1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. ManagedHardwareSecurityModule

We recommend using Azure Native.

Azure Classic v5.84.0 published on Tuesday, Jul 16, 2024 by Pulumi

azure.keyvault.ManagedHardwareSecurityModule

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.84.0 published on Tuesday, Jul 16, 2024 by Pulumi

    Manages a Key Vault Managed Hardware Security Module.

    Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module resource on destroy, rather than the default soft-delete. See purge_soft_deleted_hardware_security_modules_on_destroy for more information.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const current = azure.core.getClientConfig({});
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleManagedHardwareSecurityModule = new azure.keyvault.ManagedHardwareSecurityModule("example", {
        name: "exampleKVHsm",
        resourceGroupName: example.name,
        location: example.location,
        skuName: "Standard_B1",
        purgeProtectionEnabled: false,
        softDeleteRetentionDays: 90,
        tenantId: current.then(current => current.tenantId),
        adminObjectIds: [current.then(current => current.objectId)],
        tags: {
            Env: "Test",
        },
    });
    
    import pulumi
    import pulumi_azure as azure
    
    current = azure.core.get_client_config()
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_managed_hardware_security_module = azure.keyvault.ManagedHardwareSecurityModule("example",
        name="exampleKVHsm",
        resource_group_name=example.name,
        location=example.location,
        sku_name="Standard_B1",
        purge_protection_enabled=False,
        soft_delete_retention_days=90,
        tenant_id=current.tenant_id,
        admin_object_ids=[current.object_id],
        tags={
            "Env": "Test",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewManagedHardwareSecurityModule(ctx, "example", &keyvault.ManagedHardwareSecurityModuleArgs{
    			Name:                    pulumi.String("exampleKVHsm"),
    			ResourceGroupName:       example.Name,
    			Location:                example.Location,
    			SkuName:                 pulumi.String("Standard_B1"),
    			PurgeProtectionEnabled:  pulumi.Bool(false),
    			SoftDeleteRetentionDays: pulumi.Int(90),
    			TenantId:                pulumi.String(current.TenantId),
    			AdminObjectIds: pulumi.StringArray{
    				pulumi.String(current.ObjectId),
    			},
    			Tags: pulumi.StringMap{
    				"Env": pulumi.String("Test"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleManagedHardwareSecurityModule = new Azure.KeyVault.ManagedHardwareSecurityModule("example", new()
        {
            Name = "exampleKVHsm",
            ResourceGroupName = example.Name,
            Location = example.Location,
            SkuName = "Standard_B1",
            PurgeProtectionEnabled = false,
            SoftDeleteRetentionDays = 90,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            AdminObjectIds = new[]
            {
                current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
            },
            Tags = 
            {
                { "Env", "Test" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.keyvault.ManagedHardwareSecurityModule;
    import com.pulumi.azure.keyvault.ManagedHardwareSecurityModuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleManagedHardwareSecurityModule = new ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule", ManagedHardwareSecurityModuleArgs.builder()
                .name("exampleKVHsm")
                .resourceGroupName(example.name())
                .location(example.location())
                .skuName("Standard_B1")
                .purgeProtectionEnabled(false)
                .softDeleteRetentionDays(90)
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .adminObjectIds(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .tags(Map.of("Env", "Test"))
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleManagedHardwareSecurityModule:
        type: azure:keyvault:ManagedHardwareSecurityModule
        name: example
        properties:
          name: exampleKVHsm
          resourceGroupName: ${example.name}
          location: ${example.location}
          skuName: Standard_B1
          purgeProtectionEnabled: false
          softDeleteRetentionDays: 90
          tenantId: ${current.tenantId}
          adminObjectIds:
            - ${current.objectId}
          tags:
            Env: Test
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Create ManagedHardwareSecurityModule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ManagedHardwareSecurityModule(name: string, args: ManagedHardwareSecurityModuleArgs, opts?: CustomResourceOptions);
    @overload
    def ManagedHardwareSecurityModule(resource_name: str,
                                      args: ManagedHardwareSecurityModuleArgs,
                                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def ManagedHardwareSecurityModule(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      sku_name: Optional[str] = None,
                                      resource_group_name: Optional[str] = None,
                                      admin_object_ids: Optional[Sequence[str]] = None,
                                      tenant_id: Optional[str] = None,
                                      location: Optional[str] = None,
                                      name: Optional[str] = None,
                                      network_acls: Optional[ManagedHardwareSecurityModuleNetworkAclsArgs] = None,
                                      public_network_access_enabled: Optional[bool] = None,
                                      purge_protection_enabled: Optional[bool] = None,
                                      security_domain_key_vault_certificate_ids: Optional[Sequence[str]] = None,
                                      security_domain_quorum: Optional[int] = None,
                                      soft_delete_retention_days: Optional[int] = None,
                                      tags: Optional[Mapping[str, str]] = None)
    func NewManagedHardwareSecurityModule(ctx *Context, name string, args ManagedHardwareSecurityModuleArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)
    public ManagedHardwareSecurityModule(string name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions? opts = null)
    public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args)
    public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions options)
    
    type: azure:keyvault:ManagedHardwareSecurityModule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ManagedHardwareSecurityModuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ManagedHardwareSecurityModuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ManagedHardwareSecurityModuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ManagedHardwareSecurityModuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ManagedHardwareSecurityModuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var managedHardwareSecurityModuleResource = new Azure.KeyVault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", new()
    {
        SkuName = "string",
        ResourceGroupName = "string",
        AdminObjectIds = new[]
        {
            "string",
        },
        TenantId = "string",
        Location = "string",
        Name = "string",
        NetworkAcls = new Azure.KeyVault.Inputs.ManagedHardwareSecurityModuleNetworkAclsArgs
        {
            Bypass = "string",
            DefaultAction = "string",
        },
        PublicNetworkAccessEnabled = false,
        PurgeProtectionEnabled = false,
        SecurityDomainKeyVaultCertificateIds = new[]
        {
            "string",
        },
        SecurityDomainQuorum = 0,
        SoftDeleteRetentionDays = 0,
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := keyvault.NewManagedHardwareSecurityModule(ctx, "managedHardwareSecurityModuleResource", &keyvault.ManagedHardwareSecurityModuleArgs{
    	SkuName:           pulumi.String("string"),
    	ResourceGroupName: pulumi.String("string"),
    	AdminObjectIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TenantId: pulumi.String("string"),
    	Location: pulumi.String("string"),
    	Name:     pulumi.String("string"),
    	NetworkAcls: &keyvault.ManagedHardwareSecurityModuleNetworkAclsArgs{
    		Bypass:        pulumi.String("string"),
    		DefaultAction: pulumi.String("string"),
    	},
    	PublicNetworkAccessEnabled: pulumi.Bool(false),
    	PurgeProtectionEnabled:     pulumi.Bool(false),
    	SecurityDomainKeyVaultCertificateIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SecurityDomainQuorum:    pulumi.Int(0),
    	SoftDeleteRetentionDays: pulumi.Int(0),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var managedHardwareSecurityModuleResource = new ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", ManagedHardwareSecurityModuleArgs.builder()
        .skuName("string")
        .resourceGroupName("string")
        .adminObjectIds("string")
        .tenantId("string")
        .location("string")
        .name("string")
        .networkAcls(ManagedHardwareSecurityModuleNetworkAclsArgs.builder()
            .bypass("string")
            .defaultAction("string")
            .build())
        .publicNetworkAccessEnabled(false)
        .purgeProtectionEnabled(false)
        .securityDomainKeyVaultCertificateIds("string")
        .securityDomainQuorum(0)
        .softDeleteRetentionDays(0)
        .tags(Map.of("string", "string"))
        .build());
    
    managed_hardware_security_module_resource = azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource",
        sku_name="string",
        resource_group_name="string",
        admin_object_ids=["string"],
        tenant_id="string",
        location="string",
        name="string",
        network_acls={
            "bypass": "string",
            "defaultAction": "string",
        },
        public_network_access_enabled=False,
        purge_protection_enabled=False,
        security_domain_key_vault_certificate_ids=["string"],
        security_domain_quorum=0,
        soft_delete_retention_days=0,
        tags={
            "string": "string",
        })
    
    const managedHardwareSecurityModuleResource = new azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", {
        skuName: "string",
        resourceGroupName: "string",
        adminObjectIds: ["string"],
        tenantId: "string",
        location: "string",
        name: "string",
        networkAcls: {
            bypass: "string",
            defaultAction: "string",
        },
        publicNetworkAccessEnabled: false,
        purgeProtectionEnabled: false,
        securityDomainKeyVaultCertificateIds: ["string"],
        securityDomainQuorum: 0,
        softDeleteRetentionDays: 0,
        tags: {
            string: "string",
        },
    });
    
    type: azure:keyvault:ManagedHardwareSecurityModule
    properties:
        adminObjectIds:
            - string
        location: string
        name: string
        networkAcls:
            bypass: string
            defaultAction: string
        publicNetworkAccessEnabled: false
        purgeProtectionEnabled: false
        resourceGroupName: string
        securityDomainKeyVaultCertificateIds:
            - string
        securityDomainQuorum: 0
        skuName: string
        softDeleteRetentionDays: 0
        tags:
            string: string
        tenantId: string
    

    ManagedHardwareSecurityModule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ManagedHardwareSecurityModule resource accepts the following input properties:

    AdminObjectIds List<string>
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    ResourceGroupName string
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    SkuName string
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    TenantId string
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    Location string
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    NetworkAcls ManagedHardwareSecurityModuleNetworkAcls
    A network_acls block as defined below.
    PublicNetworkAccessEnabled bool
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    PurgeProtectionEnabled bool
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    SecurityDomainKeyVaultCertificateIds List<string>
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    SecurityDomainQuorum int
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    SoftDeleteRetentionDays int
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    AdminObjectIds []string
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    ResourceGroupName string
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    SkuName string
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    TenantId string
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    Location string
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    NetworkAcls ManagedHardwareSecurityModuleNetworkAclsArgs
    A network_acls block as defined below.
    PublicNetworkAccessEnabled bool
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    PurgeProtectionEnabled bool
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    SecurityDomainKeyVaultCertificateIds []string
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    SecurityDomainQuorum int
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    SoftDeleteRetentionDays int
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    adminObjectIds List<String>
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    resourceGroupName String
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    skuName String
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    tenantId String
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    location String
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    networkAcls ManagedHardwareSecurityModuleNetworkAcls
    A network_acls block as defined below.
    publicNetworkAccessEnabled Boolean
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purgeProtectionEnabled Boolean
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    securityDomainKeyVaultCertificateIds List<String>
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    securityDomainQuorum Integer
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    softDeleteRetentionDays Integer
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    adminObjectIds string[]
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    resourceGroupName string
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    skuName string
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    tenantId string
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    location string
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name string
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    networkAcls ManagedHardwareSecurityModuleNetworkAcls
    A network_acls block as defined below.
    publicNetworkAccessEnabled boolean
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purgeProtectionEnabled boolean
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    securityDomainKeyVaultCertificateIds string[]
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    securityDomainQuorum number
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    softDeleteRetentionDays number
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    admin_object_ids Sequence[str]
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    resource_group_name str
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    sku_name str
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    tenant_id str
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    location str
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name str
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    network_acls ManagedHardwareSecurityModuleNetworkAclsArgs
    A network_acls block as defined below.
    public_network_access_enabled bool
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purge_protection_enabled bool
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    security_domain_key_vault_certificate_ids Sequence[str]
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    security_domain_quorum int
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    soft_delete_retention_days int
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    adminObjectIds List<String>
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    resourceGroupName String
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    skuName String
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    tenantId String
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    location String
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    networkAcls Property Map
    A network_acls block as defined below.
    publicNetworkAccessEnabled Boolean
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purgeProtectionEnabled Boolean
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    securityDomainKeyVaultCertificateIds List<String>
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    securityDomainQuorum Number
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    softDeleteRetentionDays Number
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags Map<String>
    A mapping of tags to assign to the resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModule resource produces the following output properties:

    HsmUri string
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    Id string
    The provider-assigned unique ID for this managed resource.
    SecurityDomainEncryptedData string
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    HsmUri string
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    Id string
    The provider-assigned unique ID for this managed resource.
    SecurityDomainEncryptedData string
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    hsmUri String
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    id String
    The provider-assigned unique ID for this managed resource.
    securityDomainEncryptedData String
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    hsmUri string
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    id string
    The provider-assigned unique ID for this managed resource.
    securityDomainEncryptedData string
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    hsm_uri str
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    id str
    The provider-assigned unique ID for this managed resource.
    security_domain_encrypted_data str
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    hsmUri String
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    id String
    The provider-assigned unique ID for this managed resource.
    securityDomainEncryptedData String
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

    Look up Existing ManagedHardwareSecurityModule Resource

    Get an existing ManagedHardwareSecurityModule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleState, opts?: CustomResourceOptions): ManagedHardwareSecurityModule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            admin_object_ids: Optional[Sequence[str]] = None,
            hsm_uri: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            network_acls: Optional[ManagedHardwareSecurityModuleNetworkAclsArgs] = None,
            public_network_access_enabled: Optional[bool] = None,
            purge_protection_enabled: Optional[bool] = None,
            resource_group_name: Optional[str] = None,
            security_domain_encrypted_data: Optional[str] = None,
            security_domain_key_vault_certificate_ids: Optional[Sequence[str]] = None,
            security_domain_quorum: Optional[int] = None,
            sku_name: Optional[str] = None,
            soft_delete_retention_days: Optional[int] = None,
            tags: Optional[Mapping[str, str]] = None,
            tenant_id: Optional[str] = None) -> ManagedHardwareSecurityModule
    func GetManagedHardwareSecurityModule(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleState, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)
    public static ManagedHardwareSecurityModule Get(string name, Input<string> id, ManagedHardwareSecurityModuleState? state, CustomResourceOptions? opts = null)
    public static ManagedHardwareSecurityModule get(String name, Output<String> id, ManagedHardwareSecurityModuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AdminObjectIds List<string>
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    HsmUri string
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    Location string
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    NetworkAcls ManagedHardwareSecurityModuleNetworkAcls
    A network_acls block as defined below.
    PublicNetworkAccessEnabled bool
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    PurgeProtectionEnabled bool
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    ResourceGroupName string
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    SecurityDomainEncryptedData string
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    SecurityDomainKeyVaultCertificateIds List<string>
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    SecurityDomainQuorum int
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    SkuName string
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    SoftDeleteRetentionDays int
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    TenantId string
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    AdminObjectIds []string
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    HsmUri string
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    Location string
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    NetworkAcls ManagedHardwareSecurityModuleNetworkAclsArgs
    A network_acls block as defined below.
    PublicNetworkAccessEnabled bool
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    PurgeProtectionEnabled bool
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    ResourceGroupName string
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    SecurityDomainEncryptedData string
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    SecurityDomainKeyVaultCertificateIds []string
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    SecurityDomainQuorum int
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    SkuName string
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    SoftDeleteRetentionDays int
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    TenantId string
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    adminObjectIds List<String>
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    hsmUri String
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    location String
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    networkAcls ManagedHardwareSecurityModuleNetworkAcls
    A network_acls block as defined below.
    publicNetworkAccessEnabled Boolean
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purgeProtectionEnabled Boolean
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    resourceGroupName String
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    securityDomainEncryptedData String
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    securityDomainKeyVaultCertificateIds List<String>
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    securityDomainQuorum Integer
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    skuName String
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    softDeleteRetentionDays Integer
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    tenantId String
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    adminObjectIds string[]
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    hsmUri string
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    location string
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name string
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    networkAcls ManagedHardwareSecurityModuleNetworkAcls
    A network_acls block as defined below.
    publicNetworkAccessEnabled boolean
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purgeProtectionEnabled boolean
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    resourceGroupName string
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    securityDomainEncryptedData string
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    securityDomainKeyVaultCertificateIds string[]
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    securityDomainQuorum number
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    skuName string
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    softDeleteRetentionDays number
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    tenantId string
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    admin_object_ids Sequence[str]
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    hsm_uri str
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    location str
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name str
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    network_acls ManagedHardwareSecurityModuleNetworkAclsArgs
    A network_acls block as defined below.
    public_network_access_enabled bool
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purge_protection_enabled bool
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    resource_group_name str
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    security_domain_encrypted_data str
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    security_domain_key_vault_certificate_ids Sequence[str]
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    security_domain_quorum int
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    sku_name str
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    soft_delete_retention_days int
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    tenant_id str
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    adminObjectIds List<String>
    Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    hsmUri String
    The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
    location String
    Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    networkAcls Property Map
    A network_acls block as defined below.
    publicNetworkAccessEnabled Boolean
    Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
    purgeProtectionEnabled Boolean
    Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
    resourceGroupName String
    The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
    securityDomainEncryptedData String
    This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
    securityDomainKeyVaultCertificateIds List<String>
    A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
    securityDomainQuorum Number
    Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
    skuName String
    The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
    softDeleteRetentionDays Number
    The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
    tags Map<String>
    A mapping of tags to assign to the resource.
    tenantId String
    The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

    Supporting Types

    ManagedHardwareSecurityModuleNetworkAcls, ManagedHardwareSecurityModuleNetworkAclsArgs

    Bypass string
    Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
    DefaultAction string
    The Default Action to use. Possible values are Allow and Deny.
    Bypass string
    Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
    DefaultAction string
    The Default Action to use. Possible values are Allow and Deny.
    bypass String
    Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
    defaultAction String
    The Default Action to use. Possible values are Allow and Deny.
    bypass string
    Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
    defaultAction string
    The Default Action to use. Possible values are Allow and Deny.
    bypass str
    Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
    default_action str
    The Default Action to use. Possible values are Allow and Deny.
    bypass String
    Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
    defaultAction String
    The Default Action to use. Possible values are Allow and Deny.

    Import

    Key Vault Managed Hardware Security Module can be imported using the resource id, e.g.

    $ pulumi import azure:keyvault/managedHardwareSecurityModule:ManagedHardwareSecurityModule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.84.0 published on Tuesday, Jul 16, 2024 by Pulumi