Import-AzKeyVaultSecurityDomain
Imports previously exported security domain data to a managed HSM.
Syntax
Import-AzKeyVaultSecurityDomain
-Name <String>
-Keys <KeyPath[]>
-SecurityDomainPath <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Import-AzKeyVaultSecurityDomain
-Name <String>
-SecurityDomainPath <String>
[-ImportRestoredBlob]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Import-AzKeyVaultSecurityDomain
-Name <String>
-OutFile <String>
[-Force]
[-DownloadExchangeKey]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Import-AzKeyVaultSecurityDomain
-InputObject <PSKeyVaultIdentityItem>
-Keys <KeyPath[]>
-SecurityDomainPath <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Import-AzKeyVaultSecurityDomain
-Keys <KeyPath[]>
-SecurityDomainPath <String>
-OutFile <String>
-ExchangeKeyPath <String>
[-Force]
[-RestoreBlob]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Description
This cmdlet imports previously exported security domain data to a managed HSM.
Examples
Example 1: Import Security domain
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -Keys $keys -SecurityDomainPath sd.ps.jsonFirst, the keys need be provided to decrypt the security domain data. Then, The Import-AzKeyVaultSecurityDomain command restores previous backed up security domain data to a managed HSM using these keys.
Example 2: Import Security domain by separate steps
$exchangeKeyOutputPath = "ExchangeKey.cer"
$SecurityDomainRestoredBlob = "HsmRestoreBlob.json"
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -OutFile $exchangeKeyOutputPath -DownloadExchangeKey
Import-AzKeyVaultSecurityDomain -Keys $keys -ExchangeKeyPath $exchangeKeyPath -SecurityDomainPath sd.ps.json -OutFile sd_restored.ps.json -RestoreBlob
Import-AzKeyVaultSecurityDomain -Name testmhsm -SecurityDomainPath $SecurityDomainRestoredBlob -ImportRestoredBlobFirst, an exchange key should be downloaded by adding -DownloadExchangeKey.
Then, the security domain data should be decrypted locally using key pairs and encrypted using generated exchange key by adding -RestoreBlob.
Finally, the restored security domain data can be imported to a managed HSM using -ImportRestoredBlob.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DownloadExchangeKey
When specified, an exchange key will be downloaded to specified path.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExchangeKeyPath
Local path of exchange key used to encrypt the security domain data. Generated by running Import-AzKeyVaultSecurityDomain with -DownloadExchangeKey.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Specify whether to overwrite existing file.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ImportRestoredBlob
When specified, SecurityDomainPath should be encrypted security domain data generated by Restore-AzKeyVaultSecurityDomainBlob.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Object representing a managed HSM.
| Type: | PSKeyVaultIdentityItem |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Keys
Information about the keys that are used to decrypt the security domain data. See examples for how it is constructed.
| Type: | KeyPath[] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Name of the managed HSM.
| Type: | String |
| Aliases: | HsmName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OutFile
Local file path to store the security domain encrypted with the exchange key.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
When specified, a boolean will be returned when cmdlet succeeds.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RestoreBlob
When specified, the security domain data will be decrypted and encrypted using generated ExchangeKey locally.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SecurityDomainPath
Specify the path to the encrypted security domain data.
| Type: | String |
| Aliases: | Path |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubscriptionId
The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for