Quickstart: Create an Azure Dedicated HSM with Azure PowerShell
This article describes how you can create an Azure Dedicated HSM using the Az.DedicatedHsm PowerShell module.
Requirements
- If you don't have an Azure subscription, create a free account before you begin.
- If you choose to use Azure PowerShell locally:
- Install the latest version of the Az PowerShell module.
- Connect to your Azure account using the Connect-AzAccount cmdlet.
- If you choose to use Azure Cloud Shell:
- See Overview of Azure Cloud Shell for more information.
Important
While the Az.DedicatedHsm PowerShell module is in preview, you must install it separately
using the Install-Module cmdlet. After this PowerShell module becomes generally available, it
will be part of future Az PowerShell module releases and available by default from within Azure
Cloud Shell.
Install-Module -Name Az.DedicatedHsm
If you have multiple Azure subscriptions, choose the appropriate subscription in which the resources should be billed. Select a specific subscription using the Set-AzContext cmdlet.
Set-AzContext -SubscriptionId aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e
Create a resource group
Create an Azure resource group using the New-AzResourceGroup cmdlet. A resource group is a logical container in which Azure resources are deployed and managed as a group.
The following example creates a resource group with the specified name and in the specified location.
New-AzResourceGroup -Name myRG -Location westus
Create a dedicated HSM
To create a dedicated HSM, you use the New-AzDedicatedHsm cmdlet. The following example creates a dedicated HSM in the specified subscription.
$Params = @{
Name = 'MyHSM'
ResourceGroupName = 'myRG'
Location = 'westus'
Sku = 'SafeNet Luna Network HSM A790'
StampId = 'stamp1'
SubnetId = '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/myrg/providers/Microsoft.Network/virtualNetworks/myhsm-vnet/subnets/hsmsubnet'
NetworkInterface = @{PrivateIPAddress = '10.2.1.120'}
}
New-AzDedicatedHsm @Params
Name Provisioning State SKU Location
---- ------------------ --- --------
myhsm Succeeded SafeNet Luna Network HSM A790 westus
Get a dedicated HSM
To retrieve information about an existing dedicated HSM, you use the Get-AzDedicatedHsm cmdlet. The following example gets the specified dedicated HSM.
Get-AzDedicatedHsm -Name MyHSM -ResourceGroupName myRG
Name Provisioning State SKU Location
---- ------------------ --- --------
myhsm Succeeded SafeNet Luna Network HSM A790 westus
Update a dedicated HSM
To update a dedicated HSM, you use the Update-AzDedicatedHsm cmdlet. The following example updates a dedicated HSM in the specified subscription.
Update-AzDedicatedHsm -Name MyHSM -ResourceGroupName myRG -Tag @{'key1' = '1'; 'key2' = 2; 'key3' = 3}
PS C:\>Update-AzDedicatedHsm -Name hsm-n7wfxi -ResourceGroupName dedicatedhsm-rg-n359cz -Tag @{'key1' = '1';
'key2' = 2; 'key3' = 3}
Name Provisioning State SKU Location
---- ------------------ --- --------
myhsm Succeeded SafeNet Luna Network HSM A790 westus
Clean up resources
If the resources created in this article aren't needed, you can delete them by running the following examples.
Remove a dedicated HSM
To remove a dedicated HSM, you use the Remove-AzDedicatedHsm cmdlet. The following example deletes the specified dedicated HSM.
Remove-AzDedicatedHsm -Name hsm-7t2xaf -ResourceGroupName lucas-manual-test
Delete the resource group
Caution
The following example deletes the specified resource group and all resources contained within it. If resources outside the scope of this article exist in the specified resource group, they will also be deleted.
Remove-AzResourceGroup -Name myRG
Next steps
Learn more about Azure Dedicated HSM.