Import-AzKeyVaultSecurityDomain
Imports previously exported security domain data to a managed HSM.
Import-AzKeyVaultSecurityDomain
-Name <String>
-Keys <KeyPath[]>
-SecurityDomainPath <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Import-AzKeyVaultSecurityDomain
-Name <String>
-SecurityDomainPath <String>
[-ImportRestoredBlob]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Import-AzKeyVaultSecurityDomain
-Name <String>
-OutFile <String>
[-Force]
[-DownloadExchangeKey]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Import-AzKeyVaultSecurityDomain
-InputObject <PSKeyVaultIdentityItem>
-Keys <KeyPath[]>
-SecurityDomainPath <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Import-AzKeyVaultSecurityDomain
-Keys <KeyPath[]>
-SecurityDomainPath <String>
-OutFile <String>
-ExchangeKeyPath <String>
[-Force]
[-RestoreBlob]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
This cmdlet imports previously exported security domain data to a managed HSM.
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -Keys $keys -SecurityDomainPath sd.ps.json
First, the keys need be provided to decrypt the security domain data. Then, The Import-AzKeyVaultSecurityDomain command restores previous backed up security domain data to a managed HSM using these keys.
$exchangeKeyOutputPath = "ExchangeKey.cer"
$SecurityDomainRestoredBlob = "HsmRestoreBlob.json"
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -OutFile $exchangeKeyOutputPath -DownloadExchangeKey
Import-AzKeyVaultSecurityDomain -Keys $keys -ExchangeKeyPath $exchangeKeyPath -SecurityDomainPath sd.ps.json -OutFile sd_restored.ps.json -RestoreBlob
Import-AzKeyVaultSecurityDomain -Name testmhsm -SecurityDomainPath $SecurityDomainRestoredBlob -ImportRestoredBlob
First, an exchange key should be downloaded by adding -DownloadExchangeKey
.
Then, the security domain data should be decrypted locally using key pairs and encrypted using generated exchange key by adding -RestoreBlob
.
Finally, the restored security domain data can be imported to a managed HSM using -ImportRestoredBlob
.
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
When specified, an exchange key will be downloaded to specified path.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Local path of exchange key used to encrypt the security domain data. Generated by running Import-AzKeyVaultSecurityDomain with -DownloadExchangeKey.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specify whether to overwrite existing file.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
When specified, SecurityDomainPath should be encrypted security domain data generated by Restore-AzKeyVaultSecurityDomainBlob.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Object representing a managed HSM.
Type: | PSKeyVaultIdentityItem |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Information about the keys that are used to decrypt the security domain data. See examples for how it is constructed.
Type: | KeyPath[] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Name of the managed HSM.
Type: | String |
Aliases: | HsmName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Local file path to store the security domain encrypted with the exchange key.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
When specified, a boolean will be returned when cmdlet succeeds.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
When specified, the security domain data will be decrypted and encrypted using generated ExchangeKey locally.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specify the path to the encrypted security domain data.
Type: | String |
Aliases: | Path |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback: