Key
Manages a Key Vault Key.
Example Usage
Note: To use this resource, your client should have RBAC roles with permissions like
Key Vault Crypto OfficerorKey Vault Administratoror an assigned Key Vault Access Policy with permissionsCreate,Delete,Get,Purge,Recover,UpdateandGetRotationPolicyfor keys without Rotation Policy. IncludeSetRotationPolicyfor keys with Rotation Policy. Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Key resource on destroy, rather than the default soft-delete. Seepurge_soft_deleted_keys_on_destroyfor more information.
Additional Examples
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.keyvault.inputs.KeyRotationPolicyArgs;
import com.pulumi.azure.keyvault.inputs.KeyRotationPolicyAutomaticArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("examplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.softDeleteRetentionDays(7)
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Delete",
"Get",
"Purge",
"Recover",
"Update",
"GetRotationPolicy",
"SetRotationPolicy")
.secretPermissions("Set")
.build())
.build());
var generated = new Key("generated", KeyArgs.builder()
.name("generated-certificate")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.rotationPolicy(KeyRotationPolicyArgs.builder()
.automatic(KeyRotationPolicyAutomaticArgs.builder()
.timeBeforeExpiry("P30D")
.build())
.expireAfter("P90D")
.notifyBeforeExpiry("P29D")
.build())
.build());
}
}Content copied to clipboard
Import
Key Vault Key which is Enabled can be imported using the resource id, e.g.
$ pulumi import azure:keyvault/key:Key example "https://example-keyvault.vault.azure.net/keys/example/fdf067c93bbb4b22bff4d8b7a9a56217"Content copied to clipboard
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard