az keyvault private-endpoint-connection

Manage vault/HSM private endpoint connections.

Commands

Name Description Type Status
az keyvault private-endpoint-connection approve

Approve a private endpoint connection request for a Key Vault/HSM.

Core GA
az keyvault private-endpoint-connection delete

Delete the specified private endpoint connection associated with a Key Vault/HSM.

Core GA
az keyvault private-endpoint-connection list

List all private endpoint connections associated with a HSM.

Core GA
az keyvault private-endpoint-connection reject

Reject a private endpoint connection request for a Key Vault/HSM.

Core GA
az keyvault private-endpoint-connection show

Show details of a private endpoint connection associated with a Key Vault/HSM.

Core GA
az keyvault private-endpoint-connection wait

Place the CLI in a waiting state until a condition of the private endpoint connection is met.

Core GA

az keyvault private-endpoint-connection approve

Approve a private endpoint connection request for a Key Vault/HSM.

az keyvault private-endpoint-connection approve [--description]
                                                [--hsm-name]
                                                [--id]
                                                [--name]
                                                [--no-wait]
                                                [--resource-group]
                                                [--vault-name]

Examples

Approve a private endpoint connection request for a Key Vault by ID.

az keyvault private-endpoint-connection approve --id "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.KeyVault/vaults/mykv/privateEndpointConnections/mykv.00000000-0000-0000-0000-000000000000"

Approve a private endpoint connection request for a Key Vault by ID.

id = (az keyvault show -n mykv --query "privateEndpointConnections[0].id")
az keyvault private-endpoint-connection approve --id $id

Approve a private endpoint connection request for a Key Vault using vault name and connection name.

az keyvault private-endpoint-connection approve -g myrg --vault-name mykv --name myconnection

Approve a private endpoint connection request for a Key Vault using vault name and connection name.

name = (az keyvault show -n mykv --query "privateEndpointConnections[0].name")
az keyvault private-endpoint-connection approve -g myrg --vault-name mykv --name $name

Approve a private endpoint connection request for a HSM using hsm name and connection name.

az keyvault private-endpoint-connection approve -g myrg --hsm-name myhsm --name myconnection

Optional Parameters

--description

Comments for the approve operation.

--hsm-name

Name of the HSM. Required if --id is not specified.(--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

The ID of the private endpoint connection associated with the Key Vault/HSM. If specified --vault-name/--hsm-name and --name/-n, this should be omitted.

--name -n

The name of the private endpoint connection associated with the Key Vault/HSM. Required if --id is not specified.

--no-wait

Do not wait for the long-running operation to finish.

default value: False
--resource-group -g

Proceed only if Key Vault belongs to the specified resource group.

--vault-name

Name of the Key Vault. Required if --id is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az keyvault private-endpoint-connection delete

Delete the specified private endpoint connection associated with a Key Vault/HSM.

az keyvault private-endpoint-connection delete [--hsm-name]
                                               [--id]
                                               [--name]
                                               [--no-wait]
                                               [--resource-group]
                                               [--vault-name]

Examples

Delete a private endpoint connection request for a Key Vault by ID.

az keyvault private-endpoint-connection delete --id "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.KeyVault/vaults/mykv/privateEndpointConnections/mykv.00000000-0000-0000-0000-000000000000"

Delete a private endpoint connection request for a Key Vault by ID.

id = (az keyvault show -n mykv --query "privateEndpointConnections[0].id")
az keyvault private-endpoint-connection delete --id $id

Delete a private endpoint connection request for a Key Vault using vault name and connection name.

az keyvault private-endpoint-connection delete -g myrg --vault-name mykv --name myconnection

Delete a private endpoint connection request for a Key Vault using vault name and connection name.

name = (az keyvault show -n mykv --query "privateEndpointConnections[0].name")
az keyvault private-endpoint-connection delete -g myrg --vault-name mykv --name $name

Delete a private endpoint connection request for a HSM using hsm name and connection name.

az keyvault private-endpoint-connection delete -g myrg --hsm-name myhsm --name myconnection

Optional Parameters

--hsm-name

Name of the HSM. Required if --id is not specified.(--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

The ID of the private endpoint connection associated with the Key Vault/HSM. If specified --vault-name/--hsm-name and --name/-n, this should be omitted.

--name -n

The name of the private endpoint connection associated with the Key Vault/HSM. Required if --id is not specified.

--no-wait

Do not wait for the long-running operation to finish.

default value: False
--resource-group -g

Proceed only if Key Vault belongs to the specified resource group.

--vault-name

Name of the Key Vault. Required if --id is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az keyvault private-endpoint-connection list

List all private endpoint connections associated with a HSM.

az keyvault private-endpoint-connection list --hsm-name
                                             [--resource-group]

Examples

List all private endpoint connections associated with a HSM using hsm name.

az keyvault private-endpoint-connection list -g myrg --hsm-name myhsm

Required Parameters

--hsm-name

Name of the HSM.

Optional Parameters

--resource-group -g

Proceed only if Key Vault belongs to the specified resource group.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az keyvault private-endpoint-connection reject

Reject a private endpoint connection request for a Key Vault/HSM.

az keyvault private-endpoint-connection reject [--description]
                                               [--hsm-name]
                                               [--id]
                                               [--name]
                                               [--no-wait]
                                               [--resource-group]
                                               [--vault-name]

Examples

Reject a private endpoint connection request for a Key Vault by ID.

az keyvault private-endpoint-connection reject --id "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.KeyVault/vaults/mykv/privateEndpointConnections/mykv.00000000-0000-0000-0000-000000000000"

Reject a private endpoint connection request for a Key Vault by ID.

id = (az keyvault show -n mykv --query "privateEndpointConnections[0].id")
az keyvault private-endpoint-connection reject --id $id

Reject a private endpoint connection request for a Key Vault using vault name and connection name.

az keyvault private-endpoint-connection reject -g myrg --vault-name mykv --name myconnection

Reject a private endpoint connection request for a Key Vault using vault name and connection name.

name = (az keyvault show -n mykv --query "privateEndpointConnections[0].name")
az keyvault private-endpoint-connection reject -g myrg --vault-name mystorageaccount --name $name

Reject a private endpoint connection request for a HSM using hsm name and connection name.

az keyvault private-endpoint-connection reject -g myrg --hsm-name myhsm --name myconnection

Optional Parameters

--description

Comments for the reject operation.

--hsm-name

Name of the HSM. Required if --id is not specified.(--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

The ID of the private endpoint connection associated with the Key Vault/HSM. If specified --vault-name/--hsm-name and --name/-n, this should be omitted.

--name -n

The name of the private endpoint connection associated with the Key Vault/HSM. Required if --id is not specified.

--no-wait

Do not wait for the long-running operation to finish.

default value: False
--resource-group -g

Proceed only if Key Vault belongs to the specified resource group.

--vault-name

Name of the Key Vault. Required if --id is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az keyvault private-endpoint-connection show

Show details of a private endpoint connection associated with a Key Vault/HSM.

az keyvault private-endpoint-connection show [--hsm-name]
                                             [--id]
                                             [--name]
                                             [--resource-group]
                                             [--vault-name]

Examples

Show details of a private endpoint connection request for a Key Vault by ID.

az keyvault private-endpoint-connection show --id "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.KeyVault/vaults/mykv/privateEndpointConnections/mykv.00000000-0000-0000-0000-000000000000"

Show details of a private endpoint connection request for a Key Vault by ID.

id = (az keyvault show -n mykv --query "privateEndpointConnections[0].id")
az keyvault private-endpoint-connection show --id $id

Show details of a private endpoint connection request for a Key Vault using vault name and connection name.

az keyvault private-endpoint-connection show -g myrg --vault-name mykv --name myconnection

Show details of a private endpoint connection request for a Key Vault using vault name and connection name.

name = (az keyvault show -n mykv --query "privateEndpointConnections[0].name")
az keyvault private-endpoint-connection show -g myrg --vault-name mykv --name $name

Optional Parameters

--hsm-name

Name of the HSM. Required if --id is not specified.(--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

The ID of the private endpoint connection associated with the Key Vault/HSM. If specified --vault-name/--hsm-name and --name/-n, this should be omitted.

--name -n

The name of the private endpoint connection associated with the Key Vault/HSM. Required if --id is not specified.

--resource-group -g

Proceed only if Key Vault belongs to the specified resource group.

--vault-name

Name of the Key Vault. Required if --id is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az keyvault private-endpoint-connection wait

Place the CLI in a waiting state until a condition of the private endpoint connection is met.

az keyvault private-endpoint-connection wait [--created]
                                             [--custom]
                                             [--deleted]
                                             [--exists]
                                             [--hsm-name]
                                             [--id]
                                             [--interval]
                                             [--name]
                                             [--resource-group]
                                             [--timeout]
                                             [--updated]
                                             [--vault-name]

Examples

Pause CLI until the private endpoint connection is approved/rejected by ID.

az keyvault private-endpoint-connection wait --id "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.KeyVault/vaults/mykv/privateEndpointConnections/mykv.00000000-0000-0000-0000-000000000000" --created

Pause CLI until the private endpoint connection is approved/rejected using vault name and connection name.

az keyvault private-endpoint-connection wait -g myrg --vault-name mykv --name myconnection --created

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False
--exists

Wait until the resource exists.

default value: False
--hsm-name

Name of the HSM. Required if --id is not specified.(--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

The ID of the private endpoint connection associated with the Key Vault/HSM. If specified --vault-name/--hsm-name and --name/-n, this should be omitted.

--interval

Polling interval in seconds.

default value: 30
--name -n

The name of the private endpoint connection associated with the Key Vault/HSM. Required if --id is not specified.

--resource-group -g

Proceed only if Key Vault belongs to the specified resource group.

--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False
--vault-name

Name of the Key Vault. Required if --id is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.