Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The managedHSMs resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/managedHSMs resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.KeyVault/managedHSMs@2020-04-01-preview' = {
location: 'string'
name: 'string'
properties: {
createMode: 'string'
enablePurgeProtection: bool
enableSoftDelete: bool
initialAdminObjectIds: [
'string'
]
softDeleteRetentionInDays: int
tenantId: 'string'
}
sku: {
family: 'string'
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.KeyVault/managedHSMs
| Name | Description | Value |
|---|---|---|
| location | The supported Azure location where the managed HSM Pool should be created. | string |
| name | The resource name | string (required) |
| properties | Properties of the managed HSM | ManagedHsmProperties |
| sku | SKU details | ManagedHsmSku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
ManagedHsmProperties
| Name | Description | Value |
|---|---|---|
| createMode | The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. | 'default' 'recover' |
| enablePurgeProtection | Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. | bool |
| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. | bool |
| initialAdminObjectIds | Array of initial administrators object ids for this managed hsm pool. | string[] |
| softDeleteRetentionInDays | Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. | int |
| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
ManagedHsmResourceTags
| Name | Description | Value |
|---|
ManagedHsmSku
| Name | Description | Value |
|---|---|---|
| family | SKU Family of the managed HSM Pool | 'B' (required) |
| name | SKU of the managed HSM Pool | 'Custom_B32' 'Standard_B1' (required) |
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Create an Azure Key Vault Managed HSM | This template creates an Azure Key Vault Managed HSM. |
ARM template resource definition
The managedHSMs resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/managedHSMs resource, add the following JSON to your template.
{
"type": "Microsoft.KeyVault/managedHSMs",
"apiVersion": "2020-04-01-preview",
"name": "string",
"location": "string",
"properties": {
"createMode": "string",
"enablePurgeProtection": "bool",
"enableSoftDelete": "bool",
"initialAdminObjectIds": [ "string" ],
"softDeleteRetentionInDays": "int",
"tenantId": "string"
},
"sku": {
"family": "string",
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.KeyVault/managedHSMs
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2020-04-01-preview' |
| location | The supported Azure location where the managed HSM Pool should be created. | string |
| name | The resource name | string (required) |
| properties | Properties of the managed HSM | ManagedHsmProperties |
| sku | SKU details | ManagedHsmSku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.KeyVault/managedHSMs' |
ManagedHsmProperties
| Name | Description | Value |
|---|---|---|
| createMode | The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. | 'default' 'recover' |
| enablePurgeProtection | Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. | bool |
| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. | bool |
| initialAdminObjectIds | Array of initial administrators object ids for this managed hsm pool. | string[] |
| softDeleteRetentionInDays | Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. | int |
| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
ManagedHsmResourceTags
| Name | Description | Value |
|---|
ManagedHsmSku
| Name | Description | Value |
|---|---|---|
| family | SKU Family of the managed HSM Pool | 'B' (required) |
| name | SKU of the managed HSM Pool | 'Custom_B32' 'Standard_B1' (required) |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create an Azure Key Vault Managed HSM |
This template creates an Azure Key Vault Managed HSM. |
Terraform (AzAPI provider) resource definition
The managedHSMs resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/managedHSMs resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.KeyVault/managedHSMs@2020-04-01-preview"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
createMode = "string"
enablePurgeProtection = bool
enableSoftDelete = bool
initialAdminObjectIds = [
"string"
]
softDeleteRetentionInDays = int
tenantId = "string"
}
sku = {
family = "string"
name = "string"
}
}
}
Property Values
Microsoft.KeyVault/managedHSMs
| Name | Description | Value |
|---|---|---|
| location | The supported Azure location where the managed HSM Pool should be created. | string |
| name | The resource name | string (required) |
| properties | Properties of the managed HSM | ManagedHsmProperties |
| sku | SKU details | ManagedHsmSku |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.KeyVault/managedHSMs@2020-04-01-preview" |
ManagedHsmProperties
| Name | Description | Value |
|---|---|---|
| createMode | The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. | 'default' 'recover' |
| enablePurgeProtection | Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible. | bool |
| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable. | bool |
| initialAdminObjectIds | Array of initial administrators object ids for this managed hsm pool. | string[] |
| softDeleteRetentionInDays | Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90. | int |
| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
ManagedHsmResourceTags
| Name | Description | Value |
|---|
ManagedHsmSku
| Name | Description | Value |
|---|---|---|
| family | SKU Family of the managed HSM Pool | 'B' (required) |
| name | SKU of the managed HSM Pool | 'Custom_B32' 'Standard_B1' (required) |