Quickstart: Create a confidential ledger using the Azure CLI
Azure confidential ledger is a cloud service that provides a high integrity store for sensitive data logs and records that must be kept intact. In this quickstart, you use the Azure CLI to create a confidential ledger, view and update its properties, and delete it.
For more information on Azure confidential ledger and examples of what can be stored in a confidential ledger, see About Microsoft Azure confidential ledger.
If you don't have an Azure subscription, create an Azure free account before you begin.
Prerequisites
Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
- Subscription owner - A confidential ledger can only be created by users who have Owner permissions on the Azure subscription. Confirm that you have the appropriate access before continuing with this quickstart.
Create a resource group
A resource group is a logical container into which Azure resources are deployed and managed. Use the az group create command to create a resource group named myResourceGroup in the eastus location.
az group create --name "myResourceGroup" --location "EastUS"
Get your principal ID
To create a confidential ledger, you need your Microsoft Entra principal ID (also called your object ID). To obtain your principal ID, use the Azure CLI az ad signed-in-user command, and filter the results by objectId
:
az ad signed-in-user show --query objectId
Your result is in the format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
.
Create a confidential ledger
Use the Azure CLI az confidentialledger create command to create a confidential ledger in your new resource group.
az confidentialledger create --name "myLedger" --resource-group "myResourceGroup" --location "EastUS" --ledger-type "Public" --aad-based-security-principals ledger-role-name="Administrator" principal-id="<your-principal-id>"
A successful operation returns the properties of the newly created ledger. Take note of the ledgerUri. In our example, this URI is "https://myledger.confidential-ledger.azure.com".
You need this URI to transact with the confidential ledger from the data plane.
View and update your confidential ledger properties
You can view the properties associated with your newly created confidential ledger using the Azure CLI az confidentialledger show command.
az confidentialledger show --name "myLedger" --resource-group "myResourceGroup"
The returned JSON object displays the ledger's properties, including your role:
"ledgerRoleName": "Administrator",
To update the properties of a confidential ledger, use do so, use the Azure CLI az confidentialledger update command. For instance, to update your ledger to change your role to "Reader", run:
az confidentialledger update --name "myLedger" --resource-group "myResourceGroup" --ledger-type "Public" --aad-based-security-principals ledger-role-name="Reader" principal-id="<your-principal-id>"
If you again run az confidentialledger show, you see that the role is updated.
"ledgerRoleName": "Reader",
Clean up resources
Other quickstarts and tutorials in this collection build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you may wish to leave these resources in place.
When no longer needed, you can use the Azure CLI az group delete command to remove the resource group and all related resources:
az group delete --name "myResourceGroup"
Next steps
In this quickstart, you created a confidential ledger by using the Azure CLI. To learn more about Azure confidential ledger and how to integrate it with your applications, continue on to these articles.