az dataprotection backup-vault
Note
This reference is part of the dataprotection extension for the Azure CLI (version 2.57.0 or higher). The extension will automatically install the first time you run an az dataprotection backup-vault command. Learn more about extensions.
Manage backup vault with dataprotection.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az dataprotection backup-vault create |
Create a BackupVault resource belonging to a resource group. |
Extension | GA |
| az dataprotection backup-vault delete |
Delete a BackupVault resource from the resource group. |
Extension | GA |
| az dataprotection backup-vault list |
Gets list of backup vault in a subscription or in a resource group. |
Extension | GA |
| az dataprotection backup-vault list-from-resourcegraph |
List backup vaults across subscriptions, resource groups and vaults. |
Extension | GA |
| az dataprotection backup-vault resource-guard-mapping |
Manage ResourceGuard mappings for a backup vault. |
Extension | GA |
| az dataprotection backup-vault resource-guard-mapping create |
Create a ResourceGuard mapping. |
Extension | GA |
| az dataprotection backup-vault resource-guard-mapping delete |
Delete the ResourceGuard mapping. |
Extension | GA |
| az dataprotection backup-vault resource-guard-mapping show |
Get the ResourceGuard mapping object associated with the vault, and that matches the name in the request. |
Extension | GA |
| az dataprotection backup-vault show |
Get a resource belonging to a resource group. |
Extension | GA |
| az dataprotection backup-vault update |
Updates a BackupVault resource belonging to a resource group. For example, updating tags for a resource. |
Extension | GA |
| az dataprotection backup-vault wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az dataprotection backup-vault create
Create a BackupVault resource belonging to a resource group.
az dataprotection backup-vault create --resource-group
--storage-setting
--vault-name
[--azure-monitor-alerts-for-job-failures {Disabled, Enabled}]
[--cmk-encryption-key-uri]
[--cmk-encryption-state {Disabled, Enabled, Inconsistent}]
[--cmk-identity-type {SystemAssigned, UserAssigned}]
[--cmk-infra-encryption {Disabled, Enabled}]
[--cmk-uami]
[--cross-region-restore-state {Disabled, Enabled}]
[--cross-subscription-restore-state {Disabled, Enabled, PermanentlyDisabled}]
[--e-tag]
[--immutability-state {Disabled, Locked, Unlocked}]
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--retention-duration-in-days]
[--soft-delete-state {AlwaysOn, Off, On}]
[--tags]
[--type]
[--uami]Examples
Create BackupVault
az dataprotection backup-vault create --type "None" --location "WestUS" --azure-monitor-alerts-for-job-failures "Enabled" --storage-setting "[{type:'LocallyRedundant',datastore-type:'VaultStore'}]" --tags key1="val1" --resource-group "SampleResourceGroup" --vault-name "swaggerExample"Create BackupVault With MSI
az dataprotection backup-vault create --type "systemAssigned" --location "WestUS" --azure-monitor-alerts-for-job-failures "Enabled" --storage-setting "[{type:'LocallyRedundant',datastore-type:'VaultStore'}]" --tags key1="val1" --resource-group "SampleResourceGroup" --vault-name "swaggerExample"Create BackupVault With CMK Encryption
az dataprotection backup-vault create -g "resourceGroupName" -v "vaultName" --location "eastasia" --storage-setting "[{type:'LocallyRedundant',datastore-type:'VaultStore'}]" --type "UserAssigned" --user-assigned-identities '{"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami":{}}' --cmk-encryption-key-uri "https://samplekvazbckp.vault.azure.net/keys/testkey/3cd5235ad6ac4c11b40a6f35444bcbe1" --cmk-encryption-state "Enabled" --cmk-identity-type "UserAssigned" --cmk-infrastructure-encryption "Enabled" --cmk-user-assigned-identity-id "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami"Required Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Storage Settings. Usage: --storage-setting "[{type:'LocallyRedundant',datastore-type:'VaultStore'}]" Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --storage-settings.
The name of the backup vault.
Optional Parameters
Property that specifies whether built-in Azure Monitor alerts should be fired for all failed jobs.
The Key URI of the CMK key to be used for encryption. To enable auto-rotation of keys, exclude the version component from the Key URI.
Enable CMK encryption state for a Backup Vault.
The identity type to be used for CMK encryption - SystemAssigned or UserAssigned Identity.
Enable/Disable infrastructure encryption with CMK on this vault. Infrastructure encryption must be configured only when creating the vault.
This parameter is required if the identity type is UserAssigned. Add the user assigned managed identity id to be used which has access permissions to the Key Vault.
Set the CrossRegionRestore state. Once enabled, it cannot be set to disabled.
CrossSubscriptionRestore state.
Optional ETag.
Immutability state.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>. When not specified, the location of the resource group will be used.
Do not wait for the long-running operation to finish.
Soft delete retention duration.
State of soft delete.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The identityType which can be "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned" or "None".
Gets or sets the user assigned identities. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection backup-vault delete
Delete a BackupVault resource from the resource group.
az dataprotection backup-vault delete [--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
[--vault-name]
[--yes]Examples
Delete BackupVault
az dataprotection backup-vault delete --resource-group "SampleResourceGroup" --vault-name "swaggerExample"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the backup vault.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection backup-vault list
Gets list of backup vault in a subscription or in a resource group.
az dataprotection backup-vault list [--max-items]
[--next-token]
[--resource-group]Examples
List backup vault in a subscription
az dataprotection backup-vault listList backup vault in a resource group
az dataprotection backup-vault list -g sarath-rgOptional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection backup-vault list-from-resourcegraph
List backup vaults across subscriptions, resource groups and vaults.
az dataprotection backup-vault list-from-resourcegraph [--resource-groups]
[--subscriptions]
[--vault-id]
[--vaults]Examples
Fetch a specific backup vault
az dataprotection backup-vault list-from-resourcegraph --subscriptions 00000000-0000-0000-0000-000000000000 --resource-groups sample_rg --vaults sample_vaultOptional Parameters
List of resource groups.
List of subscription Ids.
Specify vault id filter to apply.
List of vault names.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection backup-vault show
Get a resource belonging to a resource group.
az dataprotection backup-vault show [--ids]
[--resource-group]
[--subscription]
[--vault-name]Examples
Get BackupVault
az dataprotection backup-vault show --resource-group "SampleResourceGroup" --vault-name "swaggerExample"Get BackupVault With MSI
az dataprotection backup-vault show --resource-group "SampleResourceGroup" --vault-name "swaggerExample"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the backup vault.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection backup-vault update
Updates a BackupVault resource belonging to a resource group. For example, updating tags for a resource.
az dataprotection backup-vault update [--add]
[--azure-monitor-alerts-for-job-failures {Disabled, Enabled}]
[--cmk-encryption-key-uri]
[--cmk-encryption-state {Disabled, Enabled, Inconsistent}]
[--cmk-identity-type {SystemAssigned, UserAssigned}]
[--cmk-uami]
[--cross-region-restore-state {Disabled, Enabled}]
[--cross-subscription-restore-state {Disabled, Enabled, PermanentlyDisabled}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--immutability-state {Disabled, Locked, Unlocked}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--operation-requests]
[--remove]
[--resource-group]
[--retention-duration-in-days]
[--set]
[--soft-delete-state {AlwaysOn, Off, On}]
[--subscription]
[--tags]
[--tenant-id]
[--type]
[--uami]
[--vault-name]Examples
Patch BackupVault
az dataprotection backup-vault update --azure-monitor-alerts-for-job-failures "Enabled" --tags newKey="newVal" --resource-group "SampleResourceGroup" --vault-name "swaggerExample"Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Property that specifies whether built-in Azure Monitor alerts should be fired for all failed jobs.
The key uri of the Customer Managed Key.
Enable CMK encryption state for a Backup Vault.
The identity type to be used for CMK encryption - SystemAssigned or UserAssigned Identity.
This parameter is required if the identity type is UserAssigned. Add the user assigned managed identity id to be used which has access permissions to the Key Vault.
Set the CrossRegionRestore state. Once enabled, it cannot be set to disabled.
CrossSubscriptionRestore state.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Immutability state.
Do not wait for the long-running operation to finish.
ResourceGuardOperationRequests on which LAC check will be performed Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --operation-requests.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Soft delete retention duration.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
State of soft delete.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Tenant ID for cross-tenant calls.
The identityType which can be "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned" or "None".
Gets or sets the user assigned identities. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The name of the backup vault.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection backup-vault wait
Place the CLI in a waiting state until a condition is met.
az dataprotection backup-vault wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
[--vault-name]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
The name of the backup vault.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
