1. Packages
  2. Azure Native
  3. API Docs
  4. keyvault
  5. AccessPolicy
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.keyvault.AccessPolicy

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Key Vault Access Policy for managing policies on existing vaults.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:keyvault:AccessPolicy myresource1 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/accessPolicy/{policy.objectId} 
    

    Create AccessPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessPolicy(resource_name: str,
                     args: AccessPolicyArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessPolicy(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     policy: Optional[AccessPolicyEntryArgs] = None,
                     resource_group_name: Optional[str] = None,
                     vault_name: Optional[str] = None)
    func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
    public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
    public AccessPolicy(String name, AccessPolicyArgs args)
    public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
    
    type: azure-native:keyvault:AccessPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var azure_nativeAccessPolicyResource = new AzureNative.KeyVault.AccessPolicy("azure-nativeAccessPolicyResource", new()
    {
        Policy = new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
        {
            ObjectId = "string",
            Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
            {
                Certificates = new[]
                {
                    "string",
                },
                Keys = new[]
                {
                    "string",
                },
                Secrets = new[]
                {
                    "string",
                },
                Storage = new[]
                {
                    "string",
                },
            },
            TenantId = "string",
            ApplicationId = "string",
        },
        ResourceGroupName = "string",
        VaultName = "string",
    });
    
    example, err := keyvault.NewAccessPolicy(ctx, "azure-nativeAccessPolicyResource", &keyvault.AccessPolicyArgs{
    	Policy: &keyvault.AccessPolicyEntryArgs{
    		ObjectId: pulumi.String("string"),
    		Permissions: &keyvault.PermissionsArgs{
    			Certificates: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Keys: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Secrets: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Storage: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		TenantId:      pulumi.String("string"),
    		ApplicationId: pulumi.String("string"),
    	},
    	ResourceGroupName: pulumi.String("string"),
    	VaultName:         pulumi.String("string"),
    })
    
    var azure_nativeAccessPolicyResource = new AccessPolicy("azure-nativeAccessPolicyResource", AccessPolicyArgs.builder()
        .policy(AccessPolicyEntryArgs.builder()
            .objectId("string")
            .permissions(PermissionsArgs.builder()
                .certificates("string")
                .keys("string")
                .secrets("string")
                .storage("string")
                .build())
            .tenantId("string")
            .applicationId("string")
            .build())
        .resourceGroupName("string")
        .vaultName("string")
        .build());
    
    azure_native_access_policy_resource = azure_native.keyvault.AccessPolicy("azure-nativeAccessPolicyResource",
        policy={
            "object_id": "string",
            "permissions": {
                "certificates": ["string"],
                "keys": ["string"],
                "secrets": ["string"],
                "storage": ["string"],
            },
            "tenant_id": "string",
            "application_id": "string",
        },
        resource_group_name="string",
        vault_name="string")
    
    const azure_nativeAccessPolicyResource = new azure_native.keyvault.AccessPolicy("azure-nativeAccessPolicyResource", {
        policy: {
            objectId: "string",
            permissions: {
                certificates: ["string"],
                keys: ["string"],
                secrets: ["string"],
                storage: ["string"],
            },
            tenantId: "string",
            applicationId: "string",
        },
        resourceGroupName: "string",
        vaultName: "string",
    });
    
    type: azure-native:keyvault:AccessPolicy
    properties:
        policy:
            applicationId: string
            objectId: string
            permissions:
                certificates:
                    - string
                keys:
                    - string
                secrets:
                    - string
                storage:
                    - string
            tenantId: string
        resourceGroupName: string
        vaultName: string
    

    AccessPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AccessPolicy resource accepts the following input properties:

