Backup-AzKeyVault
Fully backup a managed HSM.
Backup-AzKeyVault
[-HsmName] <String>
-StorageAccountName <String>
-StorageContainerName <String>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Backup-AzKeyVault
[-HsmName] <String>
-StorageContainerUri <Uri>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Backup-AzKeyVault
-StorageContainerUri <Uri>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
-HsmObject <PSManagedHsm>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Backup-AzKeyVault
-StorageAccountName <String>
-StorageContainerName <String>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
-HsmObject <PSManagedHsm>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Fully backup a managed HSM to a storage account.
Use Restore-AzKeyVault
to restore the backup.
$sasToken = ConvertTo-SecureString -AsPlainText -Force "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-10-12T14:42:19Z&st=2020-10-12T06:42:19Z&spr=https&sig=******"
Backup-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -SasToken $sasToken
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}
The cmdlet will create a folder (typically named mhsm-{name}-{timestamp}
) in the storage container, store the backup in that folder and output the folder URI.
# Make sure an identity is assigend to the Hsm
Update-AzKeyVaultManagedHsm -UserAssignedIdentity "/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}"
Backup-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -UseUserManagedIdentity
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}
The cmdlet will backup the hsm in specific Storage Container and output the folder URI via User Assigned Managed Identity Authentication. The Managed Identity should be assigned access permission to the storage container.
Backup-AzKeyVault -HsmName myHsm -StorageAccountName "{accountName}" -StorageContainerName "{containerName}" -UseUserManagedIdentity
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}
The cmdlet will create a folder (typically named mhsm-{name}-{timestamp}
) in the storage container, store the backup in that folder and output the folder URI.
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Name of the HSM.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Managed HSM object
Type: | PSManagedHsm |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The shared access signature (SAS) token to authenticate the storage account.
Type: | SecureString |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Name of the storage account where the backup is going to be stored.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Name of the blob container where the backup is going to be stored.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
URI of the storage container where the backup is going to be stored.
Type: | Uri |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specified to use User Managed Identity to authenticate the storage account. Only valid when SasToken is not set.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
None
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback: