azure.keyvault.ManagedHardwareSecurityModule (v4)

Azure v4.42.0 (4.x), Mar 9 26

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var current = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "West Europe",
        });
        var exampleManagedHardwareSecurityModule = new Azure.KeyVault.ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule", new Azure.KeyVault.ManagedHardwareSecurityModuleArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            Location = exampleResourceGroup.Location,
            SkuName = "Standard_B1",
            PurgeProtectionEnabled = false,
            SoftDeleteRetentionDays = 90,
            TenantId = current.Apply(current => current.TenantId),
            AdminObjectIds = 
            {
                current.Apply(current => current.ObjectId),
            },
            Tags = 
            {
                { "Env", "Test" },
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = keyvault.NewManagedHardwareSecurityModule(ctx, "exampleManagedHardwareSecurityModule", &keyvault.ManagedHardwareSecurityModuleArgs{
			ResourceGroupName:       exampleResourceGroup.Name,
			Location:                exampleResourceGroup.Location,
			SkuName:                 pulumi.String("Standard_B1"),
			PurgeProtectionEnabled:  pulumi.Bool(false),
			SoftDeleteRetentionDays: pulumi.Int(90),
			TenantId:                pulumi.String(current.TenantId),
			AdminObjectIds: pulumi.StringArray{
				pulumi.String(current.ObjectId),
			},
			Tags: pulumi.StringMap{
				"Env": pulumi.String("Test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleManagedHardwareSecurityModule = new azure.keyvault.ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule", {
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
    skuName: "Standard_B1",
    purgeProtectionEnabled: false,
    softDeleteRetentionDays: 90,
    tenantId: current.then(current => current.tenantId),
    adminObjectIds: [current.then(current => current.objectId)],
    tags: {
        Env: "Test",
    },
});

import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_managed_hardware_security_module = azure.keyvault.ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    sku_name="Standard_B1",
    purge_protection_enabled=False,
    soft_delete_retention_days=90,
    tenant_id=current.tenant_id,
    admin_object_ids=[current.object_id],
    tags={
        "Env": "Test",
    })

Example coming soon!

Create ManagedHardwareSecurityModule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagedHardwareSecurityModule(name: string, args: ManagedHardwareSecurityModuleArgs, opts?: CustomResourceOptions);

@overload
def ManagedHardwareSecurityModule(resource_name: str,
                                  args: ManagedHardwareSecurityModuleArgs,
                                  opts: Optional[ResourceOptions] = None)

@overload
def ManagedHardwareSecurityModule(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  admin_object_ids: Optional[Sequence[str]] = None,
                                  resource_group_name: Optional[str] = None,
                                  sku_name: Optional[str] = None,
                                  tenant_id: Optional[str] = None,
                                  location: Optional[str] = None,
                                  name: Optional[str] = None,
                                  purge_protection_enabled: Optional[bool] = None,
                                  soft_delete_retention_days: Optional[int] = None,
                                  tags: Optional[Mapping[str, str]] = None)

func NewManagedHardwareSecurityModule(ctx *Context, name string, args ManagedHardwareSecurityModuleArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)

public ManagedHardwareSecurityModule(string name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions? opts = null)

public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args)
public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions options)

type: azure:keyvault:ManagedHardwareSecurityModule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ManagedHardwareSecurityModuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managedHardwareSecurityModuleResource = new Azure.KeyVault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", new()
{
    AdminObjectIds = new[]
    {
        "string",
    },
    ResourceGroupName = "string",
    SkuName = "string",
    TenantId = "string",
    Location = "string",
    Name = "string",
    PurgeProtectionEnabled = false,
    SoftDeleteRetentionDays = 0,
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := keyvault.NewManagedHardwareSecurityModule(ctx, "managedHardwareSecurityModuleResource", &keyvault.ManagedHardwareSecurityModuleArgs{
	AdminObjectIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	ResourceGroupName:       pulumi.String("string"),
	SkuName:                 pulumi.String("string"),
	TenantId:                pulumi.String("string"),
	Location:                pulumi.String("string"),
	Name:                    pulumi.String("string"),
	PurgeProtectionEnabled:  pulumi.Bool(false),
	SoftDeleteRetentionDays: pulumi.Int(0),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var managedHardwareSecurityModuleResource = new ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", ManagedHardwareSecurityModuleArgs.builder()
    .adminObjectIds("string")
    .resourceGroupName("string")
    .skuName("string")
    .tenantId("string")
    .location("string")
    .name("string")
    .purgeProtectionEnabled(false)
    .softDeleteRetentionDays(0)
    .tags(Map.of("string", "string"))
    .build());

managed_hardware_security_module_resource = azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource",
    admin_object_ids=["string"],
    resource_group_name="string",
    sku_name="string",
    tenant_id="string",
    location="string",
    name="string",
    purge_protection_enabled=False,
    soft_delete_retention_days=0,
    tags={
        "string": "string",
    })

const managedHardwareSecurityModuleResource = new azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", {
    adminObjectIds: ["string"],
    resourceGroupName: "string",
    skuName: "string",
    tenantId: "string",
    location: "string",
    name: "string",
    purgeProtectionEnabled: false,
    softDeleteRetentionDays: 0,
    tags: {
        string: "string",
    },
});

type: azure:keyvault:ManagedHardwareSecurityModule
properties:
    adminObjectIds:
        - string
    location: string
    name: string
    purgeProtectionEnabled: false
    resourceGroupName: string
    skuName: string
    softDeleteRetentionDays: 0
    tags:
        string: string
    tenantId: string

ManagedHardwareSecurityModule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ManagedHardwareSecurityModule resource accepts the following input properties:

AdminObjectIds List<string>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.

AdminObjectIds []string: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
softDeleteRetentionDays Integer: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.

adminObjectIds string[]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purgeProtectionEnabled boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
softDeleteRetentionDays number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.

admin_object_ids Sequence[str]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resource_group_name str: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
sku_name str: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenant_id str: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purge_protection_enabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
soft_delete_retention_days int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
softDeleteRetentionDays Number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModule resource produces the following output properties:

HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Id string: The provider-assigned unique ID for this managed resource.

HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Id string: The provider-assigned unique ID for this managed resource.

hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id String: The provider-assigned unique ID for this managed resource.

hsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id string: The provider-assigned unique ID for this managed resource.

hsm_uri str: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id str: The provider-assigned unique ID for this managed resource.

hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing ManagedHardwareSecurityModule Resource

Get an existing ManagedHardwareSecurityModule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleState, opts?: CustomResourceOptions): ManagedHardwareSecurityModule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admin_object_ids: Optional[Sequence[str]] = None,
        hsm_uri: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        purge_protection_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        sku_name: Optional[str] = None,
        soft_delete_retention_days: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tenant_id: Optional[str] = None) -> ManagedHardwareSecurityModule

func GetManagedHardwareSecurityModule(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleState, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)

public static ManagedHardwareSecurityModule Get(string name, Input<string> id, ManagedHardwareSecurityModuleState? state, CustomResourceOptions? opts = null)

public static ManagedHardwareSecurityModule get(String name, Output<String> id, ManagedHardwareSecurityModuleState state, CustomResourceOptions options)

resources:  _:    type: azure:keyvault:ManagedHardwareSecurityModule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdminObjectIds List<string>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

AdminObjectIds []string: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
HsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
PurgeProtectionEnabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
SoftDeleteRetentionDays int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
TenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Integer: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

adminObjectIds string[]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri string: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purgeProtectionEnabled boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
resourceGroupName string: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName string: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
tenantId string: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

admin_object_ids Sequence[str]: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsm_uri str: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purge_protection_enabled bool: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
resource_group_name str: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
sku_name str: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
soft_delete_retention_days int: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
tenant_id str: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

adminObjectIds List<String>: Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri String: The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
purgeProtectionEnabled Boolean: Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Defaults to false. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName String: The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Number: The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
tenantId String: The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Import

Key Vault Managed Hardware Security Module can be imported using the resource id, e.g.

 $ pulumi import azure:keyvault/managedHardwareSecurityModule:ManagedHardwareSecurityModule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

azure.keyvault.ManagedHardwareSecurityModule

On this page

On this page

Example Usage

Create ManagedHardwareSecurityModule Resource

Constructor syntax

Parameters

Constructor example

ManagedHardwareSecurityModule Resource Properties

Inputs

Outputs

Look up Existing ManagedHardwareSecurityModule Resource

Import

Package Details

On this page

On this page