az dedicated-hsm
Note
This reference is part of the hardware-security-modules extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az dedicated-hsm command. Learn more about extensions.
Manage dedicated hsm with hardware security modules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az dedicated-hsm create |
Create a dedicated HSM in the specified subscription. |
Extension | GA |
| az dedicated-hsm delete |
Deletes the specified Azure Dedicated HSM. |
Extension | GA |
| az dedicated-hsm list |
The List operation gets information about the dedicated hsms associated with the subscription and within the specified resource group. And The List operation gets information about the dedicated HSMs associated with the subscription. |
Extension | GA |
| az dedicated-hsm list-outbound-network-dependency-endpoint |
Gets a list of egress endpoints (network endpoints of all outbound dependencies) in the specified dedicated hsm resource. The operation returns properties of each egress endpoint. |
Extension | GA |
| az dedicated-hsm show |
Gets the specified Azure dedicated HSM. |
Extension | GA |
| az dedicated-hsm update |
Update a dedicated HSM in the specified subscription. |
Extension | GA |
| az dedicated-hsm wait |
Place the CLI in a waiting state until a condition of the dedicated-hsm is met. |
Extension | GA |
az dedicated-hsm create
Create a dedicated HSM in the specified subscription.
az dedicated-hsm create --name
--resource-group
[--location]
[--mgmt-network-interfaces]
[--mgmt-network-subnet]
[--network-interfaces]
[--no-wait]
[--sku {SafeNet Luna Network HSM A790, payShield10K_LMK1_CPS250, payShield10K_LMK1_CPS2500, payShield10K_LMK1_CPS60, payShield10K_LMK2_CPS250, payShield10K_LMK2_CPS2500, payShield10K_LMK2_CPS60}]
[--stamp-id]
[--subnet]
[--tags]
[--zones]Examples
Create a new or update an existing dedicated HSM
az dedicated-hsm create --name "hsm1" --location "westus" --network-interfaces private-ip-address="1.0.0.1" --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp01" --sku "SafeNet Luna Network HSM A790" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"Create a new or update an existing payment HSM
az dedicated-hsm create --name "hsm1" --location "westus" --mgmt-network-interfaces private-ip-address="1.0.0.1" --mgmt-network-subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp01" --sku "payShield10K_LMK1_CPS60" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"Create a new or update an existing payment HSM with management profile
az dedicated-hsm create --name "hsm1" --location "westus" --network-interfaces private-ip-address="1.0.0.2" --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --mgmt-network-interfaces private-ip-address="1.0.0.1" --mgmt-network-subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp02" --sku "payShield10K_LMK1_CPS60" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"Required Parameters
Name of the dedicated Hsm.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Specifies the list of resource Ids for the network interfaces associated with the dedicated HSM.
Usage: --mgmt-network-interfaces private-ip-address=XX
private-ip-address: Private Ip address of the interface
Multiple actions can be specified by using more than one --mgmt-network-interfaces argument.
| Property | Value |
|---|---|
| Parameter group: | Management Network Profile Arguments |
Specifies the identifier of the subnet.
Usage: --mgmt-network-subnet id=XX
id: The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...
| Property | Value |
|---|---|
| Parameter group: | Management Network Profile Arguments |
Specifies the list of resource Ids for the network interfaces associated with the dedicated HSM.
Usage: --network-interfaces private-ip-address=XX
private-ip-address: Private Ip address of the interface
Multiple actions can be specified by using more than one --network-interfaces argument.
| Property | Value |
|---|---|
| Parameter group: | Network Profile Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
SKU of the dedicated HSM.
| Property | Value |
|---|---|
| Parameter group: | Sku Arguments |
| Accepted values: | SafeNet Luna Network HSM A790, payShield10K_LMK1_CPS250, payShield10K_LMK1_CPS2500, payShield10K_LMK1_CPS60, payShield10K_LMK2_CPS250, payShield10K_LMK2_CPS2500, payShield10K_LMK2_CPS60 |
This field will be used when RP does not support Availability zones.
Specifies the identifier of the subnet.
Usage: --subnet id=XX
id: The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...
| Property | Value |
|---|---|
| Parameter group: | Network Profile Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The Dedicated Hsm zones.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dedicated-hsm delete
Deletes the specified Azure Dedicated HSM.
az dedicated-hsm delete [--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]
[--yes]Examples
Delete a dedicated HSM
az dedicated-hsm delete --name "hsm1" --resource-group "hsm-group"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the dedicated HSM to delete.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dedicated-hsm list
The List operation gets information about the dedicated hsms associated with the subscription and within the specified resource group. And The List operation gets information about the dedicated HSMs associated with the subscription.
az dedicated-hsm list [--resource-group]
[--top]Examples
List dedicated HSM devices in a resource group
az dedicated-hsm list --resource-group "hsm-group"List dedicated HSM devices in a resource group including payment HSM
az dedicated-hsm list --resource-group "hsm-group"List dedicated HSM devices in a subscription
az dedicated-hsm listList dedicated HSM devices in a subscription including payment HSM
az dedicated-hsm listOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Maximum number of results to return.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dedicated-hsm list-outbound-network-dependency-endpoint
Gets a list of egress endpoints (network endpoints of all outbound dependencies) in the specified dedicated hsm resource. The operation returns properties of each egress endpoint.
az dedicated-hsm list-outbound-network-dependency-endpoint --name
--resource-groupExamples
List OutboundNetworkDependenciesEndpoints by Managed Cluster
az dedicated-hsm list-outbound-network-dependency-endpoint --name "hsm1" --resource-group "hsm-group"Required Parameters
The name of the dedicated HSM.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dedicated-hsm show
Gets the specified Azure dedicated HSM.
az dedicated-hsm show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get a dedicated HSM
az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"Get a payment HSM
az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"Get a payment HSM with 2018-10-31Preview api version
az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the dedicated HSM.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dedicated-hsm update
Update a dedicated HSM in the specified subscription.
az dedicated-hsm update [--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]
[--tags]Examples
Update an existing dedicated HSM
az dedicated-hsm update --name "hsm1" --tags Dept="hsm" Environment="dogfood" Slice="A" --resource-group "hsm-group"Update an existing payment HSM
az dedicated-hsm update --name "hsm1" --tags Dept="hsm" Environment="dogfood" Slice="A" --resource-group "hsm-group"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the dedicated HSM.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dedicated-hsm wait
Place the CLI in a waiting state until a condition of the dedicated-hsm is met.
az dedicated-hsm wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Examples
Pause executing next line of CLI script until the dedicated-hsm is successfully created.
az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --createdPause executing next line of CLI script until the dedicated-hsm is successfully updated.
az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --updatedPause executing next line of CLI script until the dedicated-hsm is successfully deleted.
az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --deletedOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
The name of the dedicated HSM.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
