1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. ManagedHardwareSecurityModule

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

azure.keyvault.ManagedHardwareSecurityModule

Explore with Pulumi AI

Manages a Key Vault Managed Hardware Security Module.

Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module resource on destroy, rather than the default soft-delete. See purge_soft_deleted_hardware_security_modules_on_destroy for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleManagedHardwareSecurityModule = new azure.keyvault.ManagedHardwareSecurityModule("example", {
    name: "exampleKVHsm",
    resourceGroupName: example.name,
    location: example.location,
    skuName: "Standard_B1",
    purgeProtectionEnabled: false,
    softDeleteRetentionDays: 90,
    tenantId: current.then(current => current.tenantId),
    adminObjectIds: [current.then(current => current.objectId)],
    tags: {
        Env: "Test",
    },
});
Copy
import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_managed_hardware_security_module = azure.keyvault.ManagedHardwareSecurityModule("example",
    name="exampleKVHsm",
    resource_group_name=example.name,
    location=example.location,
    sku_name="Standard_B1",
    purge_protection_enabled=False,
    soft_delete_retention_days=90,
    tenant_id=current.tenant_id,
    admin_object_ids=[current.object_id],
    tags={
        "Env": "Test",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = keyvault.NewManagedHardwareSecurityModule(ctx, "example", &keyvault.ManagedHardwareSecurityModuleArgs{
			Name:                    pulumi.String("exampleKVHsm"),
			ResourceGroupName:       example.Name,
			Location:                example.Location,
			SkuName:                 pulumi.String("Standard_B1"),
			PurgeProtectionEnabled:  pulumi.Bool(false),
			SoftDeleteRetentionDays: pulumi.Int(90),
			TenantId:                pulumi.String(current.TenantId),
			AdminObjectIds: pulumi.StringArray{
				pulumi.String(current.ObjectId),
			},
			Tags: pulumi.StringMap{
				"Env": pulumi.String("Test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleManagedHardwareSecurityModule = new Azure.KeyVault.ManagedHardwareSecurityModule("example", new()
    {
        Name = "exampleKVHsm",
        ResourceGroupName = example.Name,
        Location = example.Location,
        SkuName = "Standard_B1",
        PurgeProtectionEnabled = false,
        SoftDeleteRetentionDays = 90,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        AdminObjectIds = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
        Tags = 
        {
            { "Env", "Test" },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.ManagedHardwareSecurityModule;
import com.pulumi.azure.keyvault.ManagedHardwareSecurityModuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleManagedHardwareSecurityModule = new ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule", ManagedHardwareSecurityModuleArgs.builder()
            .name("exampleKVHsm")
            .resourceGroupName(example.name())
            .location(example.location())
            .skuName("Standard_B1")
            .purgeProtectionEnabled(false)
            .softDeleteRetentionDays(90)
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .adminObjectIds(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .tags(Map.of("Env", "Test"))
            .build());

    }
}
Copy
resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleManagedHardwareSecurityModule:
    type: azure:keyvault:ManagedHardwareSecurityModule
    name: example
    properties:
      name: exampleKVHsm
      resourceGroupName: ${example.name}
      location: ${example.location}
      skuName: Standard_B1
      purgeProtectionEnabled: false
      softDeleteRetentionDays: 90
      tenantId: ${current.tenantId}
      adminObjectIds:
        - ${current.objectId}
      tags:
        Env: Test
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}
Copy

Create ManagedHardwareSecurityModule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagedHardwareSecurityModule(name: string, args: ManagedHardwareSecurityModuleArgs, opts?: CustomResourceOptions);
@overload
def ManagedHardwareSecurityModule(resource_name: str,
                                  args: ManagedHardwareSecurityModuleArgs,
                                  opts: Optional[ResourceOptions] = None)

@overload
def ManagedHardwareSecurityModule(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  sku_name: Optional[str] = None,
                                  resource_group_name: Optional[str] = None,
                                  admin_object_ids: Optional[Sequence[str]] = None,
                                  tenant_id: Optional[str] = None,
                                  location: Optional[str] = None,
                                  name: Optional[str] = None,
                                  network_acls: Optional[ManagedHardwareSecurityModuleNetworkAclsArgs] = None,
                                  public_network_access_enabled: Optional[bool] = None,
                                  purge_protection_enabled: Optional[bool] = None,
                                  security_domain_key_vault_certificate_ids: Optional[Sequence[str]] = None,
                                  security_domain_quorum: Optional[int] = None,
                                  soft_delete_retention_days: Optional[int] = None,
                                  tags: Optional[Mapping[str, str]] = None)
func NewManagedHardwareSecurityModule(ctx *Context, name string, args ManagedHardwareSecurityModuleArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)
public ManagedHardwareSecurityModule(string name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions? opts = null)
public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args)
public ManagedHardwareSecurityModule(String name, ManagedHardwareSecurityModuleArgs args, CustomResourceOptions options)
type: azure:keyvault:ManagedHardwareSecurityModule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. ManagedHardwareSecurityModuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. ManagedHardwareSecurityModuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. ManagedHardwareSecurityModuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. ManagedHardwareSecurityModuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ManagedHardwareSecurityModuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managedHardwareSecurityModuleResource = new Azure.KeyVault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", new()
{
    SkuName = "string",
    ResourceGroupName = "string",
    AdminObjectIds = new[]
    {
        "string",
    },
    TenantId = "string",
    Location = "string",
    Name = "string",
    NetworkAcls = new Azure.KeyVault.Inputs.ManagedHardwareSecurityModuleNetworkAclsArgs
    {
        Bypass = "string",
        DefaultAction = "string",
    },
    PublicNetworkAccessEnabled = false,
    PurgeProtectionEnabled = false,
    SecurityDomainKeyVaultCertificateIds = new[]
    {
        "string",
    },
    SecurityDomainQuorum = 0,
    SoftDeleteRetentionDays = 0,
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := keyvault.NewManagedHardwareSecurityModule(ctx, "managedHardwareSecurityModuleResource", &keyvault.ManagedHardwareSecurityModuleArgs{
	SkuName:           pulumi.String("string"),
	ResourceGroupName: pulumi.String("string"),
	AdminObjectIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	TenantId: pulumi.String("string"),
	Location: pulumi.String("string"),
	Name:     pulumi.String("string"),
	NetworkAcls: &keyvault.ManagedHardwareSecurityModuleNetworkAclsArgs{
		Bypass:        pulumi.String("string"),
		DefaultAction: pulumi.String("string"),
	},
	PublicNetworkAccessEnabled: pulumi.Bool(false),
	PurgeProtectionEnabled:     pulumi.Bool(false),
	SecurityDomainKeyVaultCertificateIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	SecurityDomainQuorum:    pulumi.Int(0),
	SoftDeleteRetentionDays: pulumi.Int(0),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var managedHardwareSecurityModuleResource = new ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", ManagedHardwareSecurityModuleArgs.builder()
    .skuName("string")
    .resourceGroupName("string")
    .adminObjectIds("string")
    .tenantId("string")
    .location("string")
    .name("string")
    .networkAcls(ManagedHardwareSecurityModuleNetworkAclsArgs.builder()
        .bypass("string")
        .defaultAction("string")
        .build())
    .publicNetworkAccessEnabled(false)
    .purgeProtectionEnabled(false)
    .securityDomainKeyVaultCertificateIds("string")
    .securityDomainQuorum(0)
    .softDeleteRetentionDays(0)
    .tags(Map.of("string", "string"))
    .build());
Copy
managed_hardware_security_module_resource = azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource",
    sku_name="string",
    resource_group_name="string",
    admin_object_ids=["string"],
    tenant_id="string",
    location="string",
    name="string",
    network_acls={
        "bypass": "string",
        "default_action": "string",
    },
    public_network_access_enabled=False,
    purge_protection_enabled=False,
    security_domain_key_vault_certificate_ids=["string"],
    security_domain_quorum=0,
    soft_delete_retention_days=0,
    tags={
        "string": "string",
    })
Copy
const managedHardwareSecurityModuleResource = new azure.keyvault.ManagedHardwareSecurityModule("managedHardwareSecurityModuleResource", {
    skuName: "string",
    resourceGroupName: "string",
    adminObjectIds: ["string"],
    tenantId: "string",
    location: "string",
    name: "string",
    networkAcls: {
        bypass: "string",
        defaultAction: "string",
    },
    publicNetworkAccessEnabled: false,
    purgeProtectionEnabled: false,
    securityDomainKeyVaultCertificateIds: ["string"],
    securityDomainQuorum: 0,
    softDeleteRetentionDays: 0,
    tags: {
        string: "string",
    },
});
Copy
type: azure:keyvault:ManagedHardwareSecurityModule
properties:
    adminObjectIds:
        - string
    location: string
    name: string
    networkAcls:
        bypass: string
        defaultAction: string
    publicNetworkAccessEnabled: false
    purgeProtectionEnabled: false
    resourceGroupName: string
    securityDomainKeyVaultCertificateIds:
        - string
    securityDomainQuorum: 0
    skuName: string
    softDeleteRetentionDays: 0
    tags:
        string: string
    tenantId: string
Copy