    Policy Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntry
    The definition of the access policy.
    ResourceGroupName string
    Name of the resource group that contains the vault.
    VaultName string
    Name of the Key Vault.
    Policy AccessPolicyEntryArgs
    The definition of the access policy.
    ResourceGroupName string
    Name of the resource group that contains the vault.
    VaultName string
    Name of the Key Vault.
    policy AccessPolicyEntry
    The definition of the access policy.
    resourceGroupName String
    Name of the resource group that contains the vault.
    vaultName String
    Name of the Key Vault.
    policy AccessPolicyEntry
    The definition of the access policy.
    resourceGroupName string
    Name of the resource group that contains the vault.
    vaultName string
    Name of the Key Vault.
    policy AccessPolicyEntryArgs
    The definition of the access policy.
    resource_group_name str
    Name of the resource group that contains the vault.
    vault_name str
    Name of the Key Vault.
    policy Property Map
    The definition of the access policy.
    resourceGroupName String
    Name of the resource group that contains the vault.
    vaultName String
    Name of the Key Vault.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    AccessPolicyEntry, AccessPolicyEntryArgs

    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions Pulumi.AzureNative.KeyVault.Inputs.Permissions
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    ObjectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    Permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    TenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    ApplicationId string
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal
    objectId string
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    tenantId string
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId string
    Application ID of the client making request on behalf of a principal
    object_id str
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Permissions
    Permissions the identity has for keys, secrets and certificates.
    tenant_id str
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    application_id str
    Application ID of the client making request on behalf of a principal
    objectId String
    The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
    permissions Property Map
    Permissions the identity has for keys, secrets and certificates.
    tenantId String
    The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    applicationId String
    Application ID of the client making request on behalf of a principal

    CertificatePermissions, CertificatePermissionsArgs

    All
    all
    @Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    CertificatePermissionsAll
    all
    CertificatePermissionsGet
    get
    CertificatePermissionsList
    list
    CertificatePermissionsDelete
    delete
    CertificatePermissionsCreate
    create
    CertificatePermissionsImport
    import
    CertificatePermissionsUpdate
    update
    CertificatePermissionsManagecontacts
    managecontacts
    CertificatePermissionsGetissuers
    getissuers
    CertificatePermissionsListissuers
    listissuers
    CertificatePermissionsSetissuers
    setissuers
    CertificatePermissionsDeleteissuers
    deleteissuers
    CertificatePermissionsManageissuers
    manageissuers
    CertificatePermissionsRecover
    recover
    CertificatePermissionsPurge
    purge
    CertificatePermissionsBackup
    backup
    CertificatePermissionsRestore
    restore
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import_
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Create
    create
    Import
    import
    Update
    update
    Managecontacts
    managecontacts
    Getissuers
    getissuers
    Listissuers
    listissuers
    Setissuers
    setissuers
    Deleteissuers
    deleteissuers
    Manageissuers
    manageissuers
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    ALL
    all
    GET
    get
    LIST
    list
    DELETE
    delete
    CREATE
    create
    IMPORT_
    import
    UPDATE
    update
    MANAGECONTACTS
    managecontacts
    GETISSUERS
    getissuers
    LISTISSUERS
    listissuers
    SETISSUERS
    setissuers
    DELETEISSUERS
    deleteissuers
    MANAGEISSUERS
    manageissuers
    RECOVER
    recover
    PURGE
    purge
    BACKUP
    backup
    RESTORE
    restore
    "all"
    all
    "get"
    get
    "list"
    list
    "delete"
    delete
    "create"
    create
    "import"
    import
    "update"
    update
    "managecontacts"
    managecontacts
    "getissuers"
    getissuers
    "listissuers"
    listissuers
    "setissuers"
    setissuers
    "deleteissuers"
    deleteissuers
    "manageissuers"
    manageissuers
    "recover"
    recover
    "purge"
    purge
    "backup"
    backup
    "restore"
    restore

    KeyPermissions, KeyPermissionsArgs

    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    @Get
    get
    List
    list
    Create
    create
    Update
    update
    Import
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    Release
    release
    Rotate
    rotate
    Getrotationpolicy
    getrotationpolicy
    Setrotationpolicy
    setrotationpolicy
    KeyPermissionsAll
    all
    KeyPermissionsEncrypt
    encrypt
    KeyPermissionsDecrypt
    decrypt
    KeyPermissionsWrapKey
    wrapKey
    KeyPermissionsUnwrapKey
    unwrapKey
    KeyPermissionsSign
    sign
    KeyPermissionsVerify
    verify
    KeyPermissionsGet
    get
    KeyPermissionsList
    list
    KeyPermissionsCreate
    create
    KeyPermissionsUpdate
    update
    KeyPermissionsImport
    import
    KeyPermissionsDelete
    delete
    KeyPermissionsBackup
    backup
    KeyPermissionsRestore
    restore
    KeyPermissionsRecover
    recover
    KeyPermissionsPurge
    purge
    KeyPermissionsRelease
    release
    KeyPermissionsRotate
    rotate
    KeyPermissionsGetrotationpolicy
    getrotationpolicy
    KeyPermissionsSetrotationpolicy
    setrotationpolicy
    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    Get
    get
    List
    list
    Create
    create
    Update
    update
    Import_
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    Release
    release
    Rotate
    rotate
    Getrotationpolicy
    getrotationpolicy
    Setrotationpolicy
    setrotationpolicy
    All
    all
    Encrypt
    encrypt
    Decrypt
    decrypt
    WrapKey
    wrapKey
    UnwrapKey
    unwrapKey
    Sign
    sign
    Verify
    verify
    Get
    get
    List
    list
    Create
    create
    Update
    update
    Import
    import
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    Release
    release
    Rotate
    rotate
    Getrotationpolicy
    getrotationpolicy
    Setrotationpolicy
    setrotationpolicy
    ALL
    all
    ENCRYPT
    encrypt
    DECRYPT
    decrypt
    WRAP_KEY
    wrapKey
    UNWRAP_KEY
    unwrapKey
    SIGN
    sign
    VERIFY
    verify
    GET
    get
    LIST
    list
    CREATE
    create
    UPDATE
    update
    IMPORT_
    import
    DELETE
    delete
    BACKUP
    backup
    RESTORE
    restore
    RECOVER
    recover
    PURGE
    purge
    RELEASE
    release
    ROTATE
    rotate
    GETROTATIONPOLICY
    getrotationpolicy
    SETROTATIONPOLICY
    setrotationpolicy
    "all"
    all
    "encrypt"
    encrypt
    "decrypt"
    decrypt
    "wrapKey"
    wrapKey
    "unwrapKey"
    unwrapKey
    "sign"
    sign
    "verify"
    verify
    "get"
    get
    "list"
    list
    "create"
    create
    "update"
    update
    "import"
    import
    "delete"
    delete
    "backup"
    backup
    "restore"
    restore
    "recover"
    recover
    "purge"
    purge
    "release"
    release
    "rotate"
    rotate
    "getrotationpolicy"
    getrotationpolicy
    "setrotationpolicy"
    setrotationpolicy

    Permissions, PermissionsArgs

    Certificates List<Union<string, Pulumi.AzureNative.KeyVault.CertificatePermissions>>
    Permissions to certificates
    Keys List<Union<string, Pulumi.AzureNative.KeyVault.KeyPermissions>>
    Permissions to keys
    Secrets List<Union<string, Pulumi.AzureNative.KeyVault.SecretPermissions>>
    Permissions to secrets
    Storage List<Union<string, Pulumi.AzureNative.KeyVault.StoragePermissions>>
    Permissions to storage accounts
    Certificates []string
    Permissions to certificates
    Keys []string
    Permissions to keys
    Secrets []string
    Permissions to secrets
    Storage []string
    Permissions to storage accounts
    certificates List<Either<String,CertificatePermissions>>
    Permissions to certificates
    keys List<Either<String,KeyPermissions>>
    Permissions to keys
    secrets List<Either<String,SecretPermissions>>
    Permissions to secrets
    storage List<Either<String,StoragePermissions>>
    Permissions to storage accounts
    certificates (string | CertificatePermissions)[]
    Permissions to certificates
    keys (string | KeyPermissions)[]
    Permissions to keys
    secrets (string | SecretPermissions)[]
    Permissions to secrets
    storage (string | StoragePermissions)[]
    Permissions to storage accounts
    certificates Sequence[Union[str, CertificatePermissions]]
    Permissions to certificates
    keys Sequence[Union[str, KeyPermissions]]
    Permissions to keys
    secrets Sequence[Union[str, SecretPermissions]]
    Permissions to secrets
    storage Sequence[Union[str, StoragePermissions]]
    Permissions to storage accounts
    certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">
    Permissions to certificates
    keys List<String | "all" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge" | "release" | "rotate" | "getrotationpolicy" | "setrotationpolicy">
    Permissions to keys
    secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">
    Permissions to secrets
    storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">
    Permissions to storage accounts

    SecretPermissions, SecretPermissionsArgs

    All
    all
    @Get
    get
    List
    list
    @Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    SecretPermissionsAll
    all
    SecretPermissionsGet
    get
    SecretPermissionsList
    list
    SecretPermissionsSet
    set
    SecretPermissionsDelete
    delete
    SecretPermissionsBackup
    backup
    SecretPermissionsRestore
    restore
    SecretPermissionsRecover
    recover
    SecretPermissionsPurge
    purge
    All
    all
    Get
    get
    List
    list
    Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    All
    all
    Get
    get
    List
    list
    Set
    set
    Delete
    delete
    Backup
    backup
    Restore
    restore
    Recover
    recover
    Purge
    purge
    ALL
    all
    GET
    get
    LIST
    list
    SET
    set
    DELETE
    delete
    BACKUP
    backup
    RESTORE
    restore
    RECOVER
    recover
    PURGE
    purge
    "all"
    all
    "get"
    get
    "list"
    list
    "set"
    set
    "delete"
    delete
    "backup"
    backup
    "restore"
    restore
    "recover"
    recover
    "purge"
    purge

    StoragePermissions, StoragePermissionsArgs

    All
    all
    @Get
    get
    List
    list
    Delete
    delete
    @Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    StoragePermissionsAll
    all
    StoragePermissionsGet
    get
    StoragePermissionsList
    list
    StoragePermissionsDelete
    delete
    StoragePermissionsSet
    set
    StoragePermissionsUpdate
    update
    StoragePermissionsRegeneratekey
    regeneratekey
    StoragePermissionsRecover
    recover
    StoragePermissionsPurge
    purge
    StoragePermissionsBackup
    backup
    StoragePermissionsRestore
    restore
    StoragePermissionsSetsas
    setsas
    StoragePermissionsListsas
    listsas
    StoragePermissionsGetsas
    getsas
    StoragePermissionsDeletesas
    deletesas
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    All
    all
    Get
    get
    List
    list
    Delete
    delete
    Set
    set
    Update
    update
    Regeneratekey
    regeneratekey
    Recover
    recover
    Purge
    purge
    Backup
    backup
    Restore
    restore
    Setsas
    setsas
    Listsas
    listsas
    Getsas
    getsas
    Deletesas
    deletesas
    ALL
    all
    GET
    get
    LIST
    list
    DELETE
    delete
    SET
    set
    UPDATE
    update
    REGENERATEKEY
    regeneratekey
    RECOVER
    recover
    PURGE
    purge
    BACKUP
    backup
    RESTORE
    restore
    SETSAS
    setsas
    LISTSAS
    listsas
    GETSAS
    getsas
    DELETESAS
    deletesas
    "all"
    all
    "get"
    get
    "list"
    list
    "delete"
    delete
    "set"
    set
    "update"
    update
    "regeneratekey"
    regeneratekey
    "recover"
    recover
    "purge"
    purge
    "backup"
    backup
    "restore"
    restore
    "setsas"
    setsas
    "listsas"
    listsas
    "getsas"
    getsas
    "deletesas"
    deletesas

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi