pulumi-azure-kotlin/com.pulumi.azure.keyvault.kotlin/ManagedHardwareSecurityModuleKey

ManagedHardwareSecurityModuleKey

class ManagedHardwareSecurityModuleKey : KotlinCustomResource

Manages a Key Vault Managed Hardware Security Module Key.

Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module Key resource on destroy, rather than the default soft-delete. See purge_soft_deleted_hardware_security_modules_on_destroy for more information.

resources:
  example:
    type: azure:keyvault:ManagedHardwareSecurityModule
    properties:
      name: example
      resourceGroupName: ${exampleAzurermResourceGroup.name}
      location: ${exampleAzurermResourceGroup.location}
      skuName: Standard_B1
      tenantId: ${current.tenantId}
      adminObjectIds:
        - ${current.objectId}
      purgeProtectionEnabled: false
      activeConfig:
        - securityDomainCertificate:
            - ${cert[0].id}
            - ${cert[1].id}
            - ${cert[2].id}
          securityDomainQuorum: 2
  # this gives your service principal the HSM Crypto User role which lets you create and destroy hsm keys
  hsm-crypto-user:
    type: azure:keyvault:ManagedHardwareSecurityModuleRoleAssignment
    properties:
      managedHsmId: ${test.id}
      name: 1e243909-064c-6ac3-84e9-1c8bf8d6ad22
      scope: /keys
      roleDefinitionId: /Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b
      principalId: ${current.objectId}
  # this gives your service principal the HSM Crypto Officer role which lets you purge hsm keys
  hsm-crypto-officer:
    type: azure:keyvault:ManagedHardwareSecurityModuleRoleAssignment
    properties:
      managedHsmId: ${test.id}
      name: 1e243909-064c-6ac3-84e9-1c8bf8d6ad23
      scope: /keys
      roleDefinitionId: /Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778
      principalId: ${current.objectId}
  exampleManagedHardwareSecurityModuleKey:
    type: azure:keyvault:ManagedHardwareSecurityModuleKey
    name: example
    properties:
      name: example
      managedHsmId: ${test.id}
      keyType: EC-HSM
      curve: P-521
      keyOpts:
        - sign
    options:
      dependsOn:
        - ${testAzurermKeyVaultManagedHardwareSecurityModuleRoleAssignment}
        - ${test1}
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}
Content copied to clipboard

API Providers

This resource uses the following Azure API Providers:

  • Microsoft.KeyVault: 2023-07-01

Import

Key Vault Managed Hardware Security Module Key can be imported using the resource id, e.g.

$ pulumi import azure:keyvault/managedHardwareSecurityModuleKey:ManagedHardwareSecurityModuleKey example https://exampleHSM.managedhsm.azure.net/keys/exampleKey
Content copied to clipboard

Properties

Link copied to clipboard
val curve: Output<String>?

Specifies the curve to use when creating an EC-HSM key. Possible values are P-256, P-256K, P-384, and P-521. This field is required if key_type is EC-HSM. Changing this forces a new resource to be created.

Link copied to clipboard
val expirationDate: Output<String>?

Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val keyOpts: Output<List<String>>

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify, wrapKey and import. Please note these values are case-sensitive.

Link copied to clipboard
val keySize: Output<Int>?

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA-HSM or oct-HSM. Changing this forces a new resource to be created.

Link copied to clipboard
val keyType: Output<String>

Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are EC-HSM, oct-HSM and RSA-HSM. More details see HSM-protected keys. Changing this forces a new resource to be created.

Link copied to clipboard
val managedHsmId: Output<String>

Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.

Link copied to clipboard
val name: Output<String>

Specifies the name of the Key Vault Managed Hardware Security Module Key. Changing this forces a new resource to be created.

Link copied to clipboard
val notBeforeDate: Output<String>?

Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val tags: Output<Map<String, String>>?

A mapping of tags to assign to the resource.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val versionedId: Output<String>

The versioned Key Vault Secret Managed Hardware Security Module Key ID.