We recommend using Azure Native.
azure.keyvault.ManagedHardwareSecurityModuleKey
Explore with Pulumi AI
Manages a Key Vault Managed Hardware Security Module Key.
Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module Key resource on destroy, rather than the default soft-delete. See
purge_soft_deleted_hardware_security_modules_on_destroy
for more information.
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
example:
type: azure:keyvault:ManagedHardwareSecurityModule
properties:
name: example
resourceGroupName: ${exampleAzurermResourceGroup.name}
location: ${exampleAzurermResourceGroup.location}
skuName: Standard_B1
tenantId: ${current.tenantId}
adminObjectIds:
- ${current.objectId}
purgeProtectionEnabled: false
activeConfig:
- securityDomainCertificate:
- ${cert[0].id}
- ${cert[1].id}
- ${cert[2].id}
securityDomainQuorum: 2
# this gives your service principal the HSM Crypto User role which lets you create and destroy hsm keys
hsm-crypto-user:
type: azure:keyvault:ManagedHardwareSecurityModuleRoleAssignment
properties:
managedHsmId: ${test.id}
name: 1e243909-064c-6ac3-84e9-1c8bf8d6ad22
scope: /keys
roleDefinitionId: /Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b
principalId: ${current.objectId}
# this gives your service principal the HSM Crypto Officer role which lets you purge hsm keys
hsm-crypto-officer:
type: azure:keyvault:ManagedHardwareSecurityModuleRoleAssignment
properties:
managedHsmId: ${test.id}
name: 1e243909-064c-6ac3-84e9-1c8bf8d6ad23
scope: /keys
roleDefinitionId: /Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778
principalId: ${current.objectId}
exampleManagedHardwareSecurityModuleKey:
type: azure:keyvault:ManagedHardwareSecurityModuleKey
name: example
properties:
name: example
managedHsmId: ${test.id}
keyType: EC-HSM
curve: P-521
keyOpts:
- sign
options:
dependson:
- ${testAzurermKeyVaultManagedHardwareSecurityModuleRoleAssignment}
- ${test1}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Create ManagedHardwareSecurityModuleKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedHardwareSecurityModuleKey(name: string, args: ManagedHardwareSecurityModuleKeyArgs, opts?: CustomResourceOptions);
@overload
def ManagedHardwareSecurityModuleKey(resource_name: str,
args: ManagedHardwareSecurityModuleKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedHardwareSecurityModuleKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_opts: Optional[Sequence[str]] = None,
key_type: Optional[str] = None,
managed_hsm_id: Optional[str] = None,
curve: Optional[str] = None,
expiration_date: Optional[str] = None,
key_size: Optional[int] = None,
name: Optional[str] = None,
not_before_date: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewManagedHardwareSecurityModuleKey(ctx *Context, name string, args ManagedHardwareSecurityModuleKeyArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModuleKey, error)
public ManagedHardwareSecurityModuleKey(string name, ManagedHardwareSecurityModuleKeyArgs args, CustomResourceOptions? opts = null)
public ManagedHardwareSecurityModuleKey(String name, ManagedHardwareSecurityModuleKeyArgs args)
public ManagedHardwareSecurityModuleKey(String name, ManagedHardwareSecurityModuleKeyArgs args, CustomResourceOptions options)
type: azure:keyvault:ManagedHardwareSecurityModuleKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedHardwareSecurityModuleKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedHardwareSecurityModuleKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedHardwareSecurityModuleKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedHardwareSecurityModuleKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedHardwareSecurityModuleKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managedHardwareSecurityModuleKeyResource = new Azure.KeyVault.ManagedHardwareSecurityModuleKey("managedHardwareSecurityModuleKeyResource", new()
{
KeyOpts = new[]
{
"string",
},
KeyType = "string",
ManagedHsmId = "string",
Curve = "string",
ExpirationDate = "string",
KeySize = 0,
Name = "string",
NotBeforeDate = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewManagedHardwareSecurityModuleKey(ctx, "managedHardwareSecurityModuleKeyResource", &keyvault.ManagedHardwareSecurityModuleKeyArgs{
KeyOpts: pulumi.StringArray{
pulumi.String("string"),
},
KeyType: pulumi.String("string"),
ManagedHsmId: pulumi.String("string"),
Curve: pulumi.String("string"),
ExpirationDate: pulumi.String("string"),
KeySize: pulumi.Int(0),
Name: pulumi.String("string"),
NotBeforeDate: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var managedHardwareSecurityModuleKeyResource = new ManagedHardwareSecurityModuleKey("managedHardwareSecurityModuleKeyResource", ManagedHardwareSecurityModuleKeyArgs.builder()
.keyOpts("string")
.keyType("string")
.managedHsmId("string")
.curve("string")
.expirationDate("string")
.keySize(0)
.name("string")
.notBeforeDate("string")
.tags(Map.of("string", "string"))
.build());
managed_hardware_security_module_key_resource = azure.keyvault.ManagedHardwareSecurityModuleKey("managedHardwareSecurityModuleKeyResource",
key_opts=["string"],
key_type="string",
managed_hsm_id="string",
curve="string",
expiration_date="string",
key_size=0,
name="string",
not_before_date="string",
tags={
"string": "string",
})
const managedHardwareSecurityModuleKeyResource = new azure.keyvault.ManagedHardwareSecurityModuleKey("managedHardwareSecurityModuleKeyResource", {
keyOpts: ["string"],
keyType: "string",
managedHsmId: "string",
curve: "string",
expirationDate: "string",
keySize: 0,
name: "string",
notBeforeDate: "string",
tags: {
string: "string",
},
});
type: azure:keyvault:ManagedHardwareSecurityModuleKey
properties:
curve: string
expirationDate: string
keyOpts:
- string
keySize: 0
keyType: string
managedHsmId: string
name: string
notBeforeDate: string
tags:
string: string
ManagedHardwareSecurityModuleKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagedHardwareSecurityModuleKey resource accepts the following input properties:
- Key
Opts List<string> - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - Key
Type string - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - Managed
Hsm stringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- Curve string
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- Key
Size int - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - Name string
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- Not
Before stringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Key
Opts []string - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - Key
Type string - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - Managed
Hsm stringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- Curve string
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- Key
Size int - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - Name string
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- Not
Before stringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- map[string]string
- A mapping of tags to assign to the resource.
- key
Opts List<String> - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key
Type String - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed
Hsm StringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- curve String
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key
Size Integer - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - name String
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not
Before StringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Map<String,String>
- A mapping of tags to assign to the resource.
- key
Opts string[] - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key
Type string - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed
Hsm stringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- curve string
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key
Size number - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - name string
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not
Before stringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- {[key: string]: string}
- A mapping of tags to assign to the resource.
- key_
opts Sequence[str] - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key_
type str - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed_
hsm_ strid - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- curve str
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration_
date str - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key_
size int - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - name str
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not_
before_ strdate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Mapping[str, str]
- A mapping of tags to assign to the resource.
- key
Opts List<String> - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key
Type String - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed
Hsm StringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- curve String
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key
Size Number - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - name String
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not
Before StringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Map<String>
- A mapping of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModuleKey resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Versioned
Id string - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- Id string
- The provider-assigned unique ID for this managed resource.
- Versioned
Id string - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- id String
- The provider-assigned unique ID for this managed resource.
- versioned
Id String - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- id string
- The provider-assigned unique ID for this managed resource.
- versioned
Id string - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- id str
- The provider-assigned unique ID for this managed resource.
- versioned_
id str - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- id String
- The provider-assigned unique ID for this managed resource.
- versioned
Id String - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
Look up Existing ManagedHardwareSecurityModuleKey Resource
Get an existing ManagedHardwareSecurityModuleKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleKeyState, opts?: CustomResourceOptions): ManagedHardwareSecurityModuleKey
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
curve: Optional[str] = None,
expiration_date: Optional[str] = None,
key_opts: Optional[Sequence[str]] = None,
key_size: Optional[int] = None,
key_type: Optional[str] = None,
managed_hsm_id: Optional[str] = None,
name: Optional[str] = None,
not_before_date: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
versioned_id: Optional[str] = None) -> ManagedHardwareSecurityModuleKey
func GetManagedHardwareSecurityModuleKey(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleKeyState, opts ...ResourceOption) (*ManagedHardwareSecurityModuleKey, error)
public static ManagedHardwareSecurityModuleKey Get(string name, Input<string> id, ManagedHardwareSecurityModuleKeyState? state, CustomResourceOptions? opts = null)
public static ManagedHardwareSecurityModuleKey get(String name, Output<String> id, ManagedHardwareSecurityModuleKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Curve string
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- Key
Opts List<string> - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - Key
Size int - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - Key
Type string - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - Managed
Hsm stringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- Not
Before stringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Versioned
Id string - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- Curve string
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - Expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- Key
Opts []string - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - Key
Size int - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - Key
Type string - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - Managed
Hsm stringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- Not
Before stringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- map[string]string
- A mapping of tags to assign to the resource.
- Versioned
Id string - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- curve String
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key
Opts List<String> - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key
Size Integer - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - key
Type String - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed
Hsm StringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not
Before StringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Map<String,String>
- A mapping of tags to assign to the resource.
- versioned
Id String - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- curve string
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration
Date string - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key
Opts string[] - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key
Size number - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - key
Type string - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed
Hsm stringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- name string
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not
Before stringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- {[key: string]: string}
- A mapping of tags to assign to the resource.
- versioned
Id string - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- curve str
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration_
date str - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key_
opts Sequence[str] - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key_
size int - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - key_
type str - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed_
hsm_ strid - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- name str
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not_
before_ strdate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Mapping[str, str]
- A mapping of tags to assign to the resource.
- versioned_
id str - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
- curve String
- Specifies the curve to use when creating an
EC-HSM
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field is required ifkey_type
isEC-HSM
. Changing this forces a new resource to be created. - expiration
Date String - Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
- key
Opts List<String> - A list of JSON web key operations. Possible values include:
decrypt
,encrypt
,sign
,unwrapKey
,verify
andwrapKey
. Please note these values are case-sensitive. - key
Size Number - Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if
key_type
isRSA-HSM
. Changing this forces a new resource to be created. - key
Type String - Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are
EC-HSM
andRSA-HSM
. Changing this forces a new resource to be created. - managed
Hsm StringId - Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.
- not
Before StringDate Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
Note: Once
expiration_date
is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.- Map<String>
- A mapping of tags to assign to the resource.
- versioned
Id String - The versioned Key Vault Secret Managed Hardware Security Module Key ID.
Import
Key Vault Managed Hardware Security Module Key can be imported using the resource id
, e.g.
$ pulumi import azure:keyvault/managedHardwareSecurityModuleKey:ManagedHardwareSecurityModuleKey example https://exampleHSM.managedhsm.azure.net/keys/exampleKey
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.