Share via

Managed Hsms - List By Resource Group

Service:
Key Vault
API Version:
2024-11-01

The List operation gets information about the managed HSM Pools associated with the subscription and within the specified resource group.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs?api-version=2024-11-01
With optional parameters: 
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/managedHSMs?$top={$top}&api-version=2024-11-01

URI Parameters

Name In Required Type Description
resourceGroupName
 path True

string

Name of the resource group that contains the managed HSM pool.
subscriptionId
 path True

string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version
 query True

string

Client Api Version.
$top
 query

integer (int32)

Maximum number of results to return.

Responses

Name Type Description
200 OK

ManagedHsmListResult

Get information about all managed HSM Pools in the specified resource group.
Other Status Codes

ManagedHsmError

The error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List managed HSM Pools in a resource group

Sample request

GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.KeyVault/managedHSMs?api-version=2024-11-01

Sample response

Status code:
200 
{
  "value": [
    {
      "properties": {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "initialAdminObjectIds": [
          "00000000-0000-0000-0000-000000000000"
        ],
        "enableSoftDelete": true,
        "softDeleteRetentionInDays": 90,
        "enablePurgeProtection": false,
        "hsmUri": "https://westus.hsm1.managedhsm.azure.net",
        "provisioningState": "Succeeded",
        "statusMessage": "ManagedHsm is functional."
      },
      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.KeyVault/managedHSMs/hsm1",
      "name": "hsm1",
      "type": "Microsoft.KeyVault/managedHSMs",
      "location": "westus",
      "sku": {
        "family": "B",
        "name": "Standard_B1"
      },
      "tags": {
        "Dept": "hsm",
        "Environment": "dogfood"
      }
    },
    {
      "properties": {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "initialAdminObjectIds": [
          "00000000-0000-0000-0000-000000000000"
        ],
        "enableSoftDelete": true,
        "softDeleteRetentionInDays": 90,
        "enablePurgeProtection": false,
        "hsmUri": "https://westus.hsm2.managedhsm.azure.net",
        "provisioningState": "Succeeded",
        "statusMessage": "ManagedHsm is functional."
      },
      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.KeyVault/managedHSMs/hsm2",
      "name": "hsm2",
      "type": "Microsoft.KeyVault/managedHSMs",
      "location": "westus",
      "sku": {
        "family": "B",
        "name": "Standard_B1"
      },
      "tags": {
        "Dept": "hsm",
        "Environment": "production"
      }
    }
  ],
  "nextLink": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.KeyVault/managedHSMs?api-version=2024-11-01&$skiptoken=dmF1bHQtcGVza3ktanVyeS03MzA3Ng=="
}

Definitions

Name Description
ActionsRequired

A message indicating if changes on the service provider require any updates on the consumer.
ActivationStatus

Activation Status
CreateMode

The create mode to indicate whether the resource is being created or is being recovered from a deleted resource.
Error

The server error.
GeoReplicationRegionProvisioningState

Provisioning state of the geo replicated region.
identityType

The type of identity that created the key vault resource.
ManagedHsm

Resource information with extended details.
ManagedHsmError

The error exception.
ManagedHsmListResult

List of managed HSM Pools
ManagedHsmProperties

Properties of the managed HSM Pool
ManagedHSMSecurityDomainProperties

The security domain properties of the managed hsm.
ManagedHsmSku

SKU details
ManagedHsmSkuFamily

SKU Family of the managed HSM Pool
ManagedHsmSkuName

SKU of the managed HSM Pool
ManagedServiceIdentity

Managed service identity (system assigned and/or user assigned identities)
ManagedServiceIdentityType

Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).
MHSMGeoReplicatedRegion

A region that this managed HSM Pool has been extended to.
MHSMIPRule

A rule governing the accessibility of a managed HSM pool from a specific IP address or IP range.
MHSMNetworkRuleSet

A set of rules governing the network accessibility of a managed hsm pool.
MHSMPrivateEndpoint

Private endpoint object properties.
MHSMPrivateEndpointConnectionItem

Private endpoint connection item.
MHSMPrivateLinkServiceConnectionState

An object that represents the approval state of the private link connection.
MHSMVirtualNetworkRule

A rule governing the accessibility of a managed hsm pool from a specific virtual network.
NetworkRuleAction

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
NetworkRuleBypassOptions

Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
PrivateEndpointConnectionProvisioningState

Provisioning state of the private endpoint connection.
PrivateEndpointServiceConnectionStatus

Indicates whether the connection has been approved, rejected or removed by the key vault owner.
ProvisioningState

Provisioning state.
PublicNetworkAccess

Control permission to the managed HSM from public networks.
SystemData

Metadata pertaining to creation and last modification of the key vault resource.
UserAssignedIdentity

User assigned identity properties

ActionsRequired

Enumeration

A message indicating if changes on the service provider require any updates on the consumer.

Value Description
None

ActivationStatus

Enumeration

Activation Status

Value Description
Active

The managed HSM Pool is active.
NotActivated

The managed HSM Pool is not yet activated.
Unknown

An unknown error occurred while activating managed hsm.
Failed

Failed to activate managed hsm.

CreateMode

Enumeration

The create mode to indicate whether the resource is being created or is being recovered from a deleted resource.

Value Description
recover

Recover the managed HSM pool from a soft-deleted resource.
default

Create a new managed HSM pool. This is the default option.

Error

Object

The server error.

Name Type Description
code

string

The error code.
innererror

Error

The inner error, contains a more specific error code.
message

string

The error message.

GeoReplicationRegionProvisioningState

Enumeration

Provisioning state of the geo replicated region.

Value Description
Preprovisioning
Provisioning
Succeeded
Failed
Deleting
Cleanup

identityType

Enumeration

The type of identity that created the key vault resource.

Value Description
User
Application
ManagedIdentity
Key

ManagedHsm

Object

Resource information with extended details.

Name Type Description
id

string

The Azure Resource Manager resource ID for the managed HSM Pool.
identity

ManagedServiceIdentity

Managed service identity (system assigned and/or user assigned identities)
location

string

The supported Azure location where the managed HSM Pool should be created.
name

string

The name of the managed HSM Pool.
properties

ManagedHsmProperties

Properties of the managed HSM
sku

ManagedHsmSku

SKU details
systemData

SystemData

Metadata pertaining to creation and last modification of the key vault resource.
tags

object

Resource tags
type

string

The resource type of the managed HSM Pool.

ManagedHsmError

Object

The error exception.

Name Type Description
error

Error

The server error.

ManagedHsmListResult

Object

List of managed HSM Pools

Name Type Description
nextLink

string

The URL to get the next set of managed HSM Pools.
value

ManagedHsm[]

The list of managed HSM Pools.

ManagedHsmProperties

Object

Properties of the managed HSM Pool

Name Type Default value Description
createMode

CreateMode

The create mode to indicate whether the resource is being created or is being recovered from a deleted resource.
enablePurgeProtection

boolean

True

Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. Enabling this functionality is irreversible.
enableSoftDelete

boolean

True

Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. Soft delete is enabled by default for all managed HSMs and is immutable.
hsmUri

string

The URI of the managed hsm pool for performing operations on keys.
initialAdminObjectIds

string[]

Array of initial administrators object ids for this managed hsm pool.
networkAcls

MHSMNetworkRuleSet

Rules governing the accessibility of the key vault from specific network locations.
privateEndpointConnections

MHSMPrivateEndpointConnectionItem[]

List of private endpoint connections associated with the managed hsm pool.
provisioningState

ProvisioningState

Provisioning state.
publicNetworkAccess

PublicNetworkAccess

Enabled

Control permission to the managed HSM from public networks.
regions

MHSMGeoReplicatedRegion[]

List of all regions associated with the managed hsm pool.
scheduledPurgeDate

string (date-time)

The scheduled purge date in UTC.
securityDomainProperties

ManagedHSMSecurityDomainProperties

Managed HSM security domain properties.
softDeleteRetentionInDays

integer (int32)

90

Soft deleted data retention days. When you delete an HSM or a key, it will remain recoverable for the configured retention period or for a default period of 90 days. It accepts values between 7 and 90.
statusMessage

string

Resource Status Message.
tenantId

string (uuid)

The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool.

ManagedHSMSecurityDomainProperties

Object

The security domain properties of the managed hsm.

Name Type Description
activationStatus

ActivationStatus

Activation Status
activationStatusMessage

string

Activation Status Message.

ManagedHsmSku

Object

SKU details

Name Type Description
family

ManagedHsmSkuFamily

SKU Family of the managed HSM Pool
name

ManagedHsmSkuName

SKU of the managed HSM Pool

ManagedHsmSkuFamily

Enumeration

SKU Family of the managed HSM Pool

Value Description
B
C

ManagedHsmSkuName

Enumeration

SKU of the managed HSM Pool

Value Description
Standard_B1
Custom_B32
Custom_B6
Custom_C42
Custom_C10

ManagedServiceIdentity

Object

Managed service identity (system assigned and/or user assigned identities)

Name Type Description
principalId

string (uuid)

The service principal ID of the system assigned identity. This property will only be provided for a system assigned identity.
tenantId

string (uuid)

The tenant ID of the system assigned identity. This property will only be provided for a system assigned identity.
type

ManagedServiceIdentityType

Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).
userAssignedIdentities

<string,  UserAssignedIdentity>

User-Assigned Identities
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.

ManagedServiceIdentityType

Enumeration

Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).

Value Description
None
SystemAssigned
UserAssigned
SystemAssigned,UserAssigned

MHSMGeoReplicatedRegion

Object

A region that this managed HSM Pool has been extended to.

Name Type Description
isPrimary

boolean

A boolean value that indicates whether the region is the primary region or a secondary region.
name

string

Name of the geo replicated region.
provisioningState

GeoReplicationRegionProvisioningState

Provisioning state of the geo replicated region.

MHSMIPRule

Object

A rule governing the accessibility of a managed HSM pool from a specific IP address or IP range.

Name Type Description
value

string

An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

MHSMNetworkRuleSet

Object

A set of rules governing the network accessibility of a managed hsm pool.

Name Type Description
bypass

NetworkRuleBypassOptions

Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction

NetworkRuleAction

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules

MHSMIPRule[]

The list of IP address rules.
virtualNetworkRules

MHSMVirtualNetworkRule[]

The list of virtual network rules.

MHSMPrivateEndpoint

Object

Private endpoint object properties.

Name Type Description
id

string

Full identifier of the private endpoint resource.

MHSMPrivateEndpointConnectionItem

Object

Private endpoint connection item.

Name Type Description
etag

string

Modified whenever there is a change in the state of private endpoint connection.
id

string

Id of private endpoint connection.
properties.privateEndpoint

MHSMPrivateEndpoint

Properties of the private endpoint object.
properties.privateLinkServiceConnectionState

MHSMPrivateLinkServiceConnectionState

Approval state of the private link connection.
properties.provisioningState

PrivateEndpointConnectionProvisioningState

Provisioning state of the private endpoint connection.

MHSMPrivateLinkServiceConnectionState

Object

An object that represents the approval state of the private link connection.

Name Type Description
actionsRequired

ActionsRequired

A message indicating if changes on the service provider require any updates on the consumer.
description

string

The reason for approval or rejection.
status

PrivateEndpointServiceConnectionStatus

Indicates whether the connection has been approved, rejected or removed by the key vault owner.

MHSMVirtualNetworkRule

Object

A rule governing the accessibility of a managed hsm pool from a specific virtual network.

Name Type Description
id

string

Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

NetworkRuleAction

Enumeration

The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

Value Description
Allow
Deny

NetworkRuleBypassOptions

Enumeration

Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.

Value Description
AzureServices
None

PrivateEndpointConnectionProvisioningState

Enumeration

Provisioning state of the private endpoint connection.

Value Description
Succeeded
Creating
Updating
Deleting
Failed
Disconnected

PrivateEndpointServiceConnectionStatus

Enumeration

Indicates whether the connection has been approved, rejected or removed by the key vault owner.

Value Description
Pending
Approved
Rejected
Disconnected

ProvisioningState

Enumeration

Provisioning state.

Value Description
Succeeded

The managed HSM Pool has been full provisioned.
Provisioning

The managed HSM Pool is currently being provisioned.
Failed

Provisioning of the managed HSM Pool has failed.
Updating

The managed HSM Pool is currently being updated.
Deleting

The managed HSM Pool is currently being deleted.
Activated

The managed HSM pool is ready for normal use.
SecurityDomainRestore

The managed HSM pool is waiting for a security domain restore action.
Restoring

The managed HSM pool is being restored from full HSM backup.

PublicNetworkAccess

Enumeration

Control permission to the managed HSM from public networks.

Value Description
Enabled
Disabled

SystemData

Object

Metadata pertaining to creation and last modification of the key vault resource.

Name Type Description
createdAt

string (date-time)

The timestamp of the key vault resource creation (UTC).
createdBy

string

The identity that created the key vault resource.
createdByType

identityType

The type of identity that created the key vault resource.
lastModifiedAt

string (date-time)

The timestamp of the key vault resource last modification (UTC).
lastModifiedBy

string

The identity that last modified the key vault resource.
lastModifiedByType

identityType

The type of identity that last modified the key vault resource.

UserAssignedIdentity

Object

User assigned identity properties

Name Type Description
clientId

string (uuid)

The client ID of the assigned identity.
principalId

string (uuid)

The principal ID of the assigned identity.