Accounts - Change Key Vault

Service:: Azure NetApp Files

Version d'API:: 2025-12-01

Affecte les volumes existants chiffrés avec Key Vault/Managed HSM et les nouveaux volumes. Prend en charge HSM vers Key Vault, Key Vault vers HSM, HSM vers HSM et Key Vault vers Key Vault.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/changeKeyVault?api-version=2025-12-01

Paramètres URI

Nom	Dans	Obligatoire	Type	Description
accountName	path	True	string pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,127}$	Nom du compte NetApp
resourceGroupName	path	True	string minLength: 1 maxLength: 90	Nom du groupe de ressources. Le nom ne respecte pas la casse.
subscriptionId	path	True	string (uuid)	ID de l’abonnement cible. La valeur doit être un UUID.
api-version	query	True	string minLength: 1	Version de l’API à utiliser pour cette opération.

Corps de la demande

Nom	Obligatoire	Type	Description
keyName	True	string	Nom de la clé qui doit être utilisée pour le chiffrement.
keyVaultPrivateEndpoints	True	KeyVaultPrivateEndpoint[]	Paires d’ID de réseau virtuel et d’ID de point de terminaison privé. Chaque réseau virtuel disposant de volumes chiffrés avec des clés gérées par le client a besoin de son propre point de terminaison privé key vault.
keyVaultUri	True	string (uri)	URI du coffre de clés/HSM managé qui doit être utilisé pour le chiffrement.
keyVaultResourceId		string (arm-id)	ID de ressource Azure du coffre de clés/HSM managé qui doit être utilisé pour le chiffrement.

Réponses

Nom

Type

Description

202 Accepted

Opération de ressource acceptée.

En-têtes

Location: string
Retry-After: integer

Other Status Codes

Réponse d’erreur inattendue.

Sécurité

azure_auth

Flux OAuth2 Azure Active Directory.

Type: oauth2
Flux: implicit
URL d’autorisation: https://login.microsoftonline.com/common/oauth2/authorize

Étendues

Nom	Description
user_impersonation	emprunter l’identité de votre compte d’utilisateur

Exemples

Accounts_ChangeKeyVault

Exemple de requête

POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/changeKeyVault?api-version=2025-12-01

{
  "keyName": "rsakey",
  "keyVaultPrivateEndpoints": [
    {
      "privateEndpointId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1",
      "virtualNetworkId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1"
    }
  ],
  "keyVaultResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm",
  "keyVaultUri": "https://my-key-vault.managedhsm.azure.net"
}


import com.azure.resourcemanager.netapp.models.ChangeKeyVault;
import com.azure.resourcemanager.netapp.models.KeyVaultPrivateEndpoint;
import java.util.Arrays;

/**
 * Samples for Accounts ChangeKeyVault.
 */
public final class Main {
    /*
     * x-ms-original-file: 2025-12-01/Accounts_ChangeKeyVault.json
     */
    /**
     * Sample code: Accounts_ChangeKeyVault.
     * 
     * @param manager Entry point to NetAppFilesManager.
     */
    public static void accountsChangeKeyVault(com.azure.resourcemanager.netapp.NetAppFilesManager manager) {
        manager.accounts().changeKeyVault("myRG", "account1", new ChangeKeyVault()
            .withKeyVaultUri("fakeTokenPlaceholder").withKeyName("fakeTokenPlaceholder")
            .withKeyVaultResourceId("fakeTokenPlaceholder")
            .withKeyVaultPrivateEndpoints(Arrays.asList(new KeyVaultPrivateEndpoint().withVirtualNetworkId(
                "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1")
                .withPrivateEndpointId(
                    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1"))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.netapp import NetAppManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-netapp
# USAGE
    python accounts_change_key_vault.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetAppManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    client.accounts.begin_change_key_vault(
        resource_group_name="myRG",
        account_name="account1",
    ).result()


# x-ms-original-file: 2025-12-01/Accounts_ChangeKeyVault.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetapp_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/netapp/armnetapp/v9"
)

// Generated from example definition: 2025-12-01/Accounts_ChangeKeyVault.json
func ExampleAccountsClient_BeginChangeKeyVault() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetapp.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewAccountsClient().BeginChangeKeyVault(ctx, "myRG", "account1", &armnetapp.AccountsClientBeginChangeKeyVaultOptions{
		Body: &armnetapp.ChangeKeyVault{
			KeyName: to.Ptr("rsakey"),
			KeyVaultPrivateEndpoints: []*armnetapp.KeyVaultPrivateEndpoint{
				{
					PrivateEndpointID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1"),
					VirtualNetworkID:  to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1"),
				},
			},
			KeyVaultResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm"),
			KeyVaultURI:        to.Ptr("https://my-key-vault.managedhsm.azure.net"),
		}})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	_, err = poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetAppManagementClient } = require("@azure/arm-netapp");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to affects existing volumes that are encrypted with Key Vault/Managed HSM, and new volumes. Supports HSM to Key Vault, Key Vault to HSM, HSM to HSM and Key Vault to Key Vault.
 *
 * @summary affects existing volumes that are encrypted with Key Vault/Managed HSM, and new volumes. Supports HSM to Key Vault, Key Vault to HSM, HSM to HSM and Key Vault to Key Vault.
 * x-ms-original-file: 2025-12-01/Accounts_ChangeKeyVault.json
 */
async function accountsChangeKeyVault() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "00000000-0000-0000-0000-000000000000";
  const client = new NetAppManagementClient(credential, subscriptionId);
  await client.accounts.changeKeyVault("myRG", "account1", {
    body: {
      keyName: "rsakey",
      keyVaultPrivateEndpoints: [
        {
          privateEndpointId:
            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1",
          virtualNetworkId:
            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1",
        },
      ],
      keyVaultResourceId:
        "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm",
      keyVaultUri: "https://my-key-vault.managedhsm.azure.net",
    },
  });
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.NetApp.Models;
using Azure.ResourceManager.NetApp;

// Generated from example definition: specification/netapp/resource-manager/Microsoft.NetApp/NetApp/stable/2025-12-01/examples/Accounts_ChangeKeyVault.json
// this example is just showing the usage of "Accounts_ChangeKeyVault" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetAppAccountResource created on azure
// for more information of creating NetAppAccountResource, please refer to the document of NetAppAccountResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "myRG";
string accountName = "account1";
ResourceIdentifier netAppAccountResourceId = NetAppAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
NetAppAccountResource netAppAccount = client.GetNetAppAccountResource(netAppAccountResourceId);

// invoke the operation
NetAppChangeKeyVault body = new NetAppChangeKeyVault(new Uri("https://my-key-vault.managedhsm.azure.net"), "rsakey", new NetAppKeyVaultPrivateEndpoint[]
{
new NetAppKeyVaultPrivateEndpoint
{
VirtualNetworkId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1"),
PrivateEndpointId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1"),
}
})
{
    KeyVaultResourceId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm"),
};
await netAppAccount.ChangeKeyVaultAsync(WaitUntil.Completed, body: body);

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exemple de réponse

Code d’état:: 202

Location: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/a0216c17-f9d6-4b99-9faf-9ebd4883d0e4?api-version=2025-12-01&operationResultResponseType=Location

Définitions

Nom	Description
ChangeKeyVault	Modifier la demande de coffre de clés
ErrorAdditionalInfo	Informations supplémentaires sur l’erreur de gestion des ressources.
ErrorDetail	Détail de l’erreur.
ErrorResponse	Réponse d’erreur
KeyVaultPrivateEndpoint	Paires d’ID de réseau virtuel et d’ID de point de terminaison privé. Chaque réseau virtuel disposant de volumes chiffrés avec des clés gérées par le client a besoin de son propre point de terminaison privé key vault.

ChangeKeyVault

Objet

Modifier la demande de coffre de clés

Nom	Type	Description
keyName	string	Nom de la clé qui doit être utilisée pour le chiffrement.
keyVaultPrivateEndpoints	KeyVaultPrivateEndpoint[]	Paires d’ID de réseau virtuel et d’ID de point de terminaison privé. Chaque réseau virtuel disposant de volumes chiffrés avec des clés gérées par le client a besoin de son propre point de terminaison privé key vault.
keyVaultResourceId	string (arm-id)	ID de ressource Azure du coffre de clés/HSM managé qui doit être utilisé pour le chiffrement.
keyVaultUri	string (uri)	URI du coffre de clés/HSM managé qui doit être utilisé pour le chiffrement.

ErrorAdditionalInfo

Objet

Informations supplémentaires sur l’erreur de gestion des ressources.

Nom	Type	Description
info	object	Informations supplémentaires.
type	string	Type d’informations supplémentaire.

ErrorDetail

Objet

Détail de l’erreur.

Nom	Type	Description
additionalInfo	ErrorAdditionalInfo[]	Informations supplémentaires sur l’erreur.
code	string	Code d’erreur.
details	ErrorDetail[]	Détails de l’erreur.
message	string	Message d’erreur.
target	string	Cible d’erreur.

ErrorResponse

Objet

Réponse d’erreur

Nom	Type	Description
error	ErrorDetail	Objet d’erreur.

KeyVaultPrivateEndpoint

Objet

Paires d’ID de réseau virtuel et d’ID de point de terminaison privé. Chaque réseau virtuel disposant de volumes chiffrés avec des clés gérées par le client a besoin de son propre point de terminaison privé key vault.

Nom	Type	Description
privateEndpointId	string (arm-id)	Identificateur du point de terminaison privé pour atteindre Azure Key Vault
virtualNetworkId	string (arm-id)	Identificateur de l’identifiant du réseau virtuel