az dedicated-hsm

Note

This reference is part of the hardware-security-modules extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az dedicated-hsm command. Learn more about extensions.

Manage dedicated hsm with hardware security modules.

Commands

az dedicated-hsm create	Create a dedicated HSM in the specified subscription.
az dedicated-hsm delete	Deletes the specified Azure Dedicated HSM.
az dedicated-hsm list	The List operation gets information about the dedicated hsms associated with the subscription and within the specified resource group. And The List operation gets information about the dedicated HSMs associated with the subscription.
az dedicated-hsm list-outbound-network-dependency-endpoint	Gets a list of egress endpoints (network endpoints of all outbound dependencies) in the specified dedicated hsm resource. The operation returns properties of each egress endpoint.
az dedicated-hsm show	Gets the specified Azure dedicated HSM.
az dedicated-hsm update	Update a dedicated HSM in the specified subscription.
az dedicated-hsm wait	Place the CLI in a waiting state until a condition of the dedicated-hsm is met.

az dedicated-hsm create

Create a dedicated HSM in the specified subscription.

az dedicated-hsm create --name
                        --resource-group
                        [--location]
                        [--mgmt-network-interfaces]
                        [--mgmt-network-subnet]
                        [--network-interfaces]
                        [--no-wait]
                        [--sku {SafeNet Luna Network HSM A790, payShield10K_LMK1_CPS250, payShield10K_LMK1_CPS2500, payShield10K_LMK1_CPS60, payShield10K_LMK2_CPS250, payShield10K_LMK2_CPS2500, payShield10K_LMK2_CPS60}]
                        [--stamp-id]
                        [--subnet]
                        [--tags]
                        [--zones]

Examples

Create a new or update an existing dedicated HSM

az dedicated-hsm create --name "hsm1" --location "westus" --network-interfaces private-ip-address="1.0.0.1" --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp01" --sku "SafeNet Luna Network HSM A790" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"

Create a new or update an existing payment HSM

az dedicated-hsm create --name "hsm1" --location "westus" --mgmt-network-interfaces private-ip-address="1.0.0.1" --mgmt-network-subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp01" --sku "payShield10K_LMK1_CPS60" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"

Create a new or update an existing payment HSM with management profile

az dedicated-hsm create --name "hsm1" --location "westus" --network-interfaces private-ip-address="1.0.0.2" --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --mgmt-network-interfaces private-ip-address="1.0.0.1" --mgmt-network-subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp02" --sku "payShield10K_LMK1_CPS60" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"

Required Parameters

--name

Name of the dedicated Hsm.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--mgmt-network-interfaces -m

Specifies the list of resource Ids for the network interfaces associated with the dedicated HSM.

--mgmt-network-subnet

Specifies the identifier of the subnet.

--network-interfaces -i

Specifies the list of resource Ids for the network interfaces associated with the dedicated HSM.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--sku

SKU of the dedicated HSM.

accepted values: SafeNet Luna Network HSM A790, payShield10K_LMK1_CPS250, payShield10K_LMK1_CPS2500, payShield10K_LMK1_CPS60, payShield10K_LMK2_CPS250, payShield10K_LMK2_CPS2500, payShield10K_LMK2_CPS60

--stamp-id

This field will be used when RP does not support Availability zones.

--subnet

Specifies the identifier of the subnet.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--zones

The Dedicated Hsm zones.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dedicated-hsm delete

Deletes the specified Azure Dedicated HSM.

az dedicated-hsm delete [--ids]
                        [--name]
                        [--no-wait]
                        [--resource-group]
                        [--subscription]
                        [--yes]

Examples

Delete a dedicated HSM

az dedicated-hsm delete --name "hsm1" --resource-group "hsm-group"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name

The name of the dedicated HSM to delete.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dedicated-hsm list

The List operation gets information about the dedicated hsms associated with the subscription and within the specified resource group. And The List operation gets information about the dedicated HSMs associated with the subscription.

az dedicated-hsm list [--resource-group]
                      [--top]

Examples

List dedicated HSM devices in a resource group

az dedicated-hsm list --resource-group "hsm-group"

List dedicated HSM devices in a resource group including payment HSM

az dedicated-hsm list --resource-group "hsm-group"

List dedicated HSM devices in a subscription

az dedicated-hsm list

List dedicated HSM devices in a subscription including payment HSM

az dedicated-hsm list

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--top

Maximum number of results to return.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dedicated-hsm list-outbound-network-dependency-endpoint

Gets a list of egress endpoints (network endpoints of all outbound dependencies) in the specified dedicated hsm resource. The operation returns properties of each egress endpoint.

az dedicated-hsm list-outbound-network-dependency-endpoint --name
                                                           --resource-group

Examples

List OutboundNetworkDependenciesEndpoints by Managed Cluster

az dedicated-hsm list-outbound-network-dependency-endpoint --name "hsm1" --resource-group "hsm-group"

Required Parameters

--name

The name of the dedicated HSM.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dedicated-hsm show

Gets the specified Azure dedicated HSM.

az dedicated-hsm show [--ids]
                      [--name]
                      [--resource-group]
                      [--subscription]

Examples

Get a dedicated HSM

az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"

Get a payment HSM

az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"

Get a payment HSM with 2018-10-31Preview api version

az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name

The name of the dedicated HSM.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dedicated-hsm update

Update a dedicated HSM in the specified subscription.

az dedicated-hsm update [--ids]
                        [--name]
                        [--no-wait]
                        [--resource-group]
                        [--subscription]
                        [--tags]

Examples

Update an existing dedicated HSM

az dedicated-hsm update --name "hsm1" --tags Dept="hsm" Environment="dogfood" Slice="A" --resource-group "hsm-group"

Update an existing payment HSM

az dedicated-hsm update --name "hsm1" --tags Dept="hsm" Environment="dogfood" Slice="A" --resource-group "hsm-group"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name

Name of the dedicated HSM.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dedicated-hsm wait

Place the CLI in a waiting state until a condition of the dedicated-hsm is met.

az dedicated-hsm wait [--created]
                      [--custom]
                      [--deleted]
                      [--exists]
                      [--ids]
                      [--interval]
                      [--name]
                      [--resource-group]
                      [--subscription]
                      [--timeout]
                      [--updated]

Examples

Pause executing next line of CLI script until the dedicated-hsm is successfully created.

az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --created

Pause executing next line of CLI script until the dedicated-hsm is successfully updated.

az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --updated

Pause executing next line of CLI script until the dedicated-hsm is successfully deleted.

az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --deleted

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False

--exists

Wait until the resource exists.

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30

--name

The name of the dedicated HSM.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.