We recommend using Azure Native.
Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi
azure.keyvault.getKeyVault
Use this data source to access information about an existing Key Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.keyvault.getKeyVault({
name: "mykeyvault",
resourceGroupName: "some-resource-group",
});
export const vaultUri = example.then(example => example.vaultUri);
import pulumi
import pulumi_azure as azure
example = azure.keyvault.get_key_vault(name="mykeyvault",
resource_group_name="some-resource-group")
pulumi.export("vaultUri", example.vault_uri)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
Name: "mykeyvault",
ResourceGroupName: "some-resource-group",
}, nil)
if err != nil {
return err
}
ctx.Export("vaultUri", example.VaultUri)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.KeyVault.GetKeyVault.Invoke(new()
{
Name = "mykeyvault",
ResourceGroupName = "some-resource-group",
});
return new Dictionary<string, object?>
{
["vaultUri"] = example.Apply(getKeyVaultResult => getKeyVaultResult.VaultUri),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
.name("mykeyvault")
.resourceGroupName("some-resource-group")
.build());
ctx.export("vaultUri", example.vaultUri());
}
}
variables:
example:
fn::invoke:
function: azure:keyvault:getKeyVault
arguments:
name: mykeyvault
resourceGroupName: some-resource-group
outputs:
vaultUri: ${example.vaultUri}
Using getKeyVault
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKeyVault(args: GetKeyVaultArgs, opts?: InvokeOptions): Promise<GetKeyVaultResult>
function getKeyVaultOutput(args: GetKeyVaultOutputArgs, opts?: InvokeOptions): Output<GetKeyVaultResult>def get_key_vault(name: Optional[str] = None,
resource_group_name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKeyVaultResult
def get_key_vault_output(name: Optional[pulumi.Input[str]] = None,
resource_group_name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKeyVaultResult]func LookupKeyVault(ctx *Context, args *LookupKeyVaultArgs, opts ...InvokeOption) (*LookupKeyVaultResult, error)
func LookupKeyVaultOutput(ctx *Context, args *LookupKeyVaultOutputArgs, opts ...InvokeOption) LookupKeyVaultResultOutput> Note: This function is named LookupKeyVault in the Go SDK.
public static class GetKeyVault
{
public static Task<GetKeyVaultResult> InvokeAsync(GetKeyVaultArgs args, InvokeOptions? opts = null)
public static Output<GetKeyVaultResult> Invoke(GetKeyVaultInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKeyVaultResult> getKeyVault(GetKeyVaultArgs args, InvokeOptions options)
public static Output<GetKeyVaultResult> getKeyVault(GetKeyVaultArgs args, InvokeOptions options)
fn::invoke:
function: azure:keyvault/getKeyVault:getKeyVault
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
- Specifies the name of the Key Vault.
- Resource
Group stringName - The name of the Resource Group in which the Key Vault exists.
- Name string
- Specifies the name of the Key Vault.
- Resource
Group stringName - The name of the Resource Group in which the Key Vault exists.
- name String
- Specifies the name of the Key Vault.
- resource
Group StringName - The name of the Resource Group in which the Key Vault exists.
- name string
- Specifies the name of the Key Vault.
- resource
Group stringName - The name of the Resource Group in which the Key Vault exists.
- name str
- Specifies the name of the Key Vault.
- resource_
group_ strname - The name of the Resource Group in which the Key Vault exists.
- name String
- Specifies the name of the Key Vault.
- resource
Group StringName - The name of the Resource Group in which the Key Vault exists.
getKeyVault Result
The following output properties are available:
- Access
Policies List<GetKey Vault Access Policy> - One or more
access_policyblocks as defined below. - bool
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- Enabled
For boolDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- Enabled
For boolDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- Enabled
For boolTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- The Azure Region in which the Key Vault exists.
- Name string
- Network
Acls List<GetKey Vault Network Acl> - Public
Network boolAccess Enabled - Is public network access enabled on this Key Vault?
- Purge
Protection boolEnabled - Is purge protection enabled on this Key Vault?
- bool
- Resource
Group stringName - Sku
Name string - The Name of the SKU used for this Key Vault.
- Dictionary<string, string>
- A mapping of tags assigned to the Key Vault.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- Access
Policies []GetKey Vault Access Policy - One or more
access_policyblocks as defined below. - bool
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- Enabled
For boolDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- Enabled
For boolDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- Enabled
For boolTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- The Azure Region in which the Key Vault exists.
- Name string
- Network
Acls []GetKey Vault Network Acl - Public
Network boolAccess Enabled - Is public network access enabled on this Key Vault?
- Purge
Protection boolEnabled - Is purge protection enabled on this Key Vault?
- bool
- Resource
Group stringName - Sku
Name string - The Name of the SKU used for this Key Vault.
- map[string]string
- A mapping of tags assigned to the Key Vault.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- access
Policies List<GetKey Vault Access Policy> - One or more
access_policyblocks as defined below. - Boolean
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled
For BooleanDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled
For BooleanDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled
For BooleanTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- The Azure Region in which the Key Vault exists.
- name String
- network
Acls List<GetKey Vault Network Acl> - public
Network BooleanAccess Enabled - Is public network access enabled on this Key Vault?
- purge
Protection BooleanEnabled - Is purge protection enabled on this Key Vault?
- Boolean
- resource
Group StringName - sku
Name String - The Name of the SKU used for this Key Vault.
- Map<String,String>
- A mapping of tags assigned to the Key Vault.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
- access
Policies GetKey Vault Access Policy[] - One or more
access_policyblocks as defined below. - boolean
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled
For booleanDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled
For booleanDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled
For booleanTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id string
- The provider-assigned unique ID for this managed resource.
- location string
- The Azure Region in which the Key Vault exists.
- name string
- network
Acls GetKey Vault Network Acl[] - public
Network booleanAccess Enabled - Is public network access enabled on this Key Vault?
- purge
Protection booleanEnabled - Is purge protection enabled on this Key Vault?
- boolean
- resource
Group stringName - sku
Name string - The Name of the SKU used for this Key Vault.
- {[key: string]: string}
- A mapping of tags assigned to the Key Vault.
- tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- access_
policies Sequence[GetKey Vault Access Policy] - One or more
access_policyblocks as defined below. - bool
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled_
for_ booldeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled_
for_ booldisk_ encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled_
for_ booltemplate_ deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id str
- The provider-assigned unique ID for this managed resource.
- location str
- The Azure Region in which the Key Vault exists.
- name str
- network_
acls Sequence[GetKey Vault Network Acl] - public_
network_ boolaccess_ enabled - Is public network access enabled on this Key Vault?
- purge_
protection_ boolenabled - Is purge protection enabled on this Key Vault?
- bool
- resource_
group_ strname - sku_
name str - The Name of the SKU used for this Key Vault.
- Mapping[str, str]
- A mapping of tags assigned to the Key Vault.
- tenant_
id str - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault_
uri str - The URI of the vault for performing operations on keys and secrets.
- access
Policies List<Property Map> - One or more
access_policyblocks as defined below. - Boolean
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled
For BooleanDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled
For BooleanDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled
For BooleanTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- The Azure Region in which the Key Vault exists.
- name String
- network
Acls List<Property Map> - public
Network BooleanAccess Enabled - Is public network access enabled on this Key Vault?
- purge
Protection BooleanEnabled - Is purge protection enabled on this Key Vault?
- Boolean
- resource
Group StringName - sku
Name String - The Name of the SKU used for this Key Vault.
- Map<String>
- A mapping of tags assigned to the Key Vault.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
Supporting Types
GetKeyVaultAccessPolicy
- Application
Id string - The Object ID of a Azure Active Directory Application.
- Certificate
Permissions List<string> - A list of certificate permissions applicable to this Access Policy.
- Key
Permissions List<string> - A list of key permissions applicable to this Access Policy.
- Object
Id string - An Object ID of a User, Service Principal or Security Group.
- Secret
Permissions List<string> - A list of secret permissions applicable to this Access Policy.
- Storage
Permissions List<string> - A list of storage permissions applicable to this Access Policy.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- Application
Id string - The Object ID of a Azure Active Directory Application.
- Certificate
Permissions []string - A list of certificate permissions applicable to this Access Policy.
- Key
Permissions []string - A list of key permissions applicable to this Access Policy.
- Object
Id string - An Object ID of a User, Service Principal or Security Group.
- Secret
Permissions []string - A list of secret permissions applicable to this Access Policy.
- Storage
Permissions []string - A list of storage permissions applicable to this Access Policy.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application
Id String - The Object ID of a Azure Active Directory Application.
- certificate
Permissions List<String> - A list of certificate permissions applicable to this Access Policy.
- key
Permissions List<String> - A list of key permissions applicable to this Access Policy.
- object
Id String - An Object ID of a User, Service Principal or Security Group.
- secret
Permissions List<String> - A list of secret permissions applicable to this Access Policy.
- storage
Permissions List<String> - A list of storage permissions applicable to this Access Policy.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application
Id string - The Object ID of a Azure Active Directory Application.
- certificate
Permissions string[] - A list of certificate permissions applicable to this Access Policy.
- key
Permissions string[] - A list of key permissions applicable to this Access Policy.
- object
Id string - An Object ID of a User, Service Principal or Security Group.
- secret
Permissions string[] - A list of secret permissions applicable to this Access Policy.
- storage
Permissions string[] - A list of storage permissions applicable to this Access Policy.
- tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application_
id str - The Object ID of a Azure Active Directory Application.
- certificate_
permissions Sequence[str] - A list of certificate permissions applicable to this Access Policy.
- key_
permissions Sequence[str] - A list of key permissions applicable to this Access Policy.
- object_
id str - An Object ID of a User, Service Principal or Security Group.
- secret_
permissions Sequence[str] - A list of secret permissions applicable to this Access Policy.
- storage_
permissions Sequence[str] - A list of storage permissions applicable to this Access Policy.
- tenant_
id str - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application
Id String - The Object ID of a Azure Active Directory Application.
- certificate
Permissions List<String> - A list of certificate permissions applicable to this Access Policy.
- key
Permissions List<String> - A list of key permissions applicable to this Access Policy.
- object
Id String - An Object ID of a User, Service Principal or Security Group.
- secret
Permissions List<String> - A list of secret permissions applicable to this Access Policy.
- storage
Permissions List<String> - A list of storage permissions applicable to this Access Policy.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
GetKeyVaultNetworkAcl
- Bypass string
- Default
Action string - Ip
Rules List<string> - Virtual
Network List<string>Subnet Ids
- Bypass string
- Default
Action string - Ip
Rules []string - Virtual
Network []stringSubnet Ids
- bypass String
- default
Action String - ip
Rules List<String> - virtual
Network List<String>Subnet Ids
- bypass string
- default
Action string - ip
Rules string[] - virtual
Network string[]Subnet Ids
- bypass str
- default_
action str - ip_
rules Sequence[str] - virtual_
network_ Sequence[str]subnet_ ids
- bypass String
- default
Action String - ip
Rules List<String> - virtual
Network List<String>Subnet Ids
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
