Restore-AzKeyVault
Fully restores a managed HSM from backup.
Syntax
Restore-AzKeyVault
-BackupFolder <String>
[-KeyName <String>]
[-PassThru]
[-HsmName] <String>
-StorageAccountName <String>
-StorageContainerName <String>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzKeyVault
-BackupFolder <String>
[-KeyName <String>]
[-PassThru]
[-HsmName] <String>
-StorageContainerUri <Uri>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzKeyVault
-BackupFolder <String>
[-KeyName <String>]
[-PassThru]
-StorageContainerUri <Uri>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
-HsmObject <PSManagedHsm>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzKeyVault
-BackupFolder <String>
[-KeyName <String>]
[-PassThru]
-StorageAccountName <String>
-StorageContainerName <String>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
-HsmObject <PSManagedHsm>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Fully restores a managed HSM from a backup stored in a storage account.
Use Backup-AzKeyVault
to backup.
Examples
Example 1 Restore a Key Vault
$sasToken = ConvertTo-SecureString -AsPlainText -Force "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-10-12T14:42:19Z&st=2020-10-12T06:42:19Z&spr=https&sig=******"
Restore-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -BackupFolder "mhsm-myHsm-2020101308504935" -SasToken $sasToken
The example restores a backup stored in a folder named "mhsm-myHsm-2020101308504935" of a storage container "https://{accountName}.blob.core.windows.net/{containerName}".
Example 2 Restore a Key Vault via User Assigned Managed Identity Authentication
# Make sure an identity is assigend to the Hsm
Update-AzKeyVaultManagedHsm -UserAssignedIdentity "/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}"
Restore-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -BackupFolder "mhsm-myHsm-2020101308504935" -UseUserManagedIdentity
The example restores an HSM via User Assigned Managed Identity Authentication.
Parameters
-BackupFolder
Folder name of the backup, e.g. 'mhsm--2020101309020403'. It can also be nested such as 'backups/mhsm--2020101309020403'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-HsmName
Name of the HSM.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-HsmObject
Managed HSM object
Type: | PSManagedHsm |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-KeyName
Key name to restore.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PassThru
Return true when the HSM is restored.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SasToken
The shared access signature (SAS) token to authenticate the storage account.
Type: | SecureString |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StorageAccountName
Name of the storage account where the backup is going to be stored.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StorageContainerName
Name of the blob container where the backup is going to be stored.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StorageContainerUri
URI of the storage container where the backup is going to be stored.
Type: | Uri |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UseUserManagedIdentity
Specified to use User Managed Identity to authenticate the storage account. Only valid when SasToken is not set.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None
Outputs
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour