Azure v6.22.0, Apr 1 25

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

pulumi/pulumi-azure

azure.keyvault.ManagedHardwareSecurityModule

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleManagedHardwareSecurityModule = new azure.keyvault.ManagedHardwareSecurityModule("example", {
    name: "exampleKVHsm",
    resourceGroupName: example.name,
    location: example.location,
    skuName: "Standard_B1",
    purgeProtectionEnabled: false,
    softDeleteRetentionDays: 90,
    tenantId: current.then(current => current.tenantId),
    adminObjectIds: [current.then(current => current.objectId)],
    tags: {
        Env: "Test",
    },
});

import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_managed_hardware_security_module = azure.keyvault.ManagedHardwareSecurityModule("example",
    name="exampleKVHsm",
    resource_group_name=example.name,
    location=example.location,
    sku_name="Standard_B1",
    purge_protection_enabled=False,
    soft_delete_retention_days=90,
    tenant_id=current.tenant_id,
    admin_object_ids=[current.object_id],
    tags={
        "Env": "Test",
    })

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = keyvault.NewManagedHardwareSecurityModule(ctx, "example", &keyvault.ManagedHardwareSecurityModuleArgs{
			Name:                    pulumi.String("exampleKVHsm"),
			ResourceGroupName:       example.Name,
			Location:                example.Location,
			SkuName:                 pulumi.String("Standard_B1"),
			PurgeProtectionEnabled:  pulumi.Bool(false),
			SoftDeleteRetentionDays: pulumi.Int(90),
			TenantId:                pulumi.String(current.TenantId),
			AdminObjectIds: pulumi.StringArray{
				pulumi.String(current.ObjectId),
			},
			Tags: pulumi.StringMap{
				"Env": pulumi.String("Test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleManagedHardwareSecurityModule = new Azure.KeyVault.ManagedHardwareSecurityModule("example", new()
    {
        Name = "exampleKVHsm",
        ResourceGroupName = example.Name,
        Location = example.Location,
        SkuName = "Standard_B1",
        PurgeProtectionEnabled = false,
        SoftDeleteRetentionDays = 90,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        AdminObjectIds = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
        Tags = 
        {
            { "Env", "Test" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.ManagedHardwareSecurityModule;
import com.pulumi.azure.keyvault.ManagedHardwareSecurityModuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleManagedHardwareSecurityModule = new ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule", ManagedHardwareSecurityModuleArgs.builder()
            .name("exampleKVHsm")
            .resourceGroupName(example.name())
            .location(example.location())
            .skuName("Standard_B1")
            .purgeProtectionEnabled(false)
            .softDeleteRetentionDays(90)
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .adminObjectIds(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .tags(Map.of("Env", "Test"))
            .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleManagedHardwareSecurityModule:
    type: azure:keyvault:ManagedHardwareSecurityModule
    name: example
    properties:
      name: exampleKVHsm
      resourceGroupName: ${example.name}
      location: ${example.location}
      skuName: Standard_B1
      purgeProtectionEnabled: false
      softDeleteRetentionDays: 90
      tenantId: ${current.tenantId}
      adminObjectIds:
        - ${current.objectId}
      tags:
        Env: Test
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}

Create ManagedHardwareSecurityModule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagedHardwareSecurityModule(name: string, args: ManagedHardwareSecurityModuleArgs, opts?: CustomResourceOptions);

@overload
def ManagedHardwareSecurityModule(resource_name: str,
                                  args: ManagedHardwareSecurityModuleArgs,
                                  opts: Optional[ResourceOptions] = None)

@overload
def ManagedHardwareSecurityModule(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  sku_name: Optional[str] = None,
                                  resource_group_name: Optional[str] = None,
                                  admin_object_ids: Optional[Sequence[str]] = None,
                                  tenant_id: Optional[str] = None,
                                  location: Optional[str] = None,
                                  name: Optional[str] = None,
                                  network_acls: Optional[ManagedHardwareSecurityModuleNetworkAclsArgs] = None,
                                  public_network_access_enabled: Optional[bool] = None,
                                  purge_protection_enabled: Optional[bool] = None,
                                  security_domain_key_vault_certificate_ids: Optional[Sequence[str]] = None,
                                  security_domain_quorum: Optional[int] = None,
                                  soft_delete_retention_days: Optional[int] = None,
                                  tags: Optional[Mapping[str, str]] = None)

func NewManagedHardwareSecurityModule(ctx *Context, name string, args ManagedHardwareSecurityModuleArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)

public ManagedHardwareSecurityModule(string name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions? opts = null)

public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args)
public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions options)

type: azure:keyvault:ManagedHardwareSecurityModule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managedHardwareSecurityModuleResource = new Azure.KeyVault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", new()
{
    SkuName = "string",
    ResourceGroupName = "string",
    AdminObjectIds = new[]
    {
        "string",
    },
    TenantId = "string",
    Location = "string",
    Name = "string",
    NetworkAcls = new Azure.KeyVault.Inputs.ManagedHardwareSecurityModuleNetworkAclsArgs
    {
        Bypass = "string",
        DefaultAction = "string",
    },
    PublicNetworkAccessEnabled = false,
    PurgeProtectionEnabled = false,
    SecurityDomainKeyVaultCertificateIds = new[]
    {
        "string",
    },
    SecurityDomainQuorum = 0,
    SoftDeleteRetentionDays = 0,
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := keyvault.NewManagedHardwareSecurityModule(ctx, "managedHardwareSecurityModuleResource", &keyvault.ManagedHardwareSecurityModuleArgs{
	SkuName:           pulumi.String("string"),
	ResourceGroupName: pulumi.String("string"),
	AdminObjectIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	TenantId: pulumi.String("string"),
	Location: pulumi.String("string"),
	Name:     pulumi.String("string"),
	NetworkAcls: &keyvault.ManagedHardwareSecurityModuleNetworkAclsArgs{
		Bypass:        pulumi.String("string"),
		DefaultAction: pulumi.String("string"),
	},
	PublicNetworkAccessEnabled: pulumi.Bool(false),
	PurgeProtectionEnabled:     pulumi.Bool(false),
	SecurityDomainKeyVaultCertificateIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	SecurityDomainQuorum:    pulumi.Int(0),
	SoftDeleteRetentionDays: pulumi.Int(0),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var managedHardwareSecurityModuleResource = new ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", ManagedHardwareSecurityModuleArgs.builder()
    .skuName("string")
    .resourceGroupName("string")
    .adminObjectIds("string")
    .tenantId("string")
    .location("string")
    .name("string")
    .networkAcls(ManagedHardwareSecurityModuleNetworkAclsArgs.builder()
        .bypass("string")
        .defaultAction("string")
        .build())
    .publicNetworkAccessEnabled(false)
    .purgeProtectionEnabled(false)
    .securityDomainKeyVaultCertificateIds("string")
    .securityDomainQuorum(0)
    .softDeleteRetentionDays(0)
    .tags(Map.of("string", "string"))
    .build());

managed_hardware_security_module_resource = azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource",
    sku_name="string",
    resource_group_name="string",
    admin_object_ids=["string"],
    tenant_id="string",
    location="string",
    name="string",
    network_acls={
        "bypass": "string",
        "default_action": "string",
    },
    public_network_access_enabled=False,
    purge_protection_enabled=False,
    security_domain_key_vault_certificate_ids=["string"],
    security_domain_quorum=0,
    soft_delete_retention_days=0,
    tags={
        "string": "string",
    })

const managedHardwareSecurityModuleResource = new azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", {
    skuName: "string",
    resourceGroupName: "string",
    adminObjectIds: ["string"],
    tenantId: "string",
    location: "string",
    name: "string",
    networkAcls: {
        bypass: "string",
        defaultAction: "string",
    },
    publicNetworkAccessEnabled: false,
    purgeProtectionEnabled: false,
    securityDomainKeyVaultCertificateIds: ["string"],
    securityDomainQuorum: 0,
    softDeleteRetentionDays: 0,
    tags: {
        string: "string",
    },
});

type: azure:keyvault:ManagedHardwareSecurityModule
properties:
    adminObjectIds:
        - string
    location: string
    name: string
    networkAcls:
        bypass: string
        defaultAction: string
    publicNetworkAccessEnabled: false
    purgeProtectionEnabled: false
    resourceGroupName: string
    securityDomainKeyVaultCertificateIds:
        - string
    securityDomainQuorum: 0
    skuName: string
    softDeleteRetentionDays: 0
    tags:
        string: string
    tenantId: string

ManagedHardwareSecurityModule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ManagedHardwareSecurityModule resource accepts the following input properties:

AdminObjectIds List<string>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAcls: A network_acls block as defined below.
PublicNetworkAccessEnabled bool: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
SecurityDomainKeyVaultCertificateIds List<string>: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

AdminObjectIds []string: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAclsArgs: A network_acls block as defined below.
PublicNetworkAccessEnabled bool: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
SecurityDomainKeyVaultCertificateIds []string: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the resource.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls: A network_acls block as defined below.
publicNetworkAccessEnabled Boolean: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
securityDomainKeyVaultCertificateIds List<String>: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Integer: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
softDeleteRetentionDays Integer: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the resource.

adminObjectIds string[]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls: A network_acls block as defined below.
publicNetworkAccessEnabled boolean: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
securityDomainKeyVaultCertificateIds string[]: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum number: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
softDeleteRetentionDays number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

admin_object_ids Sequence[str]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resource_group_name str: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
sku_name str: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenant_id str: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
network_acls ManagedHardwareSecurityModuleNetworkAclsArgs: A network_acls block as defined below.
public_network_access_enabled bool: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purge_protection_enabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
security_domain_key_vault_certificate_ids Sequence[str]: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
security_domain_quorum int: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
soft_delete_retention_days int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls Property Map: A network_acls block as defined below.
publicNetworkAccessEnabled Boolean: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
securityDomainKeyVaultCertificateIds List<String>: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Number: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
softDeleteRetentionDays Number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModule resource produces the following output properties:

HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Id string: The provider-assigned unique ID for this managed resource.
SecurityDomainEncryptedData string: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Id string: The provider-assigned unique ID for this managed resource.
SecurityDomainEncryptedData string: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id String: The provider-assigned unique ID for this managed resource.
securityDomainEncryptedData String: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

hsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id string: The provider-assigned unique ID for this managed resource.
securityDomainEncryptedData string: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

hsm_uri str: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id str: The provider-assigned unique ID for this managed resource.
security_domain_encrypted_data str: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id String: The provider-assigned unique ID for this managed resource.
securityDomainEncryptedData String: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

Look up Existing ManagedHardwareSecurityModule Resource

Get an existing ManagedHardwareSecurityModule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleState, opts?: CustomResourceOptions): ManagedHardwareSecurityModule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admin_object_ids: Optional[Sequence[str]] = None,
        hsm_uri: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        network_acls: Optional[ManagedHardwareSecurityModuleNetworkAclsArgs] = None,
        public_network_access_enabled: Optional[bool] = None,
        purge_protection_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        security_domain_encrypted_data: Optional[str] = None,
        security_domain_key_vault_certificate_ids: Optional[Sequence[str]] = None,
        security_domain_quorum: Optional[int] = None,
        sku_name: Optional[str] = None,
        soft_delete_retention_days: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tenant_id: Optional[str] = None) -> ManagedHardwareSecurityModule

func GetManagedHardwareSecurityModule(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleState, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)

public static ManagedHardwareSecurityModule Get(string name, Input<string> id, ManagedHardwareSecurityModuleState? state, CustomResourceOptions? opts = null)

public static ManagedHardwareSecurityModule get(String name, Output<String> id, ManagedHardwareSecurityModuleState state, CustomResourceOptions options)

resources:  _:    type: azure:keyvault:ManagedHardwareSecurityModule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdminObjectIds List<string>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAcls: A network_acls block as defined below.
PublicNetworkAccessEnabled bool: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SecurityDomainEncryptedData string: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
SecurityDomainKeyVaultCertificateIds List<string>: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

AdminObjectIds []string: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAclsArgs: A network_acls block as defined below.
PublicNetworkAccessEnabled bool: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SecurityDomainEncryptedData string: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
SecurityDomainKeyVaultCertificateIds []string: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the resource.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls: A network_acls block as defined below.
publicNetworkAccessEnabled Boolean: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
securityDomainEncryptedData String: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
securityDomainKeyVaultCertificateIds List<String>: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Integer: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Integer: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the resource.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

adminObjectIds string[]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls: A network_acls block as defined below.
publicNetworkAccessEnabled boolean: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
securityDomainEncryptedData string: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
securityDomainKeyVaultCertificateIds string[]: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum number: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
skuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
tenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

admin_object_ids Sequence[str]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsm_uri str: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
network_acls ManagedHardwareSecurityModuleNetworkAclsArgs: A network_acls block as defined below.
public_network_access_enabled bool: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purge_protection_enabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resource_group_name str: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
security_domain_encrypted_data str: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
security_domain_key_vault_certificate_ids Sequence[str]: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
security_domain_quorum int: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
sku_name str: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
soft_delete_retention_days int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the resource.
tenant_id str: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls Property Map: A network_acls block as defined below.
publicNetworkAccessEnabled Boolean: Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
securityDomainEncryptedData String: This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
securityDomainKeyVaultCertificateIds List<String>: A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Number: Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the resource.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Supporting Types

ManagedHardwareSecurityModuleNetworkAcls, ManagedHardwareSecurityModuleNetworkAclsArgs

Bypass string: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
DefaultAction string: The Default Action to use. Possible values are Allow and Deny.

Bypass string: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
DefaultAction string: The Default Action to use. Possible values are Allow and Deny.

bypass String: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
defaultAction String: The Default Action to use. Possible values are Allow and Deny.

bypass string: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
defaultAction string: The Default Action to use. Possible values are Allow and Deny.

bypass str: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
default_action str: The Default Action to use. Possible values are Allow and Deny.

bypass String: Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
defaultAction String: The Default Action to use. Possible values are Allow and Deny.

Import

Key Vault Managed Hardware Security Module can be imported using the resource id, e.g.

$ pulumi import azure:keyvault/managedHardwareSecurityModule:ManagedHardwareSecurityModule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

pulumi/pulumi-azure

azure.keyvault.ManagedHardwareSecurityModule

On this page

On this page

Example Usage

Create ManagedHardwareSecurityModule Resource

Constructor syntax

Parameters

Constructor example

ManagedHardwareSecurityModule Resource Properties

Inputs

Outputs

Look up Existing ManagedHardwareSecurityModule Resource

Supporting Types

ManagedHardwareSecurityModuleNetworkAcls, ManagedHardwareSecurityModuleNetworkAclsArgs

Import

Package Details

On this page

On this page