az iot ops secretsync

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.53.0 or higher). The extension will automatically install the first time you run an az iot ops secretsync command. Learn more about extensions.

Command group 'iot ops' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Instance secret sync management.

Commands

Name	Description	Type	Status
az iot ops secretsync disable	Disable secret sync for an instance.	Extension	Preview
az iot ops secretsync enable	Enable secret sync for an instance.	Extension	Preview
az iot ops secretsync list	List the secret sync configs associated with an instance.	Extension	Preview

az iot ops secretsync disable

Preview

Command group 'iot ops' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Disable secret sync for an instance.

All the secret provider classes associated with the instance, and all the secret syncs associated with the secret provider classes will be deleted.

az iot ops secretsync disable --name
                              --resource-group
                              [--yes {false, true}]

Examples

Disable secret sync for an instance.

az iot ops secretsync disable --name myinstance -g myresourcegroup

Required Parameters

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--yes -y

Confirm [y]es without a prompt. Useful for CI and automation scenarios.

Accepted values: false, true

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops secretsync enable

Preview

Command group 'iot ops' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Enable secret sync for an instance.

The operation handles federation, creation of a secret provider class and role assignments of the managed identity to the target Key Vault.

Only one Secret Provider Class must be associated to the instance at a time.

az iot ops secretsync enable --kv-resource-id
                             --mi-user-assigned
                             --name
                             --resource-group
                             [--self-hosted-issuer {false, true}]
                             [--skip-ra {false, true}]
                             [--spc]

Examples

Enable the target instance for Key Vault secret sync.

az iot ops secretsync enable --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID --kv-resource-id $KEYVAULT_RESOURCE_ID

Same as prior example except flag to skip Key Vault role assignments.

az iot ops secretsync enable --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID --kv-resource-id $KEYVAULT_RESOURCE_ID --skip-ra

Required Parameters

--kv-resource-id

Key Vault ARM resource Id.

--mi-user-assigned

The resource Id for the desired user-assigned managed identity to use with the instance.

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--self-hosted-issuer

Use the self-hosted oidc issuer for federation.

Accepted values: false, true

--skip-ra

When used the role assignment step of the operation will be skipped.

Accepted values: false, true

--spc

The secret provider class name for secret sync enablement. The default pattern is '{instance_name}-spc'.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops secretsync list

Preview

Command group 'iot ops' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List the secret sync configs associated with an instance.

az iot ops secretsync list --name
                           --resource-group

Examples

List the secret sync configs associated with an instance.

az iot ops secretsync list --name myinstance -g myresourcegroup

Required Parameters

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.