VaultProperties Class

Reference

Properties of the vault.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to server.

Inheritance: azure.mgmt.keyvault._serialization.Model

VaultProperties

Constructor

VaultProperties(*, tenant_id: str, sku: _models.Sku, access_policies: List[_models.AccessPolicyEntry] | None = None, vault_uri: str | None = None, enabled_for_deployment: bool | None = None, enabled_for_disk_encryption: bool | None = None, enabled_for_template_deployment: bool | None = None, enable_soft_delete: bool = True, soft_delete_retention_in_days: int = 90, enable_rbac_authorization: bool = False, create_mode: str | _models.CreateMode | None = None, enable_purge_protection: bool | None = None, network_acls: _models.NetworkRuleSet | None = None, provisioning_state: str | _models.VaultProvisioningState | None = None, public_network_access: str = 'enabled', **kwargs: Any)

Keyword-Only Parameters

Name	Description
tenant_id	str The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.
sku	Sku SKU details. Required.
access_policies	list[AccessPolicyEntry] An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
vault_uri	str The URI of the vault for performing operations on keys and secrets.
enabled_for_deployment	bool Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabled_for_disk_encryption	bool Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabled_for_template_deployment	bool Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
enable_soft_delete	bool Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. Default value: True
soft_delete_retention_in_days	int softDelete data retention days. It accepts >=7 and <=90. Default value: 90
enable_rbac_authorization	bool Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
create_mode	str or CreateMode The vault's create mode to indicate whether the vault need to be recovered or not. Known values are: "recover" and "default".
enable_purge_protection	bool Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
network_acls	NetworkRuleSet Rules governing the accessibility of the key vault from specific network locations.
provisioning_state	str or VaultProvisioningState Provisioning state of the vault. Known values are: "Succeeded" and "RegisteringDns".
public_network_access	str Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. Default value: enabled

Variables

Name	Description
tenant_id	str The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Required.
sku	Sku SKU details. Required.
access_policies	list[AccessPolicyEntry] An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
vault_uri	str The URI of the vault for performing operations on keys and secrets.
hsm_pool_resource_id	str The resource id of HSM Pool.
enabled_for_deployment	bool Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabled_for_disk_encryption	bool Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabled_for_template_deployment	bool Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
enable_soft_delete	bool Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
soft_delete_retention_in_days	int softDelete data retention days. It accepts >=7 and <=90.
enable_rbac_authorization	bool Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
create_mode	str or CreateMode The vault's create mode to indicate whether the vault need to be recovered or not. Known values are: "recover" and "default".
enable_purge_protection	bool Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
network_acls	NetworkRuleSet Rules governing the accessibility of the key vault from specific network locations.
provisioning_state	str or VaultProvisioningState Provisioning state of the vault. Known values are: "Succeeded" and "RegisteringDns".
private_endpoint_connections	list[PrivateEndpointConnectionItem] List of private endpoint connections associated with the key vault.
public_network_access	str Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

Share via

VaultProperties Class

Constructor

Keyword-Only Parameters

Variables

Additional resources