azure logo
Azure Classic v5.43.0, May 6 23

azure.storage.CustomerManagedKey

Explore with Pulumi AI

Manages a Customer Managed Key for a Storage Account.

NOTE: It’s possible to define a Customer Managed Key both within the azure.storage.Account resource via the customer_managed_key block and by using the azure.storage.CustomerManagedKey resource. However it’s not possible to use both methods to manage a Customer Managed Key for a Storage Account, since there’ll be conflicts.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        SkuName = "standard",
        PurgeProtectionEnabled = true,
    });

    var exampleAccount = new Azure.Storage.Account("exampleAccount", new()
    {
        ResourceGroupName = exampleResourceGroup.Name,
        Location = exampleResourceGroup.Location,
        AccountTier = "Standard",
        AccountReplicationType = "GRS",
        Identity = new Azure.Storage.Inputs.AccountIdentityArgs
        {
            Type = "SystemAssigned",
        },
    });

    var storage = new Azure.KeyVault.AccessPolicy("storage", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        ObjectId = exampleAccount.Identity.Apply(identity => identity?.PrincipalId),
        SecretPermissions = new[]
        {
            "Get",
        },
        KeyPermissions = new[]
        {
            "Get",
            "UnwrapKey",
            "WrapKey",
        },
    });

    var client = new Azure.KeyVault.AccessPolicy("client", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        SecretPermissions = new[]
        {
            "Get",
        },
        KeyPermissions = new[]
        {
            "Get",
            "Create",
            "Delete",
            "List",
            "Restore",
            "Recover",
            "UnwrapKey",
            "WrapKey",
            "Purge",
            "Encrypt",
            "Decrypt",
            "Sign",
            "Verify",
            "GetRotationPolicy",
            "SetRotationPolicy",
        },
    });

    var exampleKey = new Azure.KeyVault.Key("exampleKey", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        KeyType = "RSA",
        KeySize = 2048,
        KeyOpts = new[]
        {
            "decrypt",
            "encrypt",
            "sign",
            "unwrapKey",
            "verify",
            "wrapKey",
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            client,
            storage,
        },
    });

    var exampleCustomerManagedKey = new Azure.Storage.CustomerManagedKey("exampleCustomerManagedKey", new()
    {
        StorageAccountId = exampleAccount.Id,
        KeyVaultId = exampleKeyVault.Id,
        KeyName = exampleKey.Name,
    });

});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
			Location:               exampleResourceGroup.Location,
			ResourceGroupName:      exampleResourceGroup.Name,
			TenantId:               *pulumi.String(current.TenantId),
			SkuName:                pulumi.String("standard"),
			PurgeProtectionEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		exampleAccount, err := storage.NewAccount(ctx, "exampleAccount", &storage.AccountArgs{
			ResourceGroupName:      exampleResourceGroup.Name,
			Location:               exampleResourceGroup.Location,
			AccountTier:            pulumi.String("Standard"),
			AccountReplicationType: pulumi.String("GRS"),
			Identity: &storage.AccountIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
		})
		if err != nil {
			return err
		}
		storage, err := keyvault.NewAccessPolicy(ctx, "storage", &keyvault.AccessPolicyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			TenantId:   *pulumi.String(current.TenantId),
			ObjectId: exampleAccount.Identity.ApplyT(func(identity storage.AccountIdentity) (*string, error) {
				return &identity.PrincipalId, nil
			}).(pulumi.StringPtrOutput),
			SecretPermissions: pulumi.StringArray{
				pulumi.String("Get"),
			},
			KeyPermissions: pulumi.StringArray{
				pulumi.String("Get"),
				pulumi.String("UnwrapKey"),
				pulumi.String("WrapKey"),
			},
		})
		if err != nil {
			return err
		}
		client, err := keyvault.NewAccessPolicy(ctx, "client", &keyvault.AccessPolicyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			TenantId:   *pulumi.String(current.TenantId),
			ObjectId:   *pulumi.String(current.ObjectId),
			SecretPermissions: pulumi.StringArray{
				pulumi.String("Get"),
			},
			KeyPermissions: pulumi.StringArray{
				pulumi.String("Get"),
				pulumi.String("Create"),
				pulumi.String("Delete"),
				pulumi.String("List"),
				pulumi.String("Restore"),
				pulumi.String("Recover"),
				pulumi.String("UnwrapKey"),
				pulumi.String("WrapKey"),
				pulumi.String("Purge"),
				pulumi.String("Encrypt"),
				pulumi.String("Decrypt"),
				pulumi.String("Sign"),
				pulumi.String("Verify"),
				pulumi.String("GetRotationPolicy"),
				pulumi.String("SetRotationPolicy"),
			},
		})
		if err != nil {
			return err
		}
		exampleKey, err := keyvault.NewKey(ctx, "exampleKey", &keyvault.KeyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			KeyType:    pulumi.String("RSA"),
			KeySize:    pulumi.Int(2048),
			KeyOpts: pulumi.StringArray{
				pulumi.String("decrypt"),
				pulumi.String("encrypt"),
				pulumi.String("sign"),
				pulumi.String("unwrapKey"),
				pulumi.String("verify"),
				pulumi.String("wrapKey"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			client,
			storage,
		}))
		if err != nil {
			return err
		}
		_, err = storage.NewCustomerManagedKey(ctx, "exampleCustomerManagedKey", &storage.CustomerManagedKeyArgs{
			StorageAccountId: exampleAccount.ID(),
			KeyVaultId:       exampleKeyVault.ID(),
			KeyName:          exampleKey.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.storage.CustomerManagedKey;
import com.pulumi.azure.storage.CustomerManagedKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("standard")
            .purgeProtectionEnabled(true)
            .build());

        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("GRS")
            .identity(AccountIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());

        var storage = new AccessPolicy("storage", AccessPolicyArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(exampleAccount.identity().applyValue(identity -> identity.principalId()))
            .secretPermissions("Get")
            .keyPermissions(            
                "Get",
                "UnwrapKey",
                "WrapKey")
            .build());

        var client = new AccessPolicy("client", AccessPolicyArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .secretPermissions("Get")
            .keyPermissions(            
                "Get",
                "Create",
                "Delete",
                "List",
                "Restore",
                "Recover",
                "UnwrapKey",
                "WrapKey",
                "Purge",
                "Encrypt",
                "Decrypt",
                "Sign",
                "Verify",
                "GetRotationPolicy",
                "SetRotationPolicy")
            .build());

        var exampleKey = new Key("exampleKey", KeyArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .keyType("RSA")
            .keySize(2048)
            .keyOpts(            
                "decrypt",
                "encrypt",
                "sign",
                "unwrapKey",
                "verify",
                "wrapKey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    client,
                    storage)
                .build());

        var exampleCustomerManagedKey = new CustomerManagedKey("exampleCustomerManagedKey", CustomerManagedKeyArgs.builder()        
            .storageAccountId(exampleAccount.id())
            .keyVaultId(exampleKeyVault.id())
            .keyName(exampleKey.name())
            .build());

    }
}
import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    tenant_id=current.tenant_id,
    sku_name="standard",
    purge_protection_enabled=True)
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="GRS",
    identity=azure.storage.AccountIdentityArgs(
        type="SystemAssigned",
    ))
storage = azure.keyvault.AccessPolicy("storage",
    key_vault_id=example_key_vault.id,
    tenant_id=current.tenant_id,
    object_id=example_account.identity.principal_id,
    secret_permissions=["Get"],
    key_permissions=[
        "Get",
        "UnwrapKey",
        "WrapKey",
    ])
client = azure.keyvault.AccessPolicy("client",
    key_vault_id=example_key_vault.id,
    tenant_id=current.tenant_id,
    object_id=current.object_id,
    secret_permissions=["Get"],
    key_permissions=[
        "Get",
        "Create",
        "Delete",
        "List",
        "Restore",
        "Recover",
        "UnwrapKey",
        "WrapKey",
        "Purge",
        "Encrypt",
        "Decrypt",
        "Sign",
        "Verify",
        "GetRotationPolicy",
        "SetRotationPolicy",
    ])
example_key = azure.keyvault.Key("exampleKey",
    key_vault_id=example_key_vault.id,
    key_type="RSA",
    key_size=2048,
    key_opts=[
        "decrypt",
        "encrypt",
        "sign",
        "unwrapKey",
        "verify",
        "wrapKey",
    ],
    opts=pulumi.ResourceOptions(depends_on=[
            client,
            storage,
        ]))
example_customer_managed_key = azure.storage.CustomerManagedKey("exampleCustomerManagedKey",
    storage_account_id=example_account.id,
    key_vault_id=example_key_vault.id,
    key_name=example_key.name)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    tenantId: current.then(current => current.tenantId),
    skuName: "standard",
    purgeProtectionEnabled: true,
});
const exampleAccount = new azure.storage.Account("exampleAccount", {
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
    accountTier: "Standard",
    accountReplicationType: "GRS",
    identity: {
        type: "SystemAssigned",
    },
});
const storage = new azure.keyvault.AccessPolicy("storage", {
    keyVaultId: exampleKeyVault.id,
    tenantId: current.then(current => current.tenantId),
    objectId: exampleAccount.identity.apply(identity => identity?.principalId),
    secretPermissions: ["Get"],
    keyPermissions: [
        "Get",
        "UnwrapKey",
        "WrapKey",
    ],
});
const client = new azure.keyvault.AccessPolicy("client", {
    keyVaultId: exampleKeyVault.id,
    tenantId: current.then(current => current.tenantId),
    objectId: current.then(current => current.objectId),
    secretPermissions: ["Get"],
    keyPermissions: [
        "Get",
        "Create",
        "Delete",
        "List",
        "Restore",
        "Recover",
        "UnwrapKey",
        "WrapKey",
        "Purge",
        "Encrypt",
        "Decrypt",
        "Sign",
        "Verify",
        "GetRotationPolicy",
        "SetRotationPolicy",
    ],
});
const exampleKey = new azure.keyvault.Key("exampleKey", {
    keyVaultId: exampleKeyVault.id,
    keyType: "RSA",
    keySize: 2048,
    keyOpts: [
        "decrypt",
        "encrypt",
        "sign",
        "unwrapKey",
        "verify",
        "wrapKey",
    ],
}, {
    dependsOn: [
        client,
        storage,
    ],
});
const exampleCustomerManagedKey = new azure.storage.CustomerManagedKey("exampleCustomerManagedKey", {
    storageAccountId: exampleAccount.id,
    keyVaultId: exampleKeyVault.id,
    keyName: exampleKey.name,
});
resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      tenantId: ${current.tenantId}
      skuName: standard
      purgeProtectionEnabled: true
  storage:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${exampleAccount.identity.principalId}
      secretPermissions:
        - Get
      keyPermissions:
        - Get
        - UnwrapKey
        - WrapKey
  client:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${current.objectId}
      secretPermissions:
        - Get
      keyPermissions:
        - Get
        - Create
        - Delete
        - List
        - Restore
        - Recover
        - UnwrapKey
        - WrapKey
        - Purge
        - Encrypt
        - Decrypt
        - Sign
        - Verify
        - GetRotationPolicy
        - SetRotationPolicy
  exampleKey:
    type: azure:keyvault:Key
    properties:
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - decrypt
        - encrypt
        - sign
        - unwrapKey
        - verify
        - wrapKey
    options:
      dependson:
        - ${client}
        - ${storage}
  exampleAccount:
    type: azure:storage:Account
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      location: ${exampleResourceGroup.location}
      accountTier: Standard
      accountReplicationType: GRS
      identity:
        type: SystemAssigned
  exampleCustomerManagedKey:
    type: azure:storage:CustomerManagedKey
    properties:
      storageAccountId: ${exampleAccount.id}
      keyVaultId: ${exampleKeyVault.id}
      keyName: ${exampleKey.name}
variables:
  current:
    fn::invoke:
      Function: azure:core:getClientConfig
      Arguments: {}

Create CustomerManagedKey Resource

new CustomerManagedKey(name: string, args: CustomerManagedKeyArgs, opts?: CustomResourceOptions);
@overload
def CustomerManagedKey(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       key_name: Optional[str] = None,
                       key_vault_id: Optional[str] = None,
                       key_version: Optional[str] = None,
                       storage_account_id: Optional[str] = None,
                       user_assigned_identity_id: Optional[str] = None)
@overload
def CustomerManagedKey(resource_name: str,
                       args: CustomerManagedKeyArgs,
                       opts: Optional[ResourceOptions] = None)
func NewCustomerManagedKey(ctx *Context, name string, args CustomerManagedKeyArgs, opts ...ResourceOption) (*CustomerManagedKey, error)
public CustomerManagedKey(string name, CustomerManagedKeyArgs args, CustomResourceOptions? opts = null)
public CustomerManagedKey(String name, CustomerManagedKeyArgs args)
public CustomerManagedKey(String name, CustomerManagedKeyArgs args, CustomResourceOptions options)
type: azure:storage:CustomerManagedKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CustomerManagedKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CustomerManagedKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CustomerManagedKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CustomerManagedKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CustomerManagedKeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

CustomerManagedKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CustomerManagedKey resource accepts the following input properties:

KeyName string

The name of Key Vault Key.

KeyVaultId string

The ID of the Key Vault.

StorageAccountId string

The ID of the Storage Account. Changing this forces a new resource to be created.

KeyVersion string

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

UserAssignedIdentityId string

The ID of a user assigned identity.

KeyName string

The name of Key Vault Key.

KeyVaultId string

The ID of the Key Vault.

StorageAccountId string

The ID of the Storage Account. Changing this forces a new resource to be created.

KeyVersion string

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

UserAssignedIdentityId string

The ID of a user assigned identity.

keyName String

The name of Key Vault Key.

keyVaultId String

The ID of the Key Vault.

storageAccountId String

The ID of the Storage Account. Changing this forces a new resource to be created.

keyVersion String

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

userAssignedIdentityId String

The ID of a user assigned identity.

keyName string

The name of Key Vault Key.

keyVaultId string

The ID of the Key Vault.

storageAccountId string

The ID of the Storage Account. Changing this forces a new resource to be created.

keyVersion string

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

userAssignedIdentityId string

The ID of a user assigned identity.

key_name str

The name of Key Vault Key.

key_vault_id str

The ID of the Key Vault.

storage_account_id str

The ID of the Storage Account. Changing this forces a new resource to be created.

key_version str

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

user_assigned_identity_id str

The ID of a user assigned identity.

keyName String

The name of Key Vault Key.

keyVaultId String

The ID of the Key Vault.

storageAccountId String

The ID of the Storage Account. Changing this forces a new resource to be created.

keyVersion String

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

userAssignedIdentityId String

The ID of a user assigned identity.

Outputs

All input properties are implicitly available as output properties. Additionally, the CustomerManagedKey resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing CustomerManagedKey Resource

Get an existing CustomerManagedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CustomerManagedKeyState, opts?: CustomResourceOptions): CustomerManagedKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        key_name: Optional[str] = None,
        key_vault_id: Optional[str] = None,
        key_version: Optional[str] = None,
        storage_account_id: Optional[str] = None,
        user_assigned_identity_id: Optional[str] = None) -> CustomerManagedKey
func GetCustomerManagedKey(ctx *Context, name string, id IDInput, state *CustomerManagedKeyState, opts ...ResourceOption) (*CustomerManagedKey, error)
public static CustomerManagedKey Get(string name, Input<string> id, CustomerManagedKeyState? state, CustomResourceOptions? opts = null)
public static CustomerManagedKey get(String name, Output<String> id, CustomerManagedKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
KeyName string

The name of Key Vault Key.

KeyVaultId string

The ID of the Key Vault.

KeyVersion string

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

StorageAccountId string

The ID of the Storage Account. Changing this forces a new resource to be created.

UserAssignedIdentityId string

The ID of a user assigned identity.

KeyName string

The name of Key Vault Key.

KeyVaultId string

The ID of the Key Vault.

KeyVersion string

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

StorageAccountId string

The ID of the Storage Account. Changing this forces a new resource to be created.

UserAssignedIdentityId string

The ID of a user assigned identity.

keyName String

The name of Key Vault Key.

keyVaultId String

The ID of the Key Vault.

keyVersion String

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

storageAccountId String

The ID of the Storage Account. Changing this forces a new resource to be created.

userAssignedIdentityId String

The ID of a user assigned identity.

keyName string

The name of Key Vault Key.

keyVaultId string

The ID of the Key Vault.

keyVersion string

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

storageAccountId string

The ID of the Storage Account. Changing this forces a new resource to be created.

userAssignedIdentityId string

The ID of a user assigned identity.

key_name str

The name of Key Vault Key.

key_vault_id str

The ID of the Key Vault.

key_version str

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

storage_account_id str

The ID of the Storage Account. Changing this forces a new resource to be created.

user_assigned_identity_id str

The ID of a user assigned identity.

keyName String

The name of Key Vault Key.

keyVaultId String

The ID of the Key Vault.

keyVersion String

The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.

storageAccountId String

The ID of the Storage Account. Changing this forces a new resource to be created.

userAssignedIdentityId String

The ID of a user assigned identity.

Import

Customer Managed Keys for a Storage Account can be imported using the resource id of the Storage Account, e.g.

 $ pulumi import azure:storage/customerManagedKey:CustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/myaccount

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.