We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Manages a Key Vault Managed Storage Account.
Example Usage
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("exampleAccount", new Azure.Storage.AccountArgs
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleAccountSAS = Azure.Storage.GetAccountSAS.Invoke(new Azure.Storage.GetAccountSASInvokeArgs
{
ConnectionString = exampleAccount.PrimaryConnectionString,
HttpsOnly = true,
ResourceTypes = new Azure.Storage.Inputs.GetAccountSASResourceTypesInputArgs
{
Service = true,
Container = false,
Object = false,
},
Services = new Azure.Storage.Inputs.GetAccountSASServicesInputArgs
{
Blob = true,
Queue = false,
Table = false,
File = false,
},
Start = "2021-04-30T00:00:00Z",
Expiry = "2023-04-30T00:00:00Z",
Permissions = new Azure.Storage.Inputs.GetAccountSASPermissionsInputArgs
{
Read = true,
Write = true,
Delete = false,
List = false,
Add = true,
Create = true,
Update = false,
Process = false,
},
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new Azure.KeyVault.KeyVaultArgs
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
TenantId = data.Azurerm_client_config.Current.Tenant_id,
SkuName = "standard",
AccessPolicies =
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = data.Azurerm_client_config.Current.Tenant_id,
ObjectId = data.Azurerm_client_config.Current.Object_id,
SecretPermissions =
{
"Get",
"Delete",
},
StoragePermissions =
{
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
},
},
},
});
var exampleManagedStorageAccount = new Azure.KeyVault.ManagedStorageAccount("exampleManagedStorageAccount", new Azure.KeyVault.ManagedStorageAccountArgs
{
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
StorageAccountKey = "key1",
RegenerateKeyAutomatically = false,
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "exampleAccount", &storage.AccountArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
_ = storage.GetAccountSASOutput(ctx, storage.GetAccountSASOutputArgs{
ConnectionString: exampleAccount.PrimaryConnectionString,
HttpsOnly: pulumi.Bool(true),
ResourceTypes: &storage.GetAccountSASResourceTypesArgs{
Service: pulumi.Bool(true),
Container: pulumi.Bool(false),
Object: pulumi.Bool(false),
},
Services: &storage.GetAccountSASServicesArgs{
Blob: pulumi.Bool(true),
Queue: pulumi.Bool(false),
Table: pulumi.Bool(false),
File: pulumi.Bool(false),
},
Start: pulumi.String("2021-04-30T00:00:00Z"),
Expiry: pulumi.String("2023-04-30T00:00:00Z"),
Permissions: &storage.GetAccountSASPermissionsArgs{
Read: pulumi.Bool(true),
Write: pulumi.Bool(true),
Delete: pulumi.Bool(false),
List: pulumi.Bool(false),
Add: pulumi.Bool(true),
Create: pulumi.Bool(true),
Update: pulumi.Bool(false),
Process: pulumi.Bool(false),
},
}, nil)
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
TenantId: pulumi.Any(data.Azurerm_client_config.Current.Tenant_id),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.Any(data.Azurerm_client_config.Current.Tenant_id),
ObjectId: pulumi.Any(data.Azurerm_client_config.Current.Object_id),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Delete"),
},
StoragePermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Set"),
pulumi.String("SetSAS"),
pulumi.String("GetSAS"),
pulumi.String("DeleteSAS"),
pulumi.String("Update"),
pulumi.String("RegenerateKey"),
},
},
},
})
if err != nil {
return err
}
_, err = keyvault.NewManagedStorageAccount(ctx, "exampleManagedStorageAccount", &keyvault.ManagedStorageAccountArgs{
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
StorageAccountKey: pulumi.String("key1"),
RegenerateKeyAutomatically: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleClientConfig = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleAccount = new azure.storage.Account("exampleAccount", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleAccountSAS = azure.storage.getAccountSASOutput({
connectionString: exampleAccount.primaryConnectionString,
httpsOnly: true,
resourceTypes: {
service: true,
container: false,
object: false,
},
services: {
blob: true,
queue: false,
table: false,
file: false,
},
start: "2021-04-30T00:00:00Z",
expiry: "2023-04-30T00:00:00Z",
permissions: {
read: true,
write: true,
"delete": false,
list: false,
add: true,
create: true,
update: false,
process: false,
},
});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
tenantId: data.azurerm_client_config.current.tenant_id,
skuName: "standard",
accessPolicies: [{
tenantId: data.azurerm_client_config.current.tenant_id,
objectId: data.azurerm_client_config.current.object_id,
secretPermissions: [
"Get",
"Delete",
],
storagePermissions: [
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
}],
});
const exampleManagedStorageAccount = new azure.keyvault.ManagedStorageAccount("exampleManagedStorageAccount", {
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
storageAccountKey: "key1",
regenerateKeyAutomatically: false,
});
import pulumi
import pulumi_azure as azure
example_client_config = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_account = azure.storage.Account("exampleAccount",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
account_tier="Standard",
account_replication_type="LRS")
example_account_sas = azure.storage.get_account_sas_output(connection_string=example_account.primary_connection_string,
https_only=True,
resource_types=azure.storage.GetAccountSASResourceTypesArgs(
service=True,
container=False,
object=False,
),
services=azure.storage.GetAccountSASServicesArgs(
blob=True,
queue=False,
table=False,
file=False,
),
start="2021-04-30T00:00:00Z",
expiry="2023-04-30T00:00:00Z",
permissions=azure.storage.GetAccountSASPermissionsArgs(
read=True,
write=True,
delete=False,
list=False,
add=True,
create=True,
update=False,
process=False,
))
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
tenant_id=data["azurerm_client_config"]["current"]["tenant_id"],
sku_name="standard",
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=data["azurerm_client_config"]["current"]["tenant_id"],
object_id=data["azurerm_client_config"]["current"]["object_id"],
secret_permissions=[
"Get",
"Delete",
],
storage_permissions=[
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
)])
example_managed_storage_account = azure.keyvault.ManagedStorageAccount("exampleManagedStorageAccount",
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
storage_account_key="key1",
regenerate_key_automatically=False)
Example coming soon!
