pulumi-azure-kotlin/com.pulumi.azure.keyvault.kotlin/ManagedHardwareSecurityModule

ManagedHardwareSecurityModule

class ManagedHardwareSecurityModule : KotlinCustomResource

Manages a Key Vault Managed Hardware Security Module.

Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module resource on destroy, rather than the default soft-delete. See purge_soft_deleted_hardware_security_modules_on_destroy for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleManagedHardwareSecurityModule = new azure.keyvault.ManagedHardwareSecurityModule("example", {
    name: "exampleKVHsm",
    resourceGroupName: example.name,
    location: example.location,
    skuName: "Standard_B1",
    purgeProtectionEnabled: false,
    softDeleteRetentionDays: 90,
    tenantId: current.then(current => current.tenantId),
    adminObjectIds: [current.then(current => current.objectId)],
    tags: {
        Env: "Test",
    },
});
Content copied to clipboard
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_managed_hardware_security_module = azure.keyvault.ManagedHardwareSecurityModule("example",
    name="exampleKVHsm",
    resource_group_name=example.name,
    location=example.location,
    sku_name="Standard_B1",
    purge_protection_enabled=False,
    soft_delete_retention_days=90,
    tenant_id=current.tenant_id,
    admin_object_ids=[current.object_id],
    tags={
        "Env": "Test",
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
    var current = Azure.Core.GetClientConfig.Invoke();
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });
    var exampleManagedHardwareSecurityModule = new Azure.KeyVault.ManagedHardwareSecurityModule("example", new()
    {
        Name = "exampleKVHsm",
        ResourceGroupName = example.Name,
        Location = example.Location,
        SkuName = "Standard_B1",
        PurgeProtectionEnabled = false,
        SoftDeleteRetentionDays = 90,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        AdminObjectIds = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
        Tags =
        {
            { "Env", "Test" },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = keyvault.NewManagedHardwareSecurityModule(ctx, "example", &keyvault.ManagedHardwareSecurityModuleArgs{
			Name:                    pulumi.String("exampleKVHsm"),
			ResourceGroupName:       example.Name,
			Location:                example.Location,
			SkuName:                 pulumi.String("Standard_B1"),
			PurgeProtectionEnabled:  pulumi.Bool(false),
			SoftDeleteRetentionDays: pulumi.Int(90),
			TenantId:                pulumi.String(current.TenantId),
			AdminObjectIds: pulumi.StringArray{
				pulumi.String(current.ObjectId),
			},
			Tags: pulumi.StringMap{
				"Env": pulumi.String("Test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.ManagedHardwareSecurityModule;
import com.pulumi.azure.keyvault.ManagedHardwareSecurityModuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());
        var exampleManagedHardwareSecurityModule = new ManagedHardwareSecurityModule("exampleManagedHardwareSecurityModule", ManagedHardwareSecurityModuleArgs.builder()
            .name("exampleKVHsm")
            .resourceGroupName(example.name())
            .location(example.location())
            .skuName("Standard_B1")
            .purgeProtectionEnabled(false)
            .softDeleteRetentionDays(90)
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .adminObjectIds(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .tags(Map.of("Env", "Test"))
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleManagedHardwareSecurityModule:
    type: azure:keyvault:ManagedHardwareSecurityModule
    name: example
    properties:
      name: exampleKVHsm
      resourceGroupName: ${example.name}
      location: ${example.location}
      skuName: Standard_B1
      purgeProtectionEnabled: false
      softDeleteRetentionDays: 90
      tenantId: ${current.tenantId}
      adminObjectIds:
        - ${current.objectId}
      tags:
        Env: Test
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}
Content copied to clipboard

Import

Key Vault Managed Hardware Security Module can be imported using the resource id, e.g.

$ pulumi import azure:keyvault/managedHardwareSecurityModule:ManagedHardwareSecurityModule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1
Content copied to clipboard

Properties

Link copied to clipboard
val adminObjectIds: Output<List<String>>

Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Link copied to clipboard
val hsmUri: Output<String>

The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val location: Output<String>

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

Link copied to clipboard
val name: Output<String>

Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Link copied to clipboard
val networkAcls: Output<ManagedHardwareSecurityModuleNetworkAcls>

A network_acls block as defined below.

Link copied to clipboard
val publicNetworkAccessEnabled: Output<Boolean>?

Whether traffic from public networks is permitted. Defaults to true. Changing this forces a new resource to be created.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val purgeProtectionEnabled: Output<Boolean>?

Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created.

Link copied to clipboard
val resourceGroupName: Output<String>

The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Link copied to clipboard
val securityDomainEncryptedData: Output<String>

This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain.

Link copied to clipboard
val securityDomainKeyVaultCertificateIds: Output<List<String>>?

A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see activate-your-managed-hsm

Link copied to clipboard
val securityDomainQuorum: Output<Int>?

Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when security_domain_key_vault_certificate_ids is specified. Valid values are between 2 and 10.

Link copied to clipboard
val skuName: Output<String>

The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is Standard_B1. Changing this forces a new resource to be created.

Link copied to clipboard
val softDeleteRetentionDays: Output<Int>?

The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. Defaults to 90. Changing this forces a new resource to be created.

Link copied to clipboard
val tags: Output<Map<String, String>>?

A mapping of tags to assign to the resource.

Link copied to clipboard
val tenantId: Output<String>

The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created.

Link copied to clipboard
val urn: Output<String>