ManagedHardwareSecurityModule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ManagedHardwareSecurityModule resource accepts the following input properties:

AdminObjectIds
This property is required.
Changes to this property will trigger replacement.
List<string>
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName
This property is required.
Changes to this property will trigger replacement.
string
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
TenantId
This property is required.
Changes to this property will trigger replacement.
string
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
Location Changes to this property will trigger replacement. string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name Changes to this property will trigger replacement. string
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAcls
A network_acls block as defined below.
PublicNetworkAccessEnabled bool
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled Changes to this property will trigger replacement. bool
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
SecurityDomainKeyVaultCertificateIds List<string>
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SoftDeleteRetentionDays Changes to this property will trigger replacement. int
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags Dictionary<string, string>
A mapping of tags to assign to the resource.
AdminObjectIds
This property is required.
Changes to this property will trigger replacement.
[]string
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SkuName
This property is required.
Changes to this property will trigger replacement.
string
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
TenantId
This property is required.
Changes to this property will trigger replacement.
string
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
Location Changes to this property will trigger replacement. string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name Changes to this property will trigger replacement. string
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAclsArgs
A network_acls block as defined below.
PublicNetworkAccessEnabled bool
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled Changes to this property will trigger replacement. bool
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
SecurityDomainKeyVaultCertificateIds []string
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SoftDeleteRetentionDays Changes to this property will trigger replacement. int
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags map[string]string
A mapping of tags to assign to the resource.
adminObjectIds
This property is required.
Changes to this property will trigger replacement.
List<String>
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName
This property is required.
Changes to this property will trigger replacement.
String
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId
This property is required.
Changes to this property will trigger replacement.
String
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location Changes to this property will trigger replacement. String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. String
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls
A network_acls block as defined below.
publicNetworkAccessEnabled Boolean
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Changes to this property will trigger replacement. Boolean
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
securityDomainKeyVaultCertificateIds List<String>
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Integer
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
softDeleteRetentionDays Changes to this property will trigger replacement. Integer
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String,String>
A mapping of tags to assign to the resource.
adminObjectIds
This property is required.
Changes to this property will trigger replacement.
string[]
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName
This property is required.
Changes to this property will trigger replacement.
string
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId
This property is required.
Changes to this property will trigger replacement.
string
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location Changes to this property will trigger replacement. string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. string
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls
A network_acls block as defined below.
publicNetworkAccessEnabled boolean
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Changes to this property will trigger replacement. boolean
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
securityDomainKeyVaultCertificateIds string[]
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum number
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
softDeleteRetentionDays Changes to this property will trigger replacement. number
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags {[key: string]: string}
A mapping of tags to assign to the resource.
admin_object_ids
This property is required.
Changes to this property will trigger replacement.
Sequence[str]
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resource_group_name
This property is required.
Changes to this property will trigger replacement.
str
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
sku_name
This property is required.
Changes to this property will trigger replacement.
str
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenant_id
This property is required.
Changes to this property will trigger replacement.
str
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location Changes to this property will trigger replacement. str
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. str
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
network_acls ManagedHardwareSecurityModuleNetworkAclsArgs
A network_acls block as defined below.
public_network_access_enabled bool
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purge_protection_enabled Changes to this property will trigger replacement. bool
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
security_domain_key_vault_certificate_ids Sequence[str]
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
security_domain_quorum int
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
soft_delete_retention_days Changes to this property will trigger replacement. int
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Mapping[str, str]
A mapping of tags to assign to the resource.
adminObjectIds
This property is required.
Changes to this property will trigger replacement.
List<String>
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
skuName
This property is required.
Changes to this property will trigger replacement.
String
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
tenantId
This property is required.
Changes to this property will trigger replacement.
String
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
location Changes to this property will trigger replacement. String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. String
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls Property Map
A network_acls block as defined below.
publicNetworkAccessEnabled Boolean
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Changes to this property will trigger replacement. Boolean
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
securityDomainKeyVaultCertificateIds List<String>
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Number
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
softDeleteRetentionDays Changes to this property will trigger replacement. Number
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String>
A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModule resource produces the following output properties:

HsmUri string
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Id string
The provider-assigned unique ID for this managed resource.
SecurityDomainEncryptedData string
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
HsmUri string
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Id string
The provider-assigned unique ID for this managed resource.
SecurityDomainEncryptedData string
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
hsmUri String
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id String
The provider-assigned unique ID for this managed resource.
securityDomainEncryptedData String
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
hsmUri string
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id string
The provider-assigned unique ID for this managed resource.
securityDomainEncryptedData string
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
hsm_uri str
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id str
The provider-assigned unique ID for this managed resource.
security_domain_encrypted_data str
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
hsmUri String
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
id String
The provider-assigned unique ID for this managed resource.
securityDomainEncryptedData String
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

Look up Existing ManagedHardwareSecurityModule Resource

Get an existing ManagedHardwareSecurityModule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleState, opts?: CustomResourceOptions): ManagedHardwareSecurityModule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admin_object_ids: Optional[Sequence[str]] = None,
        hsm_uri: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        network_acls: Optional[ManagedHardwareSecurityModuleNetworkAclsArgs] = None,
        public_network_access_enabled: Optional[bool] = None,
        purge_protection_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        security_domain_encrypted_data: Optional[str] = None,
        security_domain_key_vault_certificate_ids: Optional[Sequence[str]] = None,
        security_domain_quorum: Optional[int] = None,
        sku_name: Optional[str] = None,
        soft_delete_retention_days: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tenant_id: Optional[str] = None) -> ManagedHardwareSecurityModule
func GetManagedHardwareSecurityModule(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleState, opts ...ResourceOption) (*ManagedHardwareSecurityModule, error)
public static ManagedHardwareSecurityModule Get(string name, Input<string> id, ManagedHardwareSecurityModuleState? state, CustomResourceOptions? opts = null)
public static ManagedHardwareSecurityModule get(String name, Output<String> id, ManagedHardwareSecurityModuleState state, CustomResourceOptions options)
resources:  _:    type: azure:keyvault:ManagedHardwareSecurityModule    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AdminObjectIds Changes to this property will trigger replacement. List<string>
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
HsmUri string
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Location Changes to this property will trigger replacement. string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name Changes to this property will trigger replacement. string
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAcls
A network_acls block as defined below.
PublicNetworkAccessEnabled bool
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled Changes to this property will trigger replacement. bool
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
ResourceGroupName Changes to this property will trigger replacement. string
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SecurityDomainEncryptedData string
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
SecurityDomainKeyVaultCertificateIds List<string>
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SkuName Changes to this property will trigger replacement. string
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
SoftDeleteRetentionDays Changes to this property will trigger replacement. int
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags Dictionary<string, string>
A mapping of tags to assign to the resource.
TenantId Changes to this property will trigger replacement. string
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
AdminObjectIds Changes to this property will trigger replacement. []string
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
HsmUri string
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
Location Changes to this property will trigger replacement. string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name Changes to this property will trigger replacement. string
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
NetworkAcls ManagedHardwareSecurityModuleNetworkAclsArgs
A network_acls block as defined below.
PublicNetworkAccessEnabled bool
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
PurgeProtectionEnabled Changes to this property will trigger replacement. bool
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
ResourceGroupName Changes to this property will trigger replacement. string
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
SecurityDomainEncryptedData string
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
SecurityDomainKeyVaultCertificateIds []string
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
SecurityDomainQuorum int
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
SkuName Changes to this property will trigger replacement. string
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
SoftDeleteRetentionDays Changes to this property will trigger replacement. int
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
Tags map[string]string
A mapping of tags to assign to the resource.
TenantId Changes to this property will trigger replacement. string
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
adminObjectIds Changes to this property will trigger replacement. List<String>
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri String
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location Changes to this property will trigger replacement. String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. String
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls
A network_acls block as defined below.
publicNetworkAccessEnabled Boolean
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Changes to this property will trigger replacement. Boolean
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resourceGroupName Changes to this property will trigger replacement. String
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
securityDomainEncryptedData String
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
securityDomainKeyVaultCertificateIds List<String>
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Integer
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
skuName Changes to this property will trigger replacement. String
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Changes to this property will trigger replacement. Integer
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String,String>
A mapping of tags to assign to the resource.
tenantId Changes to this property will trigger replacement. String
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
adminObjectIds Changes to this property will trigger replacement. string[]
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri string
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location Changes to this property will trigger replacement. string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. string
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls ManagedHardwareSecurityModuleNetworkAcls
A network_acls block as defined below.
publicNetworkAccessEnabled boolean
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Changes to this property will trigger replacement. boolean
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resourceGroupName Changes to this property will trigger replacement. string
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
securityDomainEncryptedData string
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
securityDomainKeyVaultCertificateIds string[]
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum number
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
skuName Changes to this property will trigger replacement. string
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Changes to this property will trigger replacement. number
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags {[key: string]: string}
A mapping of tags to assign to the resource.
tenantId Changes to this property will trigger replacement. string
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
admin_object_ids Changes to this property will trigger replacement. Sequence[str]
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsm_uri str
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location Changes to this property will trigger replacement. str
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. str
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
network_acls ManagedHardwareSecurityModuleNetworkAclsArgs
A network_acls block as defined below.
public_network_access_enabled bool
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purge_protection_enabled Changes to this property will trigger replacement. bool
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resource_group_name Changes to this property will trigger replacement. str
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
security_domain_encrypted_data str
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
security_domain_key_vault_certificate_ids Sequence[str]
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
security_domain_quorum int
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
sku_name Changes to this property will trigger replacement. str
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
soft_delete_retention_days Changes to this property will trigger replacement. int
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Mapping[str, str]
A mapping of tags to assign to the resource.
tenant_id Changes to this property will trigger replacement. str
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
adminObjectIds Changes to this property will trigger replacement. List<String>
Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.
hsmUri String
The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.
location Changes to this property will trigger replacement. String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name Changes to this property will trigger replacement. String
Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
networkAcls Property Map
A network_acls block as defined below.
publicNetworkAccessEnabled Boolean
Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.
purgeProtectionEnabled Changes to this property will trigger replacement. Boolean
Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.
resourceGroupName Changes to this property will trigger replacement. String
The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.
securityDomainEncryptedData String
This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.
securityDomainKeyVaultCertificateIds List<String>
A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm
securityDomainQuorum Number
Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.
skuName Changes to this property will trigger replacement. String
The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.
softDeleteRetentionDays Changes to this property will trigger replacement. Number
The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.
tags Map<String>
A mapping of tags to assign to the resource.
tenantId Changes to this property will trigger replacement. String
The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Supporting Types

ManagedHardwareSecurityModuleNetworkAcls
, ManagedHardwareSecurityModuleNetworkAclsArgs

Bypass This property is required. string
Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
DefaultAction This property is required. string
The Default Action to use. Possible values are Allow and Deny.
Bypass This property is required. string
Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
DefaultAction This property is required. string
The Default Action to use. Possible values are Allow and Deny.
bypass This property is required. String
Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
defaultAction This property is required. String
The Default Action to use. Possible values are Allow and Deny.
bypass This property is required. string
Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
defaultAction This property is required. string
The Default Action to use. Possible values are Allow and Deny.
bypass This property is required. str
Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
default_action This property is required. str
The Default Action to use. Possible values are Allow and Deny.
bypass This property is required. String
Specifies which traffic can bypass the network rules. Possible values are AzureServices and None.
defaultAction This property is required. String
The Default Action to use. Possible values are Allow and Deny.

Import

Key Vault Managed Hardware Security Module can be imported using the resource id, e.g.

$ pulumi import azure:keyvault/managedHardwareSecurityModule:ManagedHardwareSecurityModule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.