1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. ManagedStorageAccount

We recommend using Azure Native.

Azure Classic v5.80.0 published on Monday, Jun 10, 2024 by Pulumi

azure.keyvault.ManagedStorageAccount

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.80.0 published on Monday, Jun 10, 2024 by Pulumi

    Manages a Key Vault Managed Storage Account.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const current = azure.core.getClientConfig({});
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleAccount = new azure.storage.Account("example", {
        name: "storageaccountname",
        resourceGroupName: example.name,
        location: example.location,
        accountTier: "Standard",
        accountReplicationType: "LRS",
    });
    const exampleKeyVault = new azure.keyvault.KeyVault("example", {
        name: "keyvaultname",
        location: example.location,
        resourceGroupName: example.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "standard",
        accessPolicies: [{
            tenantId: current.then(current => current.tenantId),
            objectId: current.then(current => current.objectId),
            secretPermissions: [
                "Get",
                "Delete",
            ],
            storagePermissions: [
                "Get",
                "List",
                "Set",
                "SetSAS",
                "GetSAS",
                "DeleteSAS",
                "Update",
                "RegenerateKey",
            ],
        }],
    });
    const exampleManagedStorageAccount = new azure.keyvault.ManagedStorageAccount("example", {
        name: "examplemanagedstorage",
        keyVaultId: exampleKeyVault.id,
        storageAccountId: exampleAccount.id,
        storageAccountKey: "key1",
        regenerateKeyAutomatically: false,
        regenerationPeriod: "P1D",
    });
    
    import pulumi
    import pulumi_azure as azure
    
    current = azure.core.get_client_config()
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_account = azure.storage.Account("example",
        name="storageaccountname",
        resource_group_name=example.name,
        location=example.location,
        account_tier="Standard",
        account_replication_type="LRS")
    example_key_vault = azure.keyvault.KeyVault("example",
        name="keyvaultname",
        location=example.location,
        resource_group_name=example.name,
        tenant_id=current.tenant_id,
        sku_name="standard",
        access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
            tenant_id=current.tenant_id,
            object_id=current.object_id,
            secret_permissions=[
                "Get",
                "Delete",
            ],
            storage_permissions=[
                "Get",
                "List",
                "Set",
                "SetSAS",
                "GetSAS",
                "DeleteSAS",
                "Update",
                "RegenerateKey",
            ],
        )])
    example_managed_storage_account = azure.keyvault.ManagedStorageAccount("example",
        name="examplemanagedstorage",
        key_vault_id=example_key_vault.id,
        storage_account_id=example_account.id,
        storage_account_key="key1",
        regenerate_key_automatically=False,
        regeneration_period="P1D")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
    			Name:                   pulumi.String("storageaccountname"),
    			ResourceGroupName:      example.Name,
    			Location:               example.Location,
    			AccountTier:            pulumi.String("Standard"),
    			AccountReplicationType: pulumi.String("LRS"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
    			Name:              pulumi.String("keyvaultname"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			TenantId:          pulumi.String(current.TenantId),
    			SkuName:           pulumi.String("standard"),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: pulumi.String(current.TenantId),
    					ObjectId: pulumi.String(current.ObjectId),
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Get"),
    						pulumi.String("Delete"),
    					},
    					StoragePermissions: pulumi.StringArray{
    						pulumi.String("Get"),
    						pulumi.String("List"),
    						pulumi.String("Set"),
    						pulumi.String("SetSAS"),
    						pulumi.String("GetSAS"),
    						pulumi.String("DeleteSAS"),
    						pulumi.String("Update"),
    						pulumi.String("RegenerateKey"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewManagedStorageAccount(ctx, "example", &keyvault.ManagedStorageAccountArgs{
    			Name:                       pulumi.String("examplemanagedstorage"),
    			KeyVaultId:                 exampleKeyVault.ID(),
    			StorageAccountId:           exampleAccount.ID(),
    			StorageAccountKey:          pulumi.String("key1"),
    			RegenerateKeyAutomatically: pulumi.Bool(false),
    			RegenerationPeriod:         pulumi.String("P1D"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleAccount = new Azure.Storage.Account("example", new()
        {
            Name = "storageaccountname",
            ResourceGroupName = example.Name,
            Location = example.Location,
            AccountTier = "Standard",
            AccountReplicationType = "LRS",
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
        {
            Name = "keyvaultname",
            Location = example.Location,
            ResourceGroupName = example.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "standard",
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    SecretPermissions = new[]
                    {
                        "Get",
                        "Delete",
                    },
                    StoragePermissions = new[]
                    {
                        "Get",
                        "List",
                        "Set",
                        "SetSAS",
                        "GetSAS",
                        "DeleteSAS",
                        "Update",
                        "RegenerateKey",
                    },
                },
            },
        });
    
        var exampleManagedStorageAccount = new Azure.KeyVault.ManagedStorageAccount("example", new()
        {
            Name = "examplemanagedstorage",
            KeyVaultId = exampleKeyVault.Id,
            StorageAccountId = exampleAccount.Id,
            StorageAccountKey = "key1",
            RegenerateKeyAutomatically = false,
            RegenerationPeriod = "P1D",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.storage.Account;
    import com.pulumi.azure.storage.AccountArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.keyvault.ManagedStorageAccount;
    import com.pulumi.azure.keyvault.ManagedStorageAccountArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
                .name("storageaccountname")
                .resourceGroupName(example.name())
                .location(example.location())
                .accountTier("Standard")
                .accountReplicationType("LRS")
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
                .name("keyvaultname")
                .location(example.location())
                .resourceGroupName(example.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("standard")
                .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                    .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                    .secretPermissions(                
                        "Get",
                        "Delete")
                    .storagePermissions(                
                        "Get",
                        "List",
                        "Set",
                        "SetSAS",
                        "GetSAS",
                        "DeleteSAS",
                        "Update",
                        "RegenerateKey")
                    .build())
                .build());
    
            var exampleManagedStorageAccount = new ManagedStorageAccount("exampleManagedStorageAccount", ManagedStorageAccountArgs.builder()
                .name("examplemanagedstorage")
                .keyVaultId(exampleKeyVault.id())
                .storageAccountId(exampleAccount.id())
                .storageAccountKey("key1")
                .regenerateKeyAutomatically(false)
                .regenerationPeriod("P1D")
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleAccount:
        type: azure:storage:Account
        name: example
        properties:
          name: storageaccountname
          resourceGroupName: ${example.name}
          location: ${example.location}
          accountTier: Standard
          accountReplicationType: LRS
      exampleKeyVault:
        type: azure:keyvault:KeyVault
        name: example
        properties:
          name: keyvaultname
          location: ${example.location}
          resourceGroupName: ${example.name}
          tenantId: ${current.tenantId}
          skuName: standard
          accessPolicies:
            - tenantId: ${current.tenantId}
              objectId: ${current.objectId}
              secretPermissions:
                - Get
                - Delete
              storagePermissions:
                - Get
                - List
                - Set
                - SetSAS
                - GetSAS
                - DeleteSAS
                - Update
                - RegenerateKey
      exampleManagedStorageAccount:
        type: azure:keyvault:ManagedStorageAccount
        name: example
        properties:
          name: examplemanagedstorage
          keyVaultId: ${exampleKeyVault.id}
          storageAccountId: ${exampleAccount.id}
          storageAccountKey: key1
          regenerateKeyAutomatically: false
          regenerationPeriod: P1D
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Automatically Regenerate Storage Account Access Key)

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    import * as azuread from "@pulumi/azuread";
    
    const current = azure.core.getClientConfig({});
    const test = azuread.getServicePrincipal({
        applicationId: "cfa8b339-82a2-471a-a3c9-0fc0be7a4093",
    });
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleAccount = new azure.storage.Account("example", {
        name: "storageaccountname",
        resourceGroupName: example.name,
        location: example.location,
        accountTier: "Standard",
        accountReplicationType: "LRS",
    });
    const exampleKeyVault = new azure.keyvault.KeyVault("example", {
        name: "keyvaultname",
        location: example.location,
        resourceGroupName: example.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "standard",
        accessPolicies: [{
            tenantId: current.then(current => current.tenantId),
            objectId: current.then(current => current.objectId),
            secretPermissions: [
                "Get",
                "Delete",
            ],
            storagePermissions: [
                "Get",
                "List",
                "Set",
                "SetSAS",
                "GetSAS",
                "DeleteSAS",
                "Update",
                "RegenerateKey",
            ],
        }],
    });
    const exampleAssignment = new azure.authorization.Assignment("example", {
        scope: exampleAccount.id,
        roleDefinitionName: "Storage Account Key Operator Service Role",
        principalId: test.then(test => test.id),
    });
    const exampleManagedStorageAccount = new azure.keyvault.ManagedStorageAccount("example", {
        name: "examplemanagedstorage",
        keyVaultId: exampleKeyVault.id,
        storageAccountId: exampleAccount.id,
        storageAccountKey: "key1",
        regenerateKeyAutomatically: true,
        regenerationPeriod: "P1D",
    }, {
        dependsOn: [exampleAssignment],
    });
    
    import pulumi
    import pulumi_azure as azure
    import pulumi_azuread as azuread
    
    current = azure.core.get_client_config()
    test = azuread.get_service_principal(application_id="cfa8b339-82a2-471a-a3c9-0fc0be7a4093")
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_account = azure.storage.Account("example",
        name="storageaccountname",
        resource_group_name=example.name,
        location=example.location,
        account_tier="Standard",
        account_replication_type="LRS")
    example_key_vault = azure.keyvault.KeyVault("example",
        name="keyvaultname",
        location=example.location,
        resource_group_name=example.name,
        tenant_id=current.tenant_id,
        sku_name="standard",
        access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
            tenant_id=current.tenant_id,
            object_id=current.object_id,
            secret_permissions=[
                "Get",
                "Delete",
            ],
            storage_permissions=[
                "Get",
                "List",
                "Set",
                "SetSAS",
                "GetSAS",
                "DeleteSAS",
                "Update",
                "RegenerateKey",
            ],
        )])
    example_assignment = azure.authorization.Assignment("example",
        scope=example_account.id,
        role_definition_name="Storage Account Key Operator Service Role",
        principal_id=test.id)
    example_managed_storage_account = azure.keyvault.ManagedStorageAccount("example",
        name="examplemanagedstorage",
        key_vault_id=example_key_vault.id,
        storage_account_id=example_account.id,
        storage_account_key="key1",
        regenerate_key_automatically=True,
        regeneration_period="P1D",
        opts=pulumi.ResourceOptions(depends_on=[example_assignment]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		test, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
    			ApplicationId: pulumi.StringRef("cfa8b339-82a2-471a-a3c9-0fc0be7a4093"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
    			Name:                   pulumi.String("storageaccountname"),
    			ResourceGroupName:      example.Name,
    			Location:               example.Location,
    			AccountTier:            pulumi.String("Standard"),
    			AccountReplicationType: pulumi.String("LRS"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
    			Name:              pulumi.String("keyvaultname"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			TenantId:          pulumi.String(current.TenantId),
    			SkuName:           pulumi.String("standard"),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: pulumi.String(current.TenantId),
    					ObjectId: pulumi.String(current.ObjectId),
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Get"),
    						pulumi.String("Delete"),
    					},
    					StoragePermissions: pulumi.StringArray{
    						pulumi.String("Get"),
    						pulumi.String("List"),
    						pulumi.String("Set"),
    						pulumi.String("SetSAS"),
    						pulumi.String("GetSAS"),
    						pulumi.String("DeleteSAS"),
    						pulumi.String("Update"),
    						pulumi.String("RegenerateKey"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
    			Scope:              exampleAccount.ID(),
    			RoleDefinitionName: pulumi.String("Storage Account Key Operator Service Role"),
    			PrincipalId:        pulumi.String(test.Id),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewManagedStorageAccount(ctx, "example", &keyvault.ManagedStorageAccountArgs{
    			Name:                       pulumi.String("examplemanagedstorage"),
    			KeyVaultId:                 exampleKeyVault.ID(),
    			StorageAccountId:           exampleAccount.ID(),
    			StorageAccountKey:          pulumi.String("key1"),
    			RegenerateKeyAutomatically: pulumi.Bool(true),
    			RegenerationPeriod:         pulumi.String("P1D"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			exampleAssignment,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var test = AzureAD.GetServicePrincipal.Invoke(new()
        {
            ApplicationId = "cfa8b339-82a2-471a-a3c9-0fc0be7a4093",
        });
    
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleAccount = new Azure.Storage.Account("example", new()
        {
            Name = "storageaccountname",
            ResourceGroupName = example.Name,
            Location = example.Location,
            AccountTier = "Standard",
            AccountReplicationType = "LRS",
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
        {
            Name = "keyvaultname",
            Location = example.Location,
            ResourceGroupName = example.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "standard",
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    SecretPermissions = new[]
                    {
                        "Get",
                        "Delete",
                    },
                    StoragePermissions = new[]
                    {
                        "Get",
                        "List",
                        "Set",
                        "SetSAS",
                        "GetSAS",
                        "DeleteSAS",
                        "Update",
                        "RegenerateKey",
                    },
                },
            },
        });
    
        var exampleAssignment = new Azure.Authorization.Assignment("example", new()
        {
            Scope = exampleAccount.Id,
            RoleDefinitionName = "Storage Account Key Operator Service Role",
            PrincipalId = test.Apply(getServicePrincipalResult => getServicePrincipalResult.Id),
        });
    
        var exampleManagedStorageAccount = new Azure.KeyVault.ManagedStorageAccount("example", new()
        {
            Name = "examplemanagedstorage",
            KeyVaultId = exampleKeyVault.Id,
            StorageAccountId = exampleAccount.Id,
            StorageAccountKey = "key1",
            RegenerateKeyAutomatically = true,
            RegenerationPeriod = "P1D",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                exampleAssignment,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azuread.AzureadFunctions;
    import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.storage.Account;
    import com.pulumi.azure.storage.AccountArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.authorization.Assignment;
    import com.pulumi.azure.authorization.AssignmentArgs;
    import com.pulumi.azure.keyvault.ManagedStorageAccount;
    import com.pulumi.azure.keyvault.ManagedStorageAccountArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            final var test = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
                .applicationId("cfa8b339-82a2-471a-a3c9-0fc0be7a4093")
                .build());
    
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
                .name("storageaccountname")
                .resourceGroupName(example.name())
                .location(example.location())
                .accountTier("Standard")
                .accountReplicationType("LRS")
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
                .name("keyvaultname")
                .location(example.location())
                .resourceGroupName(example.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("standard")
                .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                    .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                    .secretPermissions(                
                        "Get",
                        "Delete")
                    .storagePermissions(                
                        "Get",
                        "List",
                        "Set",
                        "SetSAS",
                        "GetSAS",
                        "DeleteSAS",
                        "Update",
                        "RegenerateKey")
                    .build())
                .build());
    
            var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
                .scope(exampleAccount.id())
                .roleDefinitionName("Storage Account Key Operator Service Role")
                .principalId(test.applyValue(getServicePrincipalResult -> getServicePrincipalResult.id()))
                .build());
    
            var exampleManagedStorageAccount = new ManagedStorageAccount("exampleManagedStorageAccount", ManagedStorageAccountArgs.builder()
                .name("examplemanagedstorage")
                .keyVaultId(exampleKeyVault.id())
                .storageAccountId(exampleAccount.id())
                .storageAccountKey("key1")
                .regenerateKeyAutomatically(true)
                .regenerationPeriod("P1D")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(exampleAssignment)
                    .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleAccount:
        type: azure:storage:Account
        name: example
        properties:
          name: storageaccountname
          resourceGroupName: ${example.name}
          location: ${example.location}
          accountTier: Standard
          accountReplicationType: LRS
      exampleKeyVault:
        type: azure:keyvault:KeyVault
        name: example
        properties:
          name: keyvaultname
          location: ${example.location}
          resourceGroupName: ${example.name}
          tenantId: ${current.tenantId}
          skuName: standard
          accessPolicies:
            - tenantId: ${current.tenantId}
              objectId: ${current.objectId}
              secretPermissions:
                - Get
                - Delete
              storagePermissions:
                - Get
                - List
                - Set
                - SetSAS
                - GetSAS
                - DeleteSAS
                - Update
                - RegenerateKey
      exampleAssignment:
        type: azure:authorization:Assignment
        name: example
        properties:
          scope: ${exampleAccount.id}
          roleDefinitionName: Storage Account Key Operator Service Role
          principalId: ${test.id}
      exampleManagedStorageAccount:
        type: azure:keyvault:ManagedStorageAccount
        name: example
        properties:
          name: examplemanagedstorage
          keyVaultId: ${exampleKeyVault.id}
          storageAccountId: ${exampleAccount.id}
          storageAccountKey: key1
          regenerateKeyAutomatically: true
          regenerationPeriod: P1D
        options:
          dependson:
            - ${exampleAssignment}
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
      test:
        fn::invoke:
          Function: azuread:getServicePrincipal
          Arguments:
            applicationId: cfa8b339-82a2-471a-a3c9-0fc0be7a4093
    

    Create ManagedStorageAccount Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ManagedStorageAccount(name: string, args: ManagedStorageAccountArgs, opts?: CustomResourceOptions);
    @overload
    def ManagedStorageAccount(resource_name: str,
                              args: ManagedStorageAccountArgs,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def ManagedStorageAccount(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              key_vault_id: Optional[str] = None,
                              storage_account_id: Optional[str] = None,
                              storage_account_key: Optional[str] = None,
                              name: Optional[str] = None,
                              regenerate_key_automatically: Optional[bool] = None,
                              regeneration_period: Optional[str] = None,
                              tags: Optional[Mapping[str, str]] = None)
    func NewManagedStorageAccount(ctx *Context, name string, args ManagedStorageAccountArgs, opts ...ResourceOption) (*ManagedStorageAccount, error)
    public ManagedStorageAccount(string name, ManagedStorageAccountArgs args, CustomResourceOptions? opts = null)
    public ManagedStorageAccount(String name, ManagedStorageAccountArgs args)
    public ManagedStorageAccount(String name, ManagedStorageAccountArgs args, CustomResourceOptions options)
    
    type: azure:keyvault:ManagedStorageAccount
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ManagedStorageAccountArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ManagedStorageAccountArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ManagedStorageAccountArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ManagedStorageAccountArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ManagedStorageAccountArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var managedStorageAccountResource = new Azure.KeyVault.ManagedStorageAccount("managedStorageAccountResource", new()
    {
        KeyVaultId = "string",
        StorageAccountId = "string",
        StorageAccountKey = "string",
        Name = "string",
        RegenerateKeyAutomatically = false,
        RegenerationPeriod = "string",
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := keyvault.NewManagedStorageAccount(ctx, "managedStorageAccountResource", &keyvault.ManagedStorageAccountArgs{
    	KeyVaultId:                 pulumi.String("string"),
    	StorageAccountId:           pulumi.String("string"),
    	StorageAccountKey:          pulumi.String("string"),
    	Name:                       pulumi.String("string"),
    	RegenerateKeyAutomatically: pulumi.Bool(false),
    	RegenerationPeriod:         pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var managedStorageAccountResource = new ManagedStorageAccount("managedStorageAccountResource", ManagedStorageAccountArgs.builder()
        .keyVaultId("string")
        .storageAccountId("string")
        .storageAccountKey("string")
        .name("string")
        .regenerateKeyAutomatically(false)
        .regenerationPeriod("string")
        .tags(Map.of("string", "string"))
        .build());
    
    managed_storage_account_resource = azure.keyvault.ManagedStorageAccount("managedStorageAccountResource",
        key_vault_id="string",
        storage_account_id="string",
        storage_account_key="string",
        name="string",
        regenerate_key_automatically=False,
        regeneration_period="string",
        tags={
            "string": "string",
        })
    
    const managedStorageAccountResource = new azure.keyvault.ManagedStorageAccount("managedStorageAccountResource", {
        keyVaultId: "string",
        storageAccountId: "string",
        storageAccountKey: "string",
        name: "string",
        regenerateKeyAutomatically: false,
        regenerationPeriod: "string",
        tags: {
            string: "string",
        },
    });
    
    type: azure:keyvault:ManagedStorageAccount
    properties:
        keyVaultId: string
        name: string
        regenerateKeyAutomatically: false
        regenerationPeriod: string
        storageAccountId: string
        storageAccountKey: string
        tags:
            string: string
    

    ManagedStorageAccount Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ManagedStorageAccount resource accepts the following input properties:

    KeyVaultId string
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    StorageAccountId string
    The ID of the Storage Account.
    StorageAccountKey string
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    Name string
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    RegenerateKeyAutomatically bool

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    RegenerationPeriod string
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    Tags Dictionary<string, string>
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    KeyVaultId string
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    StorageAccountId string
    The ID of the Storage Account.
    StorageAccountKey string
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    Name string
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    RegenerateKeyAutomatically bool

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    RegenerationPeriod string
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    Tags map[string]string
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    keyVaultId String
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    storageAccountId String
    The ID of the Storage Account.
    storageAccountKey String
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    name String
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerateKeyAutomatically Boolean

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regenerationPeriod String
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    tags Map<String,String>
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    keyVaultId string
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    storageAccountId string
    The ID of the Storage Account.
    storageAccountKey string
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    name string
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerateKeyAutomatically boolean

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regenerationPeriod string
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    tags {[key: string]: string}
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    key_vault_id str
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    storage_account_id str
    The ID of the Storage Account.
    storage_account_key str
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    name str
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerate_key_automatically bool

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regeneration_period str
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    tags Mapping[str, str]
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    keyVaultId String
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    storageAccountId String
    The ID of the Storage Account.
    storageAccountKey String
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    name String
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerateKeyAutomatically Boolean

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regenerationPeriod String
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    tags Map<String>
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ManagedStorageAccount resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ManagedStorageAccount Resource

    Get an existing ManagedStorageAccount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ManagedStorageAccountState, opts?: CustomResourceOptions): ManagedStorageAccount
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            key_vault_id: Optional[str] = None,
            name: Optional[str] = None,
            regenerate_key_automatically: Optional[bool] = None,
            regeneration_period: Optional[str] = None,
            storage_account_id: Optional[str] = None,
            storage_account_key: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None) -> ManagedStorageAccount
    func GetManagedStorageAccount(ctx *Context, name string, id IDInput, state *ManagedStorageAccountState, opts ...ResourceOption) (*ManagedStorageAccount, error)
    public static ManagedStorageAccount Get(string name, Input<string> id, ManagedStorageAccountState? state, CustomResourceOptions? opts = null)
    public static ManagedStorageAccount get(String name, Output<String> id, ManagedStorageAccountState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    KeyVaultId string
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    Name string
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    RegenerateKeyAutomatically bool

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    RegenerationPeriod string
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    StorageAccountId string
    The ID of the Storage Account.
    StorageAccountKey string
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    Tags Dictionary<string, string>
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    KeyVaultId string
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    Name string
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    RegenerateKeyAutomatically bool

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    RegenerationPeriod string
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    StorageAccountId string
    The ID of the Storage Account.
    StorageAccountKey string
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    Tags map[string]string
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    keyVaultId String
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    name String
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerateKeyAutomatically Boolean

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regenerationPeriod String
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    storageAccountId String
    The ID of the Storage Account.
    storageAccountKey String
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    tags Map<String,String>
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    keyVaultId string
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    name string
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerateKeyAutomatically boolean

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regenerationPeriod string
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    storageAccountId string
    The ID of the Storage Account.
    storageAccountKey string
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    tags {[key: string]: string}
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    key_vault_id str
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    name str
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerate_key_automatically bool

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regeneration_period str
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    storage_account_id str
    The ID of the Storage Account.
    storage_account_key str
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    tags Mapping[str, str]
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
    keyVaultId String
    The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
    name String
    The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
    regenerateKeyAutomatically Boolean

    Should Storage Account access key be regenerated periodically?

    NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.

    regenerationPeriod String
    How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
    storageAccountId String
    The ID of the Storage Account.
    storageAccountKey String
    Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.
    tags Map<String>
    A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.

    Import

    Key Vault Managed Storage Accounts can be imported using the resource id, e.g.

    $ pulumi import azure:keyvault/managedStorageAccount:ManagedStorageAccount example https://example-keyvault.vault.azure.net/storage/exampleStorageAcc01
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.80.0 published on Monday, Jun 10, 2024 by Pulumi