1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. ManagedHardwareSecurityModuleRoleDefinition

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages a KeyVault Managed Hardware Security Module Role Definition. This resource works together with Managed hardware security module resource.

    Example Usage

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    resources:
      example:
        type: azure:keyvault:ManagedHardwareSecurityModule
        properties:
          name: example
          resourceGroupName: ${exampleAzurermResourceGroup.name}
          location: ${exampleAzurermResourceGroup.location}
          skuName: Standard_B1
          tenantId: ${current.tenantId}
          adminObjectIds:
            - ${current.objectId}
          purgeProtectionEnabled: false
          activeConfig:
            - securityDomainCertificate:
                - ${cert[0].id}
                - ${cert[1].id}
                - ${cert[2].id}
              securityDomainQuorum: 2
      exampleManagedHardwareSecurityModuleRoleDefinition:
        type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
        name: example
        properties:
          name: 7d206142-bf01-11ed-80bc-00155d61ee9e
          vaultBaseUrl: ${example.hsmUri}
          description: desc foo
          permissions:
            - dataActions:
                - Microsoft.KeyVault/managedHsm/keys/read/action
    

    Create ManagedHardwareSecurityModuleRoleDefinition Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ManagedHardwareSecurityModuleRoleDefinition(name: string, args: ManagedHardwareSecurityModuleRoleDefinitionArgs, opts?: CustomResourceOptions);
    @overload
    def ManagedHardwareSecurityModuleRoleDefinition(resource_name: str,
                                                    args: ManagedHardwareSecurityModuleRoleDefinitionArgs,
                                                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def ManagedHardwareSecurityModuleRoleDefinition(resource_name: str,
                                                    opts: Optional[ResourceOptions] = None,
                                                    managed_hsm_id: Optional[str] = None,
                                                    description: Optional[str] = None,
                                                    name: Optional[str] = None,
                                                    permissions: Optional[Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]] = None,
                                                    role_name: Optional[str] = None)
    func NewManagedHardwareSecurityModuleRoleDefinition(ctx *Context, name string, args ManagedHardwareSecurityModuleRoleDefinitionArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModuleRoleDefinition, error)
    public ManagedHardwareSecurityModuleRoleDefinition(string name, ManagedHardwareSecurityModuleRoleDefinitionArgs args, CustomResourceOptions? opts = null)
    public ManagedHardwareSecurityModuleRoleDefinition(String name, ManagedHardwareSecurityModuleRoleDefinitionArgs args)
    public ManagedHardwareSecurityModuleRoleDefinition(String name, ManagedHardwareSecurityModuleRoleDefinitionArgs args, CustomResourceOptions options)
    
    type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ManagedHardwareSecurityModuleRoleDefinitionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ManagedHardwareSecurityModuleRoleDefinitionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ManagedHardwareSecurityModuleRoleDefinitionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ManagedHardwareSecurityModuleRoleDefinitionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ManagedHardwareSecurityModuleRoleDefinitionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var managedHardwareSecurityModuleRoleDefinitionResource = new Azure.KeyVault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", new()
    {
        ManagedHsmId = "string",
        Description = "string",
        Name = "string",
        Permissions = new[]
        {
            new Azure.KeyVault.Inputs.ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs
            {
                Actions = new[]
                {
                    "string",
                },
                DataActions = new[]
                {
                    "string",
                },
                NotActions = new[]
                {
                    "string",
                },
                NotDataActions = new[]
                {
                    "string",
                },
            },
        },
        RoleName = "string",
    });
    
    example, err := keyvault.NewManagedHardwareSecurityModuleRoleDefinition(ctx, "managedHardwareSecurityModuleRoleDefinitionResource", &keyvault.ManagedHardwareSecurityModuleRoleDefinitionArgs{
    	ManagedHsmId: pulumi.String("string"),
    	Description:  pulumi.String("string"),
    	Name:         pulumi.String("string"),
    	Permissions: keyvault.ManagedHardwareSecurityModuleRoleDefinitionPermissionArray{
    		&keyvault.ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DataActions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			NotActions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			NotDataActions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	RoleName: pulumi.String("string"),
    })
    
    var managedHardwareSecurityModuleRoleDefinitionResource = new ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", ManagedHardwareSecurityModuleRoleDefinitionArgs.builder()
        .managedHsmId("string")
        .description("string")
        .name("string")
        .permissions(ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs.builder()
            .actions("string")
            .dataActions("string")
            .notActions("string")
            .notDataActions("string")
            .build())
        .roleName("string")
        .build());
    
    managed_hardware_security_module_role_definition_resource = azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource",
        managed_hsm_id="string",
        description="string",
        name="string",
        permissions=[{
            "actions": ["string"],
            "data_actions": ["string"],
            "not_actions": ["string"],
            "not_data_actions": ["string"],
        }],
        role_name="string")
    
    const managedHardwareSecurityModuleRoleDefinitionResource = new azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", {
        managedHsmId: "string",
        description: "string",
        name: "string",
        permissions: [{
            actions: ["string"],
            dataActions: ["string"],
            notActions: ["string"],
            notDataActions: ["string"],
        }],
        roleName: "string",
    });
    
    type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
    properties:
        description: string
        managedHsmId: string
        name: string
        permissions:
            - actions:
                - string
              dataActions:
                - string
              notActions:
                - string
              notDataActions:
                - string
        roleName: string
    

    ManagedHardwareSecurityModuleRoleDefinition Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ManagedHardwareSecurityModuleRoleDefinition resource accepts the following input properties:

    ManagedHsmId string
    Description string
    Specifies a text description about this KeyVault Role Definition.
    Name string
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    Permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>
    One or more permission blocks as defined below.
    RoleName string
    Specify a name for this KeyVault Role Definition.
    ManagedHsmId string
    Description string
    Specifies a text description about this KeyVault Role Definition.
    Name string
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    Permissions []ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs
    One or more permission blocks as defined below.
    RoleName string
    Specify a name for this KeyVault Role Definition.
    managedHsmId String
    description String
    Specifies a text description about this KeyVault Role Definition.
    name String
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>
    One or more permission blocks as defined below.
    roleName String
    Specify a name for this KeyVault Role Definition.
    managedHsmId string
    description string
    Specifies a text description about this KeyVault Role Definition.
    name string
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions ManagedHardwareSecurityModuleRoleDefinitionPermission[]
    One or more permission blocks as defined below.
    roleName string
    Specify a name for this KeyVault Role Definition.
    managed_hsm_id str
    description str
    Specifies a text description about this KeyVault Role Definition.
    name str
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]
    One or more permission blocks as defined below.
    role_name str
    Specify a name for this KeyVault Role Definition.
    managedHsmId String
    description String
    Specifies a text description about this KeyVault Role Definition.
    name String
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions List<Property Map>
    One or more permission blocks as defined below.
    roleName String
    Specify a name for this KeyVault Role Definition.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModuleRoleDefinition resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceManagerId string
    The ID of the role definition resource without Key Vault base URL.
    RoleType string
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceManagerId string
    The ID of the role definition resource without Key Vault base URL.
    RoleType string
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceManagerId String
    The ID of the role definition resource without Key Vault base URL.
    roleType String
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    id string
    The provider-assigned unique ID for this managed resource.
    resourceManagerId string
    The ID of the role definition resource without Key Vault base URL.
    roleType string
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    id str
    The provider-assigned unique ID for this managed resource.
    resource_manager_id str
    The ID of the role definition resource without Key Vault base URL.
    role_type str
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceManagerId String
    The ID of the role definition resource without Key Vault base URL.
    roleType String
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

    Look up Existing ManagedHardwareSecurityModuleRoleDefinition Resource

    Get an existing ManagedHardwareSecurityModuleRoleDefinition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleRoleDefinitionState, opts?: CustomResourceOptions): ManagedHardwareSecurityModuleRoleDefinition
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            managed_hsm_id: Optional[str] = None,
            name: Optional[str] = None,
            permissions: Optional[Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]] = None,
            resource_manager_id: Optional[str] = None,
            role_name: Optional[str] = None,
            role_type: Optional[str] = None) -> ManagedHardwareSecurityModuleRoleDefinition
    func GetManagedHardwareSecurityModuleRoleDefinition(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleRoleDefinitionState, opts ...ResourceOption) (*ManagedHardwareSecurityModuleRoleDefinition, error)
    public static ManagedHardwareSecurityModuleRoleDefinition Get(string name, Input<string> id, ManagedHardwareSecurityModuleRoleDefinitionState? state, CustomResourceOptions? opts = null)
    public static ManagedHardwareSecurityModuleRoleDefinition get(String name, Output<String> id, ManagedHardwareSecurityModuleRoleDefinitionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string
    Specifies a text description about this KeyVault Role Definition.
    ManagedHsmId string
    Name string
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    Permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>
    One or more permission blocks as defined below.
    ResourceManagerId string
    The ID of the role definition resource without Key Vault base URL.
    RoleName string
    Specify a name for this KeyVault Role Definition.
    RoleType string
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    Description string
    Specifies a text description about this KeyVault Role Definition.
    ManagedHsmId string
    Name string
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    Permissions []ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs
    One or more permission blocks as defined below.
    ResourceManagerId string
    The ID of the role definition resource without Key Vault base URL.
    RoleName string
    Specify a name for this KeyVault Role Definition.
    RoleType string
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    description String
    Specifies a text description about this KeyVault Role Definition.
    managedHsmId String
    name String
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>
    One or more permission blocks as defined below.
    resourceManagerId String
    The ID of the role definition resource without Key Vault base URL.
    roleName String
    Specify a name for this KeyVault Role Definition.
    roleType String
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    description string
    Specifies a text description about this KeyVault Role Definition.
    managedHsmId string
    name string
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions ManagedHardwareSecurityModuleRoleDefinitionPermission[]
    One or more permission blocks as defined below.
    resourceManagerId string
    The ID of the role definition resource without Key Vault base URL.
    roleName string
    Specify a name for this KeyVault Role Definition.
    roleType string
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    description str
    Specifies a text description about this KeyVault Role Definition.
    managed_hsm_id str
    name str
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]
    One or more permission blocks as defined below.
    resource_manager_id str
    The ID of the role definition resource without Key Vault base URL.
    role_name str
    Specify a name for this KeyVault Role Definition.
    role_type str
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.
    description String
    Specifies a text description about this KeyVault Role Definition.
    managedHsmId String
    name String
    The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
    permissions List<Property Map>
    One or more permission blocks as defined below.
    resourceManagerId String
    The ID of the role definition resource without Key Vault base URL.
    roleName String
    Specify a name for this KeyVault Role Definition.
    roleType String
    The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

    Supporting Types

    ManagedHardwareSecurityModuleRoleDefinitionPermission, ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs

    Actions List<string>
    One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    DataActions List<string>
    Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    NotActions List<string>
    One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    NotDataActions List<string>
    Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    Actions []string
    One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    DataActions []string
    Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    NotActions []string
    One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    NotDataActions []string
    Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    actions List<String>
    One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    dataActions List<String>
    Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    notActions List<String>
    One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    notDataActions List<String>
    Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    actions string[]
    One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    dataActions string[]
    Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    notActions string[]
    One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    notDataActions string[]
    Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    actions Sequence[str]
    One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    data_actions Sequence[str]
    Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    not_actions Sequence[str]
    One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    not_data_actions Sequence[str]
    Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    actions List<String>
    One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    dataActions List<String>
    Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
    notActions List<String>
    One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
    notDataActions List<String>
    Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

    Import

    KeyVaults can be imported using the resource id, e.g.

    $ pulumi import azure:keyvault/managedHardwareSecurityModuleRoleDefinition:ManagedHardwareSecurityModuleRoleDefinition example https://0000.managedhsm.azure.net///RoleDefinition/00000000-0000-0000-0000-000000000000
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi