Vault
Resource information with extended details. API Version: 2019-09-01.
Example Usage
Create a new vault or update an existing vault
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var vault = new AzureNative.KeyVault.Vault("vault", new()
{
Location = "westus",
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
AccessPolicies = new[]
{
new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
{
ObjectId = "00000000-0000-0000-0000-000000000000",
Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
{
Certificates = new[]
{
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge",
},
Keys = new[]
{
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge",
},
Secrets = new[]
{
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge",
},
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
},
EnabledForDeployment = true,
EnabledForDiskEncryption = true,
EnabledForTemplateDeployment = true,
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Family = "A",
Name = AzureNative.KeyVault.SkuName.Standard,
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
ResourceGroupName = "sample-resource-group",
VaultName = "sample-vault",
});
});Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vault = new Vault("vault", VaultArgs.builder()
.location("westus")
.properties(Map.ofEntries(
Map.entry("accessPolicies", Map.ofEntries(
Map.entry("objectId", "00000000-0000-0000-0000-000000000000"),
Map.entry("permissions", Map.ofEntries(
Map.entry("certificates",
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge"),
Map.entry("keys",
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge"),
Map.entry("secrets",
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge")
)),
Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
)),
Map.entry("enabledForDeployment", true),
Map.entry("enabledForDiskEncryption", true),
Map.entry("enabledForTemplateDeployment", true),
Map.entry("sku", Map.ofEntries(
Map.entry("family", "A"),
Map.entry("name", "standard")
)),
Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
))
.resourceGroupName("sample-resource-group")
.vaultName("sample-vault")
.build());
}
}Content copied to clipboard
Create or update a vault with network acls
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var vault = new AzureNative.KeyVault.Vault("vault", new()
{
Location = "westus",
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
EnabledForDeployment = true,
EnabledForDiskEncryption = true,
EnabledForTemplateDeployment = true,
NetworkAcls = new AzureNative.KeyVault.Inputs.NetworkRuleSetArgs
{
Bypass = "AzureServices",
DefaultAction = "Deny",
IpRules = new[]
{
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "124.56.78.91",
},
new AzureNative.KeyVault.Inputs.IPRuleArgs
{
Value = "'10.91.4.0/24'",
},
},
VirtualNetworkRules = new[]
{
new AzureNative.KeyVault.Inputs.VirtualNetworkRuleArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1",
},
},
},
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Family = "A",
Name = AzureNative.KeyVault.SkuName.Standard,
},
TenantId = "00000000-0000-0000-0000-000000000000",
},
ResourceGroupName = "sample-resource-group",
VaultName = "sample-vault",
});
});Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Vault;
import com.pulumi.azurenative.keyvault.VaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vault = new Vault("vault", VaultArgs.builder()
.location("westus")
.properties(Map.ofEntries(
Map.entry("enabledForDeployment", true),
Map.entry("enabledForDiskEncryption", true),
Map.entry("enabledForTemplateDeployment", true),
Map.entry("networkAcls", Map.ofEntries(
Map.entry("bypass", "AzureServices"),
Map.entry("defaultAction", "Deny"),
Map.entry("ipRules",
Map.of("value", "124.56.78.91"),
Map.of("value", "'10.91.4.0/24'")),
Map.entry("virtualNetworkRules", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1"))
)),
Map.entry("sku", Map.ofEntries(
Map.entry("family", "A"),
Map.entry("name", "standard")
)),
Map.entry("tenantId", "00000000-0000-0000-0000-000000000000")
))
.resourceGroupName("sample-resource-group")
.vaultName("sample-vault")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:keyvault:Vault sample-vault /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sample-resource-group/providers/Microsoft.KeyVault/vaults/sample-vaultContent copied to clipboard