Automatically Regenerate Storage Account Access Key)
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("exampleAccount", new Azure.Storage.AccountArgs
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleAccountSAS = Azure.Storage.GetAccountSAS.Invoke(new Azure.Storage.GetAccountSASInvokeArgs
{
ConnectionString = exampleAccount.PrimaryConnectionString,
HttpsOnly = true,
ResourceTypes = new Azure.Storage.Inputs.GetAccountSASResourceTypesInputArgs
{
Service = true,
Container = false,
Object = false,
},
Services = new Azure.Storage.Inputs.GetAccountSASServicesInputArgs
{
Blob = true,
Queue = false,
Table = false,
File = false,
},
Start = "2021-04-30T00:00:00Z",
Expiry = "2023-04-30T00:00:00Z",
Permissions = new Azure.Storage.Inputs.GetAccountSASPermissionsInputArgs
{
Read = true,
Write = true,
Delete = false,
List = false,
Add = true,
Create = true,
Update = false,
Process = false,
},
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new Azure.KeyVault.KeyVaultArgs
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
TenantId = data.Azurerm_client_config.Current.Tenant_id,
SkuName = "standard",
AccessPolicies =
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = data.Azurerm_client_config.Current.Tenant_id,
ObjectId = data.Azurerm_client_config.Current.Object_id,
SecretPermissions =
{
"Get",
"Delete",
},
StoragePermissions =
{
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
},
},
},
});
var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
{
Scope = exampleAccount.Id,
RoleDefinitionName = "Storage Account Key Operator Service Role",
PrincipalId = "727055f9-0386-4ccb-bcf1-9237237ee102",
});
var exampleManagedStorageAccount = new Azure.KeyVault.ManagedStorageAccount("exampleManagedStorageAccount", new Azure.KeyVault.ManagedStorageAccountArgs
{
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
StorageAccountKey = "key1",
RegenerateKeyAutomatically = true,
RegenerationPeriod = "P1D",
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "exampleAccount", &storage.AccountArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
_ = storage.GetAccountSASOutput(ctx, storage.GetAccountSASOutputArgs{
ConnectionString: exampleAccount.PrimaryConnectionString,
HttpsOnly: pulumi.Bool(true),
ResourceTypes: &storage.GetAccountSASResourceTypesArgs{
Service: pulumi.Bool(true),
Container: pulumi.Bool(false),
Object: pulumi.Bool(false),
},
Services: &storage.GetAccountSASServicesArgs{
Blob: pulumi.Bool(true),
Queue: pulumi.Bool(false),
Table: pulumi.Bool(false),
File: pulumi.Bool(false),
},
Start: pulumi.String("2021-04-30T00:00:00Z"),
Expiry: pulumi.String("2023-04-30T00:00:00Z"),
Permissions: &storage.GetAccountSASPermissionsArgs{
Read: pulumi.Bool(true),
Write: pulumi.Bool(true),
Delete: pulumi.Bool(false),
List: pulumi.Bool(false),
Add: pulumi.Bool(true),
Create: pulumi.Bool(true),
Update: pulumi.Bool(false),
Process: pulumi.Bool(false),
},
}, nil)
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
TenantId: pulumi.Any(data.Azurerm_client_config.Current.Tenant_id),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.Any(data.Azurerm_client_config.Current.Tenant_id),
ObjectId: pulumi.Any(data.Azurerm_client_config.Current.Object_id),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Delete"),
},
StoragePermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Set"),
pulumi.String("SetSAS"),
pulumi.String("GetSAS"),
pulumi.String("DeleteSAS"),
pulumi.String("Update"),
pulumi.String("RegenerateKey"),
},
},
},
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
Scope: exampleAccount.ID(),
RoleDefinitionName: pulumi.String("Storage Account Key Operator Service Role"),
PrincipalId: pulumi.String("727055f9-0386-4ccb-bcf1-9237237ee102"),
})
if err != nil {
return err
}
_, err = keyvault.NewManagedStorageAccount(ctx, "exampleManagedStorageAccount", &keyvault.ManagedStorageAccountArgs{
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
StorageAccountKey: pulumi.String("key1"),
RegenerateKeyAutomatically: pulumi.Bool(true),
RegenerationPeriod: pulumi.String("P1D"),
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleClientConfig = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleAccount = new azure.storage.Account("exampleAccount", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleAccountSAS = azure.storage.getAccountSASOutput({
connectionString: exampleAccount.primaryConnectionString,
httpsOnly: true,
resourceTypes: {
service: true,
container: false,
object: false,
},
services: {
blob: true,
queue: false,
table: false,
file: false,
},
start: "2021-04-30T00:00:00Z",
expiry: "2023-04-30T00:00:00Z",
permissions: {
read: true,
write: true,
"delete": false,
list: false,
add: true,
create: true,
update: false,
process: false,
},
});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
tenantId: data.azurerm_client_config.current.tenant_id,
skuName: "standard",
accessPolicies: [{
tenantId: data.azurerm_client_config.current.tenant_id,
objectId: data.azurerm_client_config.current.object_id,
secretPermissions: [
"Get",
"Delete",
],
storagePermissions: [
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
}],
});
const exampleAssignment = new azure.authorization.Assignment("exampleAssignment", {
scope: exampleAccount.id,
roleDefinitionName: "Storage Account Key Operator Service Role",
principalId: "727055f9-0386-4ccb-bcf1-9237237ee102",
});
const exampleManagedStorageAccount = new azure.keyvault.ManagedStorageAccount("exampleManagedStorageAccount", {
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
storageAccountKey: "key1",
regenerateKeyAutomatically: true,
regenerationPeriod: "P1D",
});
import pulumi
import pulumi_azure as azure
example_client_config = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_account = azure.storage.Account("exampleAccount",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
account_tier="Standard",
account_replication_type="LRS")
example_account_sas = azure.storage.get_account_sas_output(connection_string=example_account.primary_connection_string,
https_only=True,
resource_types=azure.storage.GetAccountSASResourceTypesArgs(
service=True,
container=False,
object=False,
),
services=azure.storage.GetAccountSASServicesArgs(
blob=True,
queue=False,
table=False,
file=False,
),
start="2021-04-30T00:00:00Z",
expiry="2023-04-30T00:00:00Z",
permissions=azure.storage.GetAccountSASPermissionsArgs(
read=True,
write=True,
delete=False,
list=False,
add=True,
create=True,
update=False,
process=False,
))
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
tenant_id=data["azurerm_client_config"]["current"]["tenant_id"],
sku_name="standard",
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=data["azurerm_client_config"]["current"]["tenant_id"],
object_id=data["azurerm_client_config"]["current"]["object_id"],
secret_permissions=[
"Get",
"Delete",
],
storage_permissions=[
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
)])
example_assignment = azure.authorization.Assignment("exampleAssignment",
scope=example_account.id,
role_definition_name="Storage Account Key Operator Service Role",
principal_id="727055f9-0386-4ccb-bcf1-9237237ee102")
example_managed_storage_account = azure.keyvault.ManagedStorageAccount("exampleManagedStorageAccount",
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
storage_account_key="key1",
regenerate_key_automatically=True,
regeneration_period="P1D")
Example coming soon!
Create ManagedStorageAccount Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedStorageAccount(name: string, args: ManagedStorageAccountArgs, opts?: CustomResourceOptions);@overload
def ManagedStorageAccount(resource_name: str,
args: ManagedStorageAccountArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedStorageAccount(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_vault_id: Optional[str] = None,
storage_account_id: Optional[str] = None,
storage_account_key: Optional[str] = None,
name: Optional[str] = None,
regenerate_key_automatically: Optional[bool] = None,
regeneration_period: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewManagedStorageAccount(ctx *Context, name string, args ManagedStorageAccountArgs, opts ...ResourceOption) (*ManagedStorageAccount, error)public ManagedStorageAccount(string name, ManagedStorageAccountArgs args, CustomResourceOptions? opts = null)
public ManagedStorageAccount(String name, ManagedStorageAccountArgs args)
public ManagedStorageAccount(String name, ManagedStorageAccountArgs args, CustomResourceOptions options)
type: azure:keyvault:ManagedStorageAccount
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managedStorageAccountResource = new Azure.KeyVault.ManagedStorageAccount("managedStorageAccountResource", new()
{
KeyVaultId = "string",
StorageAccountId = "string",
StorageAccountKey = "string",
Name = "string",
RegenerateKeyAutomatically = false,
RegenerationPeriod = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewManagedStorageAccount(ctx, "managedStorageAccountResource", &keyvault.ManagedStorageAccountArgs{
KeyVaultId: pulumi.String("string"),
StorageAccountId: pulumi.String("string"),
StorageAccountKey: pulumi.String("string"),
Name: pulumi.String("string"),
RegenerateKeyAutomatically: pulumi.Bool(false),
RegenerationPeriod: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var managedStorageAccountResource = new ManagedStorageAccount("managedStorageAccountResource", ManagedStorageAccountArgs.builder()
.keyVaultId("string")
.storageAccountId("string")
.storageAccountKey("string")
.name("string")
.regenerateKeyAutomatically(false)
.regenerationPeriod("string")
.tags(Map.of("string", "string"))
.build());
managed_storage_account_resource = azure.keyvault.ManagedStorageAccount("managedStorageAccountResource",
key_vault_id="string",
storage_account_id="string",
storage_account_key="string",
name="string",
regenerate_key_automatically=False,
regeneration_period="string",
tags={
"string": "string",
})
const managedStorageAccountResource = new azure.keyvault.ManagedStorageAccount("managedStorageAccountResource", {
keyVaultId: "string",
storageAccountId: "string",
storageAccountKey: "string",
name: "string",
regenerateKeyAutomatically: false,
regenerationPeriod: "string",
tags: {
string: "string",
},
});
type: azure:keyvault:ManagedStorageAccount
properties:
keyVaultId: string
name: string
regenerateKeyAutomatically: false
regenerationPeriod: string
storageAccountId: string
storageAccountKey: string
tags:
string: string
ManagedStorageAccount Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagedStorageAccount resource accepts the following input properties:
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically - Should Storage Account access key be regenerated periodically?
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Dictionary<string, string>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically - Should Storage Account access key be regenerated periodically?
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- map[string]string
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically - Should Storage Account access key be regenerated periodically?
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Map<String,String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage
Account stringId - The ID of the Storage Account.
- storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key booleanAutomatically - Should Storage Account access key be regenerated periodically?
- regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- {[key: string]: string}
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key_
vault_ strid - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage_
account_ strid - The ID of the Storage Account.
- storage_
account_ strkey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name str
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate_
key_ boolautomatically - Should Storage Account access key be regenerated periodically?
- regeneration_
period str - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Mapping[str, str]
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically - Should Storage Account access key be regenerated periodically?
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Map<String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedStorageAccount resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ManagedStorageAccount Resource
Get an existing ManagedStorageAccount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagedStorageAccountState, opts?: CustomResourceOptions): ManagedStorageAccount@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
key_vault_id: Optional[str] = None,
name: Optional[str] = None,
regenerate_key_automatically: Optional[bool] = None,
regeneration_period: Optional[str] = None,
storage_account_id: Optional[str] = None,
storage_account_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> ManagedStorageAccountfunc GetManagedStorageAccount(ctx *Context, name string, id IDInput, state *ManagedStorageAccountState, opts ...ResourceOption) (*ManagedStorageAccount, error)public static ManagedStorageAccount Get(string name, Input<string> id, ManagedStorageAccountState? state, CustomResourceOptions? opts = null)public static ManagedStorageAccount get(String name, Output<String> id, ManagedStorageAccountState state, CustomResourceOptions options)resources: _: type: azure:keyvault:ManagedStorageAccount get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically - Should Storage Account access key be regenerated periodically?
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Dictionary<string, string>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically - Should Storage Account access key be regenerated periodically?
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - map[string]string
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically - Should Storage Account access key be regenerated periodically?
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Map<String,String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key booleanAutomatically - Should Storage Account access key be regenerated periodically?
- regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage
Account stringId - The ID of the Storage Account.
- storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - {[key: string]: string}
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key_
vault_ strid - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name str
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate_
key_ boolautomatically - Should Storage Account access key be regenerated periodically?
- regeneration_
period str - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage_
account_ strid - The ID of the Storage Account.
- storage_
account_ strkey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Mapping[str, str]
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically - Should Storage Account access key be regenerated periodically?
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Map<String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account.
Import
Key Vault Managed Storage Accounts can be imported using the resource id, e.g.
$ pulumi import azure:keyvault/managedStorageAccount:ManagedStorageAccount example https://example-keyvault.vault.azure.net/storage/exampleStorageAcc01
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
