus",
        properties=azure_native.keyvault.VaultPropertiesResponseArgs(
            enabled_for_deployment=True,
            enabled_for_disk_encryption=True,
            enabled_for_template_deployment=True,
            network_acls={
                "bypass": "AzureServices",
                "defaultAction": "Deny",
                "ipRules": [
                    azure_native.keyvault.IPRuleArgs(
                        value="124.56.78.91",
                    ),
                    azure_native.keyvault.IPRuleArgs(
                        value="'10.91.4.0/24'",
                    ),
                ],
                "virtualNetworkRules": [azure_native.keyvault.VirtualNetworkRuleArgs(
                    id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                )],
            },
            sku=azure_native.keyvault.SkuArgs(
                family="A",
                name=azure_native.keyvault.SkuName.STANDARD,
            ),
            tenant_id="00000000-0000-0000-0000-000000000000",
        ),
        resource_group_name="sample-resource-group",
        vault_name="sample-vault")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const vault = new azure_native.keyvault.Vault("vault", {
        location: "westus",
        properties: {
            enabledForDeployment: true,
            enabledForDiskEncryption: true,
            enabledForTemplateDeployment: true,
            networkAcls: {
                bypass: "AzureServices",
                defaultAction: "Deny",
                ipRules: [
                    {
                        value: "124.56.78.91",
                    },
                    {
                        value: "'10.91.4.0/24'",
                    },
                ],
                virtualNetworkRules: [{
                    id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
                }],
            },
            sku: {
                family: "A",
                name: azure_native.keyvault.SkuName.Standard,
            },
            tenantId: "00000000-0000-0000-0000-000000000000",
        },
        resourceGroupName: "sample-resource-group",
        vaultName: "sample-vault",
    });
    
    resources:
      vault:
        type: azure-native:keyvault:Vault
        properties:
          location: westus
          properties:
            enabledForDeployment: true
            enabledForDiskEncryption: true
            enabledForTemplateDeployment: true
            networkAcls:
              bypass: AzureServices
              defaultAction: Deny
              ipRules:
                - value: 124.56.78.91
                - value: '''10.91.4.0/24'''
              virtualNetworkRules:
                - id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1
            sku:
              family: A
              name: standard
            tenantId: 00000000-0000-0000-0000-000000000000
          resourceGroupName: sample-resource-group
          vaultName: sample-vault
    

    Create Vault Resource

    new Vault(name: string, args: VaultArgs, opts?: CustomResourceOptions);
    @overload
    def Vault(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              location: Optional[str] = None,
              properties: Optional[VaultPropertiesArgs] = None,
              resource_group_name: Optional[str] = None,
              tags: Optional[Mapping[str, str]] = None,
              vault_name: Optional[str] = None)
    @overload
    def Vault(resource_name: str,
              args: VaultArgs,
              opts: Optional[ResourceOptions] = None)
    func NewVault(ctx *Context, name string, args VaultArgs, opts ...ResourceOption) (*Vault, error)
    public Vault(string name, VaultArgs args, CustomResourceOptions? opts = null)
    public Vault(String name, VaultArgs args)
    public Vault(String name, VaultArgs args, CustomResourceOptions options)
    
    type: azure-native:keyvault:Vault
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VaultArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Vault Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Vault resource accepts the following input properties:

    Properties Pulumi.AzureNative.KeyVault.Inputs.VaultProperties
    Properties of the vault
    ResourceGroupName string
    The name of the Resource Group to which the server belongs.
    Location string
    The supported Azure location where the key vault should be created.
    Tags Dictionary<string, string>
    The tags that will be assigned to the key vault.
    VaultName string
    Name of the vault
    Properties VaultPropertiesArgs
    Properties of the vault
    ResourceGroupName string
    The name of the Resource Group to which the server belongs.
    Location string
    The supported Azure location where the key vault should be created.
    Tags map[string]string
    The tags that will be assigned to the key vault.
    VaultName string
    Name of the vault
    properties VaultProperties
    Properties of the vault
    resourceGroupName String
    The name of the Resource Group to which the server belongs.
    location String
    The supported Azure location where the key vault should be created.
    tags Map<String,String>
    The tags that will be assigned to the key vault.
    vaultName String
    Name of the vault
    properties VaultProperties
    Properties of the vault
    resourceGroupName string
    The name of the Resource Group to which the server belongs.
    location string
    The supported Azure location where the key vault should be created.
    tags {[key: string]: string}
    The tags that will be assigned to the key vault.
    vaultName string
    Name of the vault
    properties VaultPropertiesArgs
    Properties of the vault
    resource_group_name str
    The name of the Resource Group to which the server belongs.
    location str
    The supported Azure location where the key vault should be created.
    tags Mapping[str, str]
    The tags that will be assigned to the key vault.
    vault_name str
    Name of the vault
    properties Property Map
    Properties of the vault
    resourceGroupName String
    The name of the Resource Group to which the server belongs.
    location String
    The supported Azure location where the key vault should be created.
    tags Map<String>
    The tags that will be assigned to the key vault.
    vaultName String
    Name of the vault

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Vault resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the key vault resource.
    SystemData Pulumi.AzureNative.KeyVault.Outputs.SystemDataResponse
    System metadata for the key vault.
    Type string
    Resource type of the key vault resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the key vault resource.
    SystemData SystemDataResponse
    System metadata for the key vault.
    Type string
    Resource type of the key vault resource.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the key vault resource.
    systemData SystemDataResponse
    System metadata for the key vault.
    type String
    Resource type of the key vault resource.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Name of the key vault resource.
    systemData SystemDataResponse
    System metadata for the key vault.
    type string
    Resource type of the key vault resource.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Name of the key vault resource.
    system_data SystemDataResponse
    System metadata for the key vault.
    type str
    Resource type of the key vault resource.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the key vault resource.
    systemData Property Map
    System metadata for the key vault.
    type String
    Resource type of the key vault resource.

    Supporting Types

    AccessPolicyEntry, AccessPolicyEntryArgs

    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions Pulumi.AzureNative.KeyVault.Inputs.Permissions
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal
    objectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId string
    Application ID of the client making request on behalf of a principal
    object_id str
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    application_id str
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Property Map
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal

    AccessPolicyEntryResponse, AccessPolicyEntryResponseArgs

    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions Pulumi.AzureNative.KeyVault.Inputs.PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal
    objectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId string
    Application ID of the client making request on behalf of a principal
    object_id str
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions PermissionsResponse
    Permissions the identity has for keys, secrets and certificates.
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    application_id str
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Property Map
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal

    CertificatePermissions, CertificatePermissionsArgs

    All
    all
    @Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    CertificatePermissionsAll
    all
    CertificatePermissionsGet
    get
    CertificatePermissionsList
    list
    CertificatePermissionsDelete
    delete
    CertificatePermissionsCreate
    create
    CertificatePermissionsImport
    import
    CertificatePermissionsUpdate
    update
    CertificatePermissionsManagecontacts
    managecontacts
    CertificatePermissionsGetissuers
    getissuers
    CertificatePermissionsListissuers
    listissuers
    CertificatePermissionsSetissuers
    setissuers
    CertificatePermissionsDeleteissuers
    deleteissuers
    CertificatePermissionsManageissuers
    manageissuers
    CertificatePermissionsRecover
    recover
    CertificatePermissionsPurge
    purge
    CertificatePermissionsBackup
    backup
    CertificatePermissionsRestore
    restore
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import_
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    ALL
    all
    GET
    get
    LIST
    list
    DELETE
    delete
    CREATE
    create
    IMPORT_
    import
    UPDATE
    update
    MANAGECONTACTS
    managecontacts
    GETISSUERS
    getissuers
    LISTISSUERS
    listissuers
    SETISSUERS
    setissuers
    DELETEISSUERS
    deleteissuers
    MANAGEISSUERS
    manageissuers
    RECOVER
    recover
    PURGE
    purge
    BACKUP
    backup
    RESTORE
    restore
    "all"
    all
    "get"
    get
    "list"
    list
    "delete"
    delete
    "create"
    create
    "import"
    import
    "update"
    update
    "managecontacts"
    managecontacts
    "getissuers"
    getissuers
    "listissuers"
    listissuers
    "setissuers"
    setissuers
    "deleteissuers"
    deleteissuers
    "manageissuers"
    manageissuers
    "recover"
    recover
    "purge"
    purge
    "backup"
    backup
    "restore"
    restore

    CreateMode, CreateModeArgs

    Recover
    recover
    @Default
    default
    CreateModeRecover
    recover
    CreateModeDefault
    default
    Recover
    recover
    Default_
    default
    Recover
    recover
    Default
    default
    RECOVER
    recover
    DEFAULT
    default
    "recover"
    recover
    "default"
    default

    IPRule, IPRuleArgs

    Value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    Value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value String
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value str
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value String
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    IPRuleResponse, IPRuleResponseArgs

    Value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    Value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value String
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value string
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value str
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
    value String
    An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

    KeyPermissions, KeyPermissionsArgs

    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    @Get
    get
    List
    list
    Create
    create
    Update
    update
    Import
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    Release
    release
    Rotate
    rotate
    Getrotationpolicy
    getrotationpolicy
    Setrotationpolicy
    setrotationpolicy
    KeyPermissionsAll
    all
    KeyPermissionsEncrypt
    encrypt
    KeyPermissionsDecrypt
    decrypt
    KeyPermissionsWrapKey
    wrapKey
    KeyPermissionsUnwrapKey
    unwrapKey
    KeyPermissionsSign
    sign
    KeyPermissionsVerify
    verify
    KeyPermissionsGet
    get
    KeyPermissionsList
    list
    KeyPermissionsCreate
    create
    KeyPermissionsUpdate
    update
    KeyPermissionsImport
    import
    KeyPermissionsDelete
    delete
    KeyPermissionsBackup
    backup
    KeyPermissionsRestore
    restore
    KeyPermissionsRecover
    recover
    KeyPermissionsPurge
    purge
    KeyPermissionsRelease
    release
    KeyPermissionsRotate
    rotate
    KeyPermissionsGetrotationpolicy
    getrotationpolicy
    KeyPermissionsSetrotationpolicy
    setrotationpolicy
    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    Get
    get
    List
    list
    Create
    create
    Update
    update
    Import_
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    Release
    release
    Rotate
    rotate
    Getrotationpolicy
    getrotationpolicy
    Setrotationpolicy
    setrotationpolicy
    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    Get
    get
    List
    list
    Create
    create
    Update
    update
    Import
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    Release
    release
    Rotate
    rotate
    Getrotationpolicy
    getrotationpolicy
    Setrotationpolicy
    setrotationpolicy
    ALL
    all
    ENCRYPT
    encrypt
    DECRYPT
    decrypt
    WRAP_KEY
    wrapKey
    UNWRAP_KEY
    unwrapKey
    SIGN
    sign
    VERIFY
    verify
    GET
    get
    LIST
    list
    CREATE
    create
    UPDATE
    update
    IMPORT_
    import
    DELETE
    delete
    BACKUP
    backup
    RESTORE
    restore
    RECOVER
    recover
    PURGE
    purge
    RELEASE
    release
    ROTATE
    rotate
    GETROTATIONPOLICY
    getrotationpolicy
    SETROTATIONPOLICY
    setrotationpolicy
    "all"
    all
    "encrypt"
    encrypt
    "decrypt"
    decrypt
    "wrapKey"
    wrapKey
    "unwrapKey"
    unwrapKey
    "sign"
    sign
    "verify"
    verify
    "get"
    get
    "list"
    list
    "create"
    create
    "update"
    update
    "import"
    import
    "delete"
    delete
    "backup"
    backup
    "restore"
    restore
    "recover"
    recover
    "purge"
    purge
    "release"
    release
    "rotate"
    rotate
    "getrotationpolicy"
    getrotationpolicy
    "setrotationpolicy"
    setrotationpolicy

    NetworkRuleAction, NetworkRuleActionArgs

    Allow
    Allow
    Deny
    Deny
    NetworkRuleActionAllow
    Allow
    NetworkRuleActionDeny
    Deny
    Allow
    Allow
    Deny
    Deny
    Allow
    Allow
    Deny
    Deny
    ALLOW
    Allow
    DENY
    Deny
    "Allow"
    Allow
    "Deny"
    Deny

    NetworkRuleBypassOptions, NetworkRuleBypassOptionsArgs

    AzureServices
    AzureServices
    None
    None
    NetworkRuleBypassOptionsAzureServices
    AzureServices
    NetworkRuleBypassOptionsNone
    None
    AzureServices
    AzureServices
    None
    None
    AzureServices
    AzureServices
    None
    None
    AZURE_SERVICES
    AzureServices
    NONE
    None
    "AzureServices"
    AzureServices
    "None"
    None

    NetworkRuleSet, NetworkRuleSetArgs

    Bypass string | Pulumi.AzureNative.KeyVault.NetworkRuleBypassOptions
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    DefaultAction string | Pulumi.AzureNative.KeyVault.NetworkRuleAction
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRule>
    The list of IP address rules.
    VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRule>
    The list of virtual network rules.
    Bypass string | NetworkRuleBypassOptions
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    DefaultAction string | NetworkRuleAction
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    IpRules []IPRule
    The list of IP address rules.
    VirtualNetworkRules []VirtualNetworkRule
    The list of virtual network rules.
    bypass String | NetworkRuleBypassOptions
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction String | NetworkRuleAction
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules List<IPRule>
    The list of IP address rules.
    virtualNetworkRules List<VirtualNetworkRule>
    The list of virtual network rules.
    bypass string | NetworkRuleBypassOptions
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction string | NetworkRuleAction
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules IPRule[]
    The list of IP address rules.
    virtualNetworkRules VirtualNetworkRule[]
    The list of virtual network rules.
    bypass str | NetworkRuleBypassOptions
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    default_action str | NetworkRuleAction
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ip_rules Sequence[IPRule]
    The list of IP address rules.
    virtual_network_rules Sequence[VirtualNetworkRule]
    The list of virtual network rules.
    bypass String | "AzureServices" | "None"
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction String | "Allow" | "Deny"
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules List<Property Map>
    The list of IP address rules.
    virtualNetworkRules List<Property Map>
    The list of virtual network rules.

    NetworkRuleSetResponse, NetworkRuleSetResponseArgs

    Bypass string
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    DefaultAction string
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRuleResponse>
    The list of IP address rules.
    VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRuleResponse>
    The list of virtual network rules.
    Bypass string
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    DefaultAction string
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    IpRules []IPRuleResponse
    The list of IP address rules.
    VirtualNetworkRules []VirtualNetworkRuleResponse
    The list of virtual network rules.
    bypass String
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction String
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules List<IPRuleResponse>
    The list of IP address rules.
    virtualNetworkRules List<VirtualNetworkRuleResponse>
    The list of virtual network rules.
    bypass string
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction string
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules IPRuleResponse[]
    The list of IP address rules.
    virtualNetworkRules VirtualNetworkRuleResponse[]
    The list of virtual network rules.
    bypass str
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    default_action str
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ip_rules Sequence[IPRuleResponse]
    The list of IP address rules.
    virtual_network_rules Sequence[VirtualNetworkRuleResponse]
    The list of virtual network rules.
    bypass String
    Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
    defaultAction String
    The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
    ipRules List<Property Map>
    The list of IP address rules.
    virtualNetworkRules List<Property Map>
    The list of virtual network rules.

    Permissions, PermissionsArgs

    Certificates List<Union<string, Pulumi.AzureNative.KeyVault.CertificatePermissions>>
    Permissions to certificates
    Keys List<Union<string, Pulumi.AzureNative.KeyVault.KeyPermissions>>
    Permissions to keys
    Secrets List<Union<string, Pulumi.AzureNative.KeyVault.SecretPermissions>>
    Permissions to secrets
    Storage List<Union<string, Pulumi.AzureNative.KeyVault.StoragePermissions>>
    Permissions to storage accounts
    Certificates []string
    Permissions to certificates
    Keys []string
    Permissions to keys
    Secrets []string
    Permissions to secrets
    Storage []string
    Permissions to storage accounts
    certificates List<Either<String,CertificatePermissions>>
    Permissions to certificates
    keys List<Either<String,KeyPermissions>>
    Permissions to keys
    secrets List<Either<String,SecretPermissions>>
    Permissions to secrets
    storage List<Either<String,StoragePermissions>>
    Permissions to storage accounts
    certificates (string | CertificatePermissions)[]
    Permissions to certificates
    keys (string | KeyPermissions)[]
    Permissions to keys
    secrets (string | SecretPermissions)[]
    Permissions to secrets
    storage (string | StoragePermissions)[]
    Permissions to storage accounts
    certificates Sequence[Union[str, CertificatePermissions]]
    Permissions to certificates
    keys Sequence[Union[str, KeyPermissions]]
    Permissions to keys
    secrets Sequence[Union[str, SecretPermissions]]
    Permissions to secrets
    storage Sequence[Union[str, StoragePermissions]]
    Permissions to storage accounts
    certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">
    Permissions to certificates
    keys List<String | "all" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge" | "release" | "rotate" | "getrotationpolicy" | "setrotationpolicy">
    Permissions to keys
    secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">
    Permissions to secrets
    storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">
    Permissions to storage accounts

    PermissionsResponse, PermissionsResponseArgs

    Certificates List<string>
    Permissions to certificates
    Keys List<string>
    Permissions to keys
    Secrets List<string>
    Permissions to secrets
    Storage List<string>
    Permissions to storage accounts
    Certificates []string
    Permissions to certificates
    Keys []string
    Permissions to keys
    Secrets []string
    Permissions to secrets
    Storage []string
    Permissions to storage accounts
    certificates List<String>
    Permissions to certificates
    keys List<String>
    Permissions to keys
    secrets List<String>
    Permissions to secrets
    storage List<String>
    Permissions to storage accounts
    certificates string[]
    Permissions to certificates
    keys string[]
    Permissions to keys
    secrets string[]
    Permissions to secrets
    storage string[]
    Permissions to storage accounts
    certificates Sequence[str]
    Permissions to certificates
    keys Sequence[str]
    Permissions to keys
    secrets Sequence[str]
    Permissions to secrets
    storage Sequence[str]
    Permissions to storage accounts
    certificates List<String>
    Permissions to certificates
    keys List<String>
    Permissions to keys
    secrets List<String>
    Permissions to secrets
    storage List<String>
    Permissions to storage accounts

    PrivateEndpointConnectionItemResponse, PrivateEndpointConnectionItemResponseArgs

    ProvisioningState string
    Provisioning state of the private endpoint connection.
    Etag string
    Modified whenever there is a change in the state of private endpoint connection.
    Id string
    Id of private endpoint connection.
    PrivateEndpoint Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointResponse
    Properties of the private endpoint object.
    PrivateLinkServiceConnectionState Pulumi.AzureNative.KeyVault.Inputs.PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    ProvisioningState string
    Provisioning state of the private endpoint connection.
    Etag string
    Modified whenever there is a change in the state of private endpoint connection.
    Id string
    Id of private endpoint connection.
    PrivateEndpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    PrivateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioningState String
    Provisioning state of the private endpoint connection.
    etag String
    Modified whenever there is a change in the state of private endpoint connection.
    id String
    Id of private endpoint connection.
    privateEndpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioningState string
    Provisioning state of the private endpoint connection.
    etag string
    Modified whenever there is a change in the state of private endpoint connection.
    id string
    Id of private endpoint connection.
    privateEndpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioning_state str
    Provisioning state of the private endpoint connection.
    etag str
    Modified whenever there is a change in the state of private endpoint connection.
    id str
    Id of private endpoint connection.
    private_endpoint PrivateEndpointResponse
    Properties of the private endpoint object.
    private_link_service_connection_state PrivateLinkServiceConnectionStateResponse
    Approval state of the private link connection.
    provisioningState String
    Provisioning state of the private endpoint connection.
    etag String
    Modified whenever there is a change in the state of private endpoint connection.
    id String
    Id of private endpoint connection.
    privateEndpoint Property Map
    Properties of the private endpoint object.
    privateLinkServiceConnectionState Property Map
    Approval state of the private link connection.

    PrivateEndpointResponse, PrivateEndpointResponseArgs

    Id string
    Full identifier of the private endpoint resource.
    Id string
    Full identifier of the private endpoint resource.
    id String
    Full identifier of the private endpoint resource.
    id string
    Full identifier of the private endpoint resource.
    id str
    Full identifier of the private endpoint resource.
    id String
    Full identifier of the private endpoint resource.

    PrivateLinkServiceConnectionStateResponse, PrivateLinkServiceConnectionStateResponseArgs

    ActionsRequired string
    A message indicating if changes on the service provider require any updates on the consumer.
    Description string
    The reason for approval or rejection.
    Status string
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    ActionsRequired string
    A message indicating if changes on the service provider require any updates on the consumer.
    Description string
    The reason for approval or rejection.
    Status string
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actionsRequired String
    A message indicating if changes on the service provider require any updates on the consumer.
    description String
    The reason for approval or rejection.
    status String
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actionsRequired string
    A message indicating if changes on the service provider require any updates on the consumer.
    description string
    The reason for approval or rejection.
    status string
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actions_required str
    A message indicating if changes on the service provider require any updates on the consumer.
    description str
    The reason for approval or rejection.
    status str
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.
    actionsRequired String
    A message indicating if changes on the service provider require any updates on the consumer.
    description String
    The reason for approval or rejection.
    status String
    Indicates whether the connection has been approved, rejected or removed by the key vault owner.

    SecretPermissions, SecretPermissionsArgs

    All
    all
    @Get
    get
    List
    list
    @Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    SecretPermissionsAll
    all
    SecretPermissionsGet
    get
    SecretPermissionsList
    list
    SecretPermissionsSet
    set
    SecretPermissionsDelete
    delete
    SecretPermissionsBackup
    backup
    SecretPermissionsRestore
    restore
    SecretPermissionsRecover
    recover
    SecretPermissionsPurge
    purge
    All
    all
    Get
    get
    List
    list
    Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    All
    all
    Get
    get
    List
    list
    Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    ALL
    all
    GET
    get
    LIST
    list
    SET
    set
    DELETE
    delete
    BACKUP
    backup
    RESTORE
    restore
    RECOVER
    recover
    PURGE
    purge
    "all"
    all
    "get"
    get
    "list"
    list
    "set"
    set
    "delete"
    delete
    "backup"
    backup
    "restore"
    restore
    "recover"
    recover
    "purge"
    purge

    Sku, SkuArgs

    Family string | Pulumi.AzureNative.KeyVault.SkuFamily
    SKU family name
    Name Pulumi.AzureNative.KeyVault.SkuName
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    Family string | SkuFamily
    SKU family name
    Name SkuName
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family String | SkuFamily
    SKU family name
    name SkuName
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family string | SkuFamily
    SKU family name
    name SkuName
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family str | SkuFamily
    SKU family name
    name SkuName
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family String | "A"
    SKU family name
    name "standard" | "premium"
    SKU name to specify whether the key vault is a standard vault or a premium vault.

    SkuFamily, SkuFamilyArgs

    A
    A
    SkuFamilyA
    A
    A
    A
    A
    A
    A
    A
    "A"
    A

    SkuName, SkuNameArgs

    Standard
    standard
    Premium
    premium
    SkuNameStandard
    standard
    SkuNamePremium
    premium
    Standard
    standard
    Premium
    premium
    Standard
    standard
    Premium
    premium
    STANDARD
    standard
    PREMIUM
    premium
    "standard"
    standard
    "premium"
    premium

    SkuResponse, SkuResponseArgs

    Family string
    SKU family name
    Name string
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    Family string
    SKU family name
    Name string
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family String
    SKU family name
    name String
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family string
    SKU family name
    name string
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family str
    SKU family name
    name str
    SKU name to specify whether the key vault is a standard vault or a premium vault.
    family String
    SKU family name
    name String
    SKU name to specify whether the key vault is a standard vault or a premium vault.

    StoragePermissions, StoragePermissionsArgs

    All
    all
    @Get
    get
    List
    list
    Delete
    delete
    @Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    StoragePermissionsAll
    all
    StoragePermissionsGet
    get
    StoragePermissionsList
    list
    StoragePermissionsDelete
    delete
    StoragePermissionsSet
    set
    StoragePermissionsUpdate
    update
    StoragePermissionsRegeneratekey
    regeneratekey
    StoragePermissionsRecover
    recover
    StoragePermissionsPurge
    purge
    StoragePermissionsBackup
    backup
    StoragePermissionsRestore
    restore
    StoragePermissionsSetsas
    setsas
    StoragePermissionsListsas
    listsas
    StoragePermissionsGetsas
    getsas
    StoragePermissionsDeletesas
    deletesas
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    ALL
    all
    GET
    get
    LIST
    list
    DELETE
    delete
    SET
    set
    UPDATE
    update
    REGENERATEKEY
    regeneratekey
    RECOVER
    recover
    PURGE
    purge
    BACKUP
    backup
    RESTORE
    restore
    SETSAS
    setsas
    LISTSAS
    listsas
    GETSAS
    getsas
    DELETESAS
    deletesas
    "all"
    all
    "get"
    get
    "list"
    list
    "delete"
    delete
    "set"
    set
    "update"
    update
    "regeneratekey"
    regeneratekey
    "recover"
    recover
    "purge"
    purge
    "backup"
    backup
    "restore"
    restore
    "setsas"
    setsas
    "listsas"
    listsas
    "getsas"
    getsas
    "deletesas"
    deletesas

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of the key vault resource creation (UTC).
    CreatedBy string
    The identity that created the key vault resource.
    CreatedByType string
    The type of identity that created the key vault resource.
    LastModifiedAt string
    The timestamp of the key vault resource last modification (UTC).
    LastModifiedBy string
    The identity that last modified the key vault resource.
    LastModifiedByType string
    The type of identity that last modified the key vault resource.
    CreatedAt string
    The timestamp of the key vault resource creation (UTC).
    CreatedBy string
    The identity that created the key vault resource.
    CreatedByType string
    The type of identity that created the key vault resource.
    LastModifiedAt string
    The timestamp of the key vault resource last modification (UTC).
    LastModifiedBy string
    The identity that last modified the key vault resource.
    LastModifiedByType string
    The type of identity that last modified the key vault resource.
    createdAt String
    The timestamp of the key vault resource creation (UTC).
    createdBy String
    The identity that created the key vault resource.
    createdByType String
    The type of identity that created the key vault resource.
    lastModifiedAt String
    The timestamp of the key vault resource last modification (UTC).
    lastModifiedBy String
    The identity that last modified the key vault resource.
    lastModifiedByType String
    The type of identity that last modified the key vault resource.
    createdAt string
    The timestamp of the key vault resource creation (UTC).
    createdBy string
    The identity that created the key vault resource.
    createdByType string
    The type of identity that created the key vault resource.
    lastModifiedAt string
    The timestamp of the key vault resource last modification (UTC).
    lastModifiedBy string
    The identity that last modified the key vault resource.
    lastModifiedByType string
    The type of identity that last modified the key vault resource.
    created_at str
    The timestamp of the key vault resource creation (UTC).
    created_by str
    The identity that created the key vault resource.
    created_by_type str
    The type of identity that created the key vault resource.
    last_modified_at str
    The timestamp of the key vault resource last modification (UTC).
    last_modified_by str
    The identity that last modified the key vault resource.
    last_modified_by_type str
    The type of identity that last modified the key vault resource.
    createdAt String
    The timestamp of the key vault resource creation (UTC).
    createdBy String
    The identity that created the key vault resource.
    createdByType String
    The type of identity that created the key vault resource.
    lastModifiedAt String
    The timestamp of the key vault resource last modification (UTC).
    lastModifiedBy String
    The identity that last modified the key vault resource.
    lastModifiedByType String
    The type of identity that last modified the key vault resource.

    VaultProperties, VaultPropertiesArgs

    Sku Pulumi.AzureNative.KeyVault.Inputs.Sku
    SKU details
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntry>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    CreateMode Pulumi.AzureNative.KeyVault.CreateMode
    The vault's create mode to indicate whether the vault need to be recovered or not.
    EnablePurgeProtection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    EnableRbacAuthorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    EnableSoftDelete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    EnabledForDeployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    EnabledForDiskEncryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    EnabledForTemplateDeployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSet
    Rules governing the accessibility of the key vault from specific network locations.
    ProvisioningState string | Pulumi.AzureNative.KeyVault.VaultProvisioningState
    Provisioning state of the vault.
    PublicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    SoftDeleteRetentionInDays int
    softDelete data retention days. It accepts >=7 and <=90.
    VaultUri string
    The URI of the vault for performing operations on keys and secrets.
    Sku Sku
    SKU details
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    AccessPolicies []AccessPolicyEntry
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    CreateMode CreateMode
    The vault's create mode to indicate whether the vault need to be recovered or not.
    EnablePurgeProtection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    EnableRbacAuthorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    EnableSoftDelete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    EnabledForDeployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    EnabledForDiskEncryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    EnabledForTemplateDeployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    NetworkAcls NetworkRuleSet
    Rules governing the accessibility of the key vault from specific network locations.
    ProvisioningState string | VaultProvisioningState
    Provisioning state of the vault.
    PublicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    SoftDeleteRetentionInDays int
    softDelete data retention days. It accepts >=7 and <=90.
    VaultUri string
    The URI of the vault for performing operations on keys and secrets.
    sku Sku
    SKU details
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies List<AccessPolicyEntry>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    createMode CreateMode
    The vault's create mode to indicate whether the vault need to be recovered or not.
    enablePurgeProtection Boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization Boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete Boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment Boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption Boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment Boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls NetworkRuleSet
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState String | VaultProvisioningState
    Provisioning state of the vault.
    publicNetworkAccess String
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays Integer
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri String
    The URI of the vault for performing operations on keys and secrets.
    sku Sku
    SKU details
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies AccessPolicyEntry[]
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    createMode CreateMode
    The vault's create mode to indicate whether the vault need to be recovered or not.
    enablePurgeProtection boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls NetworkRuleSet
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState string | VaultProvisioningState
    Provisioning state of the vault.
    publicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays number
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri string
    The URI of the vault for performing operations on keys and secrets.
    sku Sku
    SKU details
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    access_policies Sequence[AccessPolicyEntry]
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    create_mode CreateMode
    The vault's create mode to indicate whether the vault need to be recovered or not.
    enable_purge_protection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enable_rbac_authorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enable_soft_delete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabled_for_deployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabled_for_disk_encryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabled_for_template_deployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    network_acls NetworkRuleSet
    Rules governing the accessibility of the key vault from specific network locations.
    provisioning_state str | VaultProvisioningState
    Provisioning state of the vault.
    public_network_access str
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    soft_delete_retention_in_days int
    softDelete data retention days. It accepts >=7 and <=90.
    vault_uri str
    The URI of the vault for performing operations on keys and secrets.
    sku Property Map
    SKU details
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies List<Property Map>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    createMode "recover" | "default"
    The vault's create mode to indicate whether the vault need to be recovered or not.
    enablePurgeProtection Boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization Boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete Boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment Boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption Boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment Boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls Property Map
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState String | "Succeeded" | "RegisteringDns"
    Provisioning state of the vault.
    publicNetworkAccess String
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays Number
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri String
    The URI of the vault for performing operations on keys and secrets.

    VaultPropertiesResponse, VaultPropertiesResponseArgs

    HsmPoolResourceId string
    The resource id of HSM Pool.
    PrivateEndpointConnections List<Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointConnectionItemResponse>
    List of private endpoint connections associated with the key vault.
    Sku Pulumi.AzureNative.KeyVault.Inputs.SkuResponse
    SKU details
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntryResponse>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    EnablePurgeProtection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    EnableRbacAuthorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    EnableSoftDelete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    EnabledForDeployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    EnabledForDiskEncryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    EnabledForTemplateDeployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    ProvisioningState string
    Provisioning state of the vault.
    PublicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    SoftDeleteRetentionInDays int
    softDelete data retention days. It accepts >=7 and <=90.
    VaultUri string
    The URI of the vault for performing operations on keys and secrets.
    HsmPoolResourceId string
    The resource id of HSM Pool.
    PrivateEndpointConnections []PrivateEndpointConnectionItemResponse
    List of private endpoint connections associated with the key vault.
    Sku SkuResponse
    SKU details
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    AccessPolicies []AccessPolicyEntryResponse
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    EnablePurgeProtection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    EnableRbacAuthorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    EnableSoftDelete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    EnabledForDeployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    EnabledForDiskEncryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    EnabledForTemplateDeployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    NetworkAcls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    ProvisioningState string
    Provisioning state of the vault.
    PublicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    SoftDeleteRetentionInDays int
    softDelete data retention days. It accepts >=7 and <=90.
    VaultUri string
    The URI of the vault for performing operations on keys and secrets.
    hsmPoolResourceId String
    The resource id of HSM Pool.
    privateEndpointConnections List<PrivateEndpointConnectionItemResponse>
    List of private endpoint connections associated with the key vault.
    sku SkuResponse
    SKU details
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies List<AccessPolicyEntryResponse>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enablePurgeProtection Boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization Boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete Boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment Boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption Boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment Boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState String
    Provisioning state of the vault.
    publicNetworkAccess String
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays Integer
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri String
    The URI of the vault for performing operations on keys and secrets.
    hsmPoolResourceId string
    The resource id of HSM Pool.
    privateEndpointConnections PrivateEndpointConnectionItemResponse[]
    List of private endpoint connections associated with the key vault.
    sku SkuResponse
    SKU details
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies AccessPolicyEntryResponse[]
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enablePurgeProtection boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState string
    Provisioning state of the vault.
    publicNetworkAccess string
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays number
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri string
    The URI of the vault for performing operations on keys and secrets.
    hsm_pool_resource_id str
    The resource id of HSM Pool.
    private_endpoint_connections Sequence[PrivateEndpointConnectionItemResponse]
    List of private endpoint connections associated with the key vault.
    sku SkuResponse
    SKU details
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    access_policies Sequence[AccessPolicyEntryResponse]
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enable_purge_protection bool
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enable_rbac_authorization bool
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enable_soft_delete bool
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabled_for_deployment bool
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabled_for_disk_encryption bool
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabled_for_template_deployment bool
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    network_acls NetworkRuleSetResponse
    Rules governing the accessibility of the key vault from specific network locations.
    provisioning_state str
    Provisioning state of the vault.
    public_network_access str
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    soft_delete_retention_in_days int
    softDelete data retention days. It accepts >=7 and <=90.
    vault_uri str
    The URI of the vault for performing operations on keys and secrets.
    hsmPoolResourceId String
    The resource id of HSM Pool.
    privateEndpointConnections List<Property Map>
    List of private endpoint connections associated with the key vault.
    sku Property Map
    SKU details
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    accessPolicies List<Property Map>
    An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
    enablePurgeProtection Boolean
    Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
    enableRbacAuthorization Boolean
    Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
    enableSoftDelete Boolean
    Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
    enabledForDeployment Boolean
    Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
    enabledForDiskEncryption Boolean
    Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
    enabledForTemplateDeployment Boolean
    Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
    networkAcls Property Map
    Rules governing the accessibility of the key vault from specific network locations.
    provisioningState String
    Provisioning state of the vault.
    publicNetworkAccess String
    Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
    softDeleteRetentionInDays Number
    softDelete data retention days. It accepts >=7 and <=90.
    vaultUri String
    The URI of the vault for performing operations on keys and secrets.

    VaultProvisioningState, VaultProvisioningStateArgs

    Succeeded
    Succeeded
    RegisteringDns
    RegisteringDns
    VaultProvisioningStateSucceeded
    Succeeded
    VaultProvisioningStateRegisteringDns
    RegisteringDns
    Succeeded
    Succeeded
    RegisteringDns
    RegisteringDns
    Succeeded
    Succeeded
    RegisteringDns
    RegisteringDns
    SUCCEEDED
    Succeeded
    REGISTERING_DNS
    RegisteringDns
    "Succeeded"
    Succeeded
    "RegisteringDns"
    RegisteringDns

    VirtualNetworkRule, VirtualNetworkRuleArgs

    Id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    IgnoreMissingVnetServiceEndpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    Id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    IgnoreMissingVnetServiceEndpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id String
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint Boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id str
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignore_missing_vnet_service_endpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id String
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint Boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    VirtualNetworkRuleResponse, VirtualNetworkRuleResponseArgs

    Id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    IgnoreMissingVnetServiceEndpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    Id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    IgnoreMissingVnetServiceEndpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id String
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint Boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id string
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id str
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignore_missing_vnet_service_endpoint bool
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
    id String
    Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
    ignoreMissingVnetServiceEndpoint Boolean
    Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:keyvault:Vault sample-vault /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi