azure.storage.CustomerManagedKey
Explore with Pulumi AI
Manages a Customer Managed Key for a Storage Account.
NOTE: It’s possible to define a Customer Managed Key both within the
azure.storage.Account
resource via thecustomer_managed_key
block and by using theazure.storage.CustomerManagedKey
resource. However it’s not possible to use both methods to manage a Customer Managed Key for a Storage Account, since there’ll be conflicts.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
PurgeProtectionEnabled = true,
});
var exampleAccount = new Azure.Storage.Account("exampleAccount", new()
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
AccountTier = "Standard",
AccountReplicationType = "GRS",
Identity = new Azure.Storage.Inputs.AccountIdentityArgs
{
Type = "SystemAssigned",
},
});
var storage = new Azure.KeyVault.AccessPolicy("storage", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = exampleAccount.Identity.Apply(identity => identity?.PrincipalId),
SecretPermissions = new[]
{
"Get",
},
KeyPermissions = new[]
{
"Get",
"UnwrapKey",
"WrapKey",
},
});
var client = new Azure.KeyVault.AccessPolicy("client", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
SecretPermissions = new[]
{
"Get",
},
KeyPermissions = new[]
{
"Get",
"Create",
"Delete",
"List",
"Restore",
"Recover",
"UnwrapKey",
"WrapKey",
"Purge",
"Encrypt",
"Decrypt",
"Sign",
"Verify",
"GetRotationPolicy",
"SetRotationPolicy",
},
});
var exampleKey = new Azure.KeyVault.Key("exampleKey", new()
{
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
client,
storage,
},
});
var exampleCustomerManagedKey = new Azure.Storage.CustomerManagedKey("exampleCustomerManagedKey", new()
{
StorageAccountId = exampleAccount.Id,
KeyVaultId = exampleKeyVault.Id,
KeyName = exampleKey.Name,
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
TenantId: *pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "exampleAccount", &storage.AccountArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
Identity: &storage.AccountIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
storage, err := keyvault.NewAccessPolicy(ctx, "storage", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: *pulumi.String(current.TenantId),
ObjectId: exampleAccount.Identity.ApplyT(func(identity storage.AccountIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
},
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("UnwrapKey"),
pulumi.String("WrapKey"),
},
})
if err != nil {
return err
}
client, err := keyvault.NewAccessPolicy(ctx, "client", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: *pulumi.String(current.TenantId),
ObjectId: *pulumi.String(current.ObjectId),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
},
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("List"),
pulumi.String("Restore"),
pulumi.String("Recover"),
pulumi.String("UnwrapKey"),
pulumi.String("WrapKey"),
pulumi.String("Purge"),
pulumi.String("Encrypt"),
pulumi.String("Decrypt"),
pulumi.String("Sign"),
pulumi.String("Verify"),
pulumi.String("GetRotationPolicy"),
pulumi.String("SetRotationPolicy"),
},
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "exampleKey", &keyvault.KeyArgs{
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
client,
storage,
}))
if err != nil {
return err
}
_, err = storage.NewCustomerManagedKey(ctx, "exampleCustomerManagedKey", &storage.CustomerManagedKeyArgs{
StorageAccountId: exampleAccount.ID(),
KeyVaultId: exampleKeyVault.ID(),
KeyName: exampleKey.Name,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.storage.CustomerManagedKey;
import com.pulumi.azure.storage.CustomerManagedKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.purgeProtectionEnabled(true)
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.accountTier("Standard")
.accountReplicationType("GRS")
.identity(AccountIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var storage = new AccessPolicy("storage", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(exampleAccount.identity().applyValue(identity -> identity.principalId()))
.secretPermissions("Get")
.keyPermissions(
"Get",
"UnwrapKey",
"WrapKey")
.build());
var client = new AccessPolicy("client", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.secretPermissions("Get")
.keyPermissions(
"Get",
"Create",
"Delete",
"List",
"Restore",
"Recover",
"UnwrapKey",
"WrapKey",
"Purge",
"Encrypt",
"Decrypt",
"Sign",
"Verify",
"GetRotationPolicy",
"SetRotationPolicy")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
client,
storage)
.build());
var exampleCustomerManagedKey = new CustomerManagedKey("exampleCustomerManagedKey", CustomerManagedKeyArgs.builder()
.storageAccountId(exampleAccount.id())
.keyVaultId(exampleKeyVault.id())
.keyName(exampleKey.name())
.build());
}
}
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
tenant_id=current.tenant_id,
sku_name="standard",
purge_protection_enabled=True)
example_account = azure.storage.Account("exampleAccount",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
account_tier="Standard",
account_replication_type="GRS",
identity=azure.storage.AccountIdentityArgs(
type="SystemAssigned",
))
storage = azure.keyvault.AccessPolicy("storage",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=example_account.identity.principal_id,
secret_permissions=["Get"],
key_permissions=[
"Get",
"UnwrapKey",
"WrapKey",
])
client = azure.keyvault.AccessPolicy("client",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
secret_permissions=["Get"],
key_permissions=[
"Get",
"Create",
"Delete",
"List",
"Restore",
"Recover",
"UnwrapKey",
"WrapKey",
"Purge",
"Encrypt",
"Decrypt",
"Sign",
"Verify",
"GetRotationPolicy",
"SetRotationPolicy",
])
example_key = azure.keyvault.Key("exampleKey",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
opts=pulumi.ResourceOptions(depends_on=[
client,
storage,
]))
example_customer_managed_key = azure.storage.CustomerManagedKey("exampleCustomerManagedKey",
storage_account_id=example_account.id,
key_vault_id=example_key_vault.id,
key_name=example_key.name)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
purgeProtectionEnabled: true,
});
const exampleAccount = new azure.storage.Account("exampleAccount", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
accountTier: "Standard",
accountReplicationType: "GRS",
identity: {
type: "SystemAssigned",
},
});
const storage = new azure.keyvault.AccessPolicy("storage", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: exampleAccount.identity.apply(identity => identity?.principalId),
secretPermissions: ["Get"],
keyPermissions: [
"Get",
"UnwrapKey",
"WrapKey",
],
});
const client = new azure.keyvault.AccessPolicy("client", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
secretPermissions: ["Get"],
keyPermissions: [
"Get",
"Create",
"Delete",
"List",
"Restore",
"Recover",
"UnwrapKey",
"WrapKey",
"Purge",
"Encrypt",
"Decrypt",
"Sign",
"Verify",
"GetRotationPolicy",
"SetRotationPolicy",
],
});
const exampleKey = new azure.keyvault.Key("exampleKey", {
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
}, {
dependsOn: [
client,
storage,
],
});
const exampleCustomerManagedKey = new azure.storage.CustomerManagedKey("exampleCustomerManagedKey", {
storageAccountId: exampleAccount.id,
keyVaultId: exampleKeyVault.id,
keyName: exampleKey.name,
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
tenantId: ${current.tenantId}
skuName: standard
purgeProtectionEnabled: true
storage:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${exampleAccount.identity.principalId}
secretPermissions:
- Get
keyPermissions:
- Get
- UnwrapKey
- WrapKey
client:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
secretPermissions:
- Get
keyPermissions:
- Get
- Create
- Delete
- List
- Restore
- Recover
- UnwrapKey
- WrapKey
- Purge
- Encrypt
- Decrypt
- Sign
- Verify
- GetRotationPolicy
- SetRotationPolicy
exampleKey:
type: azure:keyvault:Key
properties:
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
options:
dependson:
- ${client}
- ${storage}
exampleAccount:
type: azure:storage:Account
properties:
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
accountTier: Standard
accountReplicationType: GRS
identity:
type: SystemAssigned
exampleCustomerManagedKey:
type: azure:storage:CustomerManagedKey
properties:
storageAccountId: ${exampleAccount.id}
keyVaultId: ${exampleKeyVault.id}
keyName: ${exampleKey.name}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Create CustomerManagedKey Resource
new CustomerManagedKey(name: string, args: CustomerManagedKeyArgs, opts?: CustomResourceOptions);
@overload
def CustomerManagedKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_name: Optional[str] = None,
key_vault_id: Optional[str] = None,
key_version: Optional[str] = None,
storage_account_id: Optional[str] = None,
user_assigned_identity_id: Optional[str] = None)
@overload
def CustomerManagedKey(resource_name: str,
args: CustomerManagedKeyArgs,
opts: Optional[ResourceOptions] = None)
func NewCustomerManagedKey(ctx *Context, name string, args CustomerManagedKeyArgs, opts ...ResourceOption) (*CustomerManagedKey, error)
public CustomerManagedKey(string name, CustomerManagedKeyArgs args, CustomResourceOptions? opts = null)
public CustomerManagedKey(String name, CustomerManagedKeyArgs args)
public CustomerManagedKey(String name, CustomerManagedKeyArgs args, CustomResourceOptions options)
type: azure:storage:CustomerManagedKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomerManagedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CustomerManagedKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CustomerManagedKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomerManagedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CustomerManagedKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CustomerManagedKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CustomerManagedKey resource accepts the following input properties:
- Key
Name string The name of Key Vault Key.
- Key
Vault stringId The ID of the Key Vault.
- Storage
Account stringId The ID of the Storage Account. Changing this forces a new resource to be created.
- Key
Version string The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- User
Assigned stringIdentity Id The ID of a user assigned identity.
- Key
Name string The name of Key Vault Key.
- Key
Vault stringId The ID of the Key Vault.
- Storage
Account stringId The ID of the Storage Account. Changing this forces a new resource to be created.
- Key
Version string The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- User
Assigned stringIdentity Id The ID of a user assigned identity.
- key
Name String The name of Key Vault Key.
- key
Vault StringId The ID of the Key Vault.
- storage
Account StringId The ID of the Storage Account. Changing this forces a new resource to be created.
- key
Version String The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- user
Assigned StringIdentity Id The ID of a user assigned identity.
- key
Name string The name of Key Vault Key.
- key
Vault stringId The ID of the Key Vault.
- storage
Account stringId The ID of the Storage Account. Changing this forces a new resource to be created.
- key
Version string The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- user
Assigned stringIdentity Id The ID of a user assigned identity.
- key_
name str The name of Key Vault Key.
- key_
vault_ strid The ID of the Key Vault.
- storage_
account_ strid The ID of the Storage Account. Changing this forces a new resource to be created.
- key_
version str The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- user_
assigned_ stridentity_ id The ID of a user assigned identity.
- key
Name String The name of Key Vault Key.
- key
Vault StringId The ID of the Key Vault.
- storage
Account StringId The ID of the Storage Account. Changing this forces a new resource to be created.
- key
Version String The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- user
Assigned StringIdentity Id The ID of a user assigned identity.
Outputs
All input properties are implicitly available as output properties. Additionally, the CustomerManagedKey resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing CustomerManagedKey Resource
Get an existing CustomerManagedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CustomerManagedKeyState, opts?: CustomResourceOptions): CustomerManagedKey
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
key_name: Optional[str] = None,
key_vault_id: Optional[str] = None,
key_version: Optional[str] = None,
storage_account_id: Optional[str] = None,
user_assigned_identity_id: Optional[str] = None) -> CustomerManagedKey
func GetCustomerManagedKey(ctx *Context, name string, id IDInput, state *CustomerManagedKeyState, opts ...ResourceOption) (*CustomerManagedKey, error)
public static CustomerManagedKey Get(string name, Input<string> id, CustomerManagedKeyState? state, CustomResourceOptions? opts = null)
public static CustomerManagedKey get(String name, Output<String> id, CustomerManagedKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Key
Name string The name of Key Vault Key.
- Key
Vault stringId The ID of the Key Vault.
- Key
Version string The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- Storage
Account stringId The ID of the Storage Account. Changing this forces a new resource to be created.
- User
Assigned stringIdentity Id The ID of a user assigned identity.
- Key
Name string The name of Key Vault Key.
- Key
Vault stringId The ID of the Key Vault.
- Key
Version string The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- Storage
Account stringId The ID of the Storage Account. Changing this forces a new resource to be created.
- User
Assigned stringIdentity Id The ID of a user assigned identity.
- key
Name String The name of Key Vault Key.
- key
Vault StringId The ID of the Key Vault.
- key
Version String The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- storage
Account StringId The ID of the Storage Account. Changing this forces a new resource to be created.
- user
Assigned StringIdentity Id The ID of a user assigned identity.
- key
Name string The name of Key Vault Key.
- key
Vault stringId The ID of the Key Vault.
- key
Version string The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- storage
Account stringId The ID of the Storage Account. Changing this forces a new resource to be created.
- user
Assigned stringIdentity Id The ID of a user assigned identity.
- key_
name str The name of Key Vault Key.
- key_
vault_ strid The ID of the Key Vault.
- key_
version str The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- storage_
account_ strid The ID of the Storage Account. Changing this forces a new resource to be created.
- user_
assigned_ stridentity_ id The ID of a user assigned identity.
- key
Name String The name of Key Vault Key.
- key
Vault StringId The ID of the Key Vault.
- key
Version String The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
- storage
Account StringId The ID of the Storage Account. Changing this forces a new resource to be created.
- user
Assigned StringIdentity Id The ID of a user assigned identity.
Import
Customer Managed Keys for a Storage Account can be imported using the resource id
of the Storage Account, e.g.
$ pulumi import azure:storage/customerManagedKey:CustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/myaccount
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.