az dedicated-hsm
Note
This reference is part of the hardware-security-modules extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az dedicated-hsm command. Learn more about extensions.
Manage dedicated hsm with hardware security modules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az dedicated-hsm create |
Create a dedicated HSM in the specified subscription. |
Extension | GA |
| az dedicated-hsm delete |
Deletes the specified Azure Dedicated HSM. |
Extension | GA |
| az dedicated-hsm list |
The List operation gets information about the dedicated hsms associated with the subscription and within the specified resource group. And The List operation gets information about the dedicated HSMs associated with the subscription. |
Extension | GA |
| az dedicated-hsm list-outbound-network-dependency-endpoint |
Gets a list of egress endpoints (network endpoints of all outbound dependencies) in the specified dedicated hsm resource. The operation returns properties of each egress endpoint. |
Extension | GA |
| az dedicated-hsm show |
Gets the specified Azure dedicated HSM. |
Extension | GA |
| az dedicated-hsm update |
Update a dedicated HSM in the specified subscription. |
Extension | GA |
| az dedicated-hsm wait |
Place the CLI in a waiting state until a condition of the dedicated-hsm is met. |
Extension | GA |
az dedicated-hsm create
Create a dedicated HSM in the specified subscription.
az dedicated-hsm create --name
--resource-group
[--location]
[--mgmt-network-interfaces]
[--mgmt-network-subnet]
[--network-interfaces]
[--no-wait]
[--sku {SafeNet Luna Network HSM A790, payShield10K_LMK1_CPS250, payShield10K_LMK1_CPS2500, payShield10K_LMK1_CPS60, payShield10K_LMK2_CPS250, payShield10K_LMK2_CPS2500, payShield10K_LMK2_CPS60}]
[--stamp-id]
[--subnet]
[--tags]
[--zones]Examples
Create a new or update an existing dedicated HSM
az dedicated-hsm create --name "hsm1" --location "westus" --network-interfaces private-ip-address="1.0.0.1" --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp01" --sku "SafeNet Luna Network HSM A790" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"Create a new or update an existing payment HSM
az dedicated-hsm create --name "hsm1" --location "westus" --mgmt-network-interfaces private-ip-address="1.0.0.1" --mgmt-network-subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp01" --sku "payShield10K_LMK1_CPS60" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"Create a new or update an existing payment HSM with management profile
az dedicated-hsm create --name "hsm1" --location "westus" --network-interfaces private-ip-address="1.0.0.2" --subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --mgmt-network-interfaces private-ip-address="1.0.0.1" --mgmt-network-subnet id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/stamp01/subnets/stamp01" --stamp-id "stamp02" --sku "payShield10K_LMK1_CPS60" --tags Dept="hsm" Environment="dogfood" --resource-group "hsm-group"Required Parameters
Name of the dedicated Hsm.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Specifies the list of resource Ids for the network interfaces associated with the dedicated HSM.
Usage: --mgmt-network-interfaces private-ip-address=XX
private-ip-address: Private Ip address of the interface
Multiple actions can be specified by using more than one --mgmt-network-interfaces argument.
Specifies the identifier of the subnet.
Usage: --mgmt-network-subnet id=XX
id: The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...
Specifies the list of resource Ids for the network interfaces associated with the dedicated HSM.
Usage: --network-interfaces private-ip-address=XX
private-ip-address: Private Ip address of the interface
Multiple actions can be specified by using more than one --network-interfaces argument.
Do not wait for the long-running operation to finish.
SKU of the dedicated HSM.
This field will be used when RP does not support Availability zones.
Specifies the identifier of the subnet.
Usage: --subnet id=XX
id: The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The Dedicated Hsm zones.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dedicated-hsm delete
Deletes the specified Azure Dedicated HSM.
az dedicated-hsm delete [--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]
[--yes]Examples
Delete a dedicated HSM
az dedicated-hsm delete --name "hsm1" --resource-group "hsm-group"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the dedicated HSM to delete.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dedicated-hsm list
The List operation gets information about the dedicated hsms associated with the subscription and within the specified resource group. And The List operation gets information about the dedicated HSMs associated with the subscription.
az dedicated-hsm list [--resource-group]
[--top]Examples
List dedicated HSM devices in a resource group
az dedicated-hsm list --resource-group "hsm-group"List dedicated HSM devices in a resource group including payment HSM
az dedicated-hsm list --resource-group "hsm-group"List dedicated HSM devices in a subscription
az dedicated-hsm listList dedicated HSM devices in a subscription including payment HSM
az dedicated-hsm listOptional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Maximum number of results to return.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dedicated-hsm list-outbound-network-dependency-endpoint
Gets a list of egress endpoints (network endpoints of all outbound dependencies) in the specified dedicated hsm resource. The operation returns properties of each egress endpoint.
az dedicated-hsm list-outbound-network-dependency-endpoint --name
--resource-groupExamples
List OutboundNetworkDependenciesEndpoints by Managed Cluster
az dedicated-hsm list-outbound-network-dependency-endpoint --name "hsm1" --resource-group "hsm-group"Required Parameters
The name of the dedicated HSM.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dedicated-hsm show
Gets the specified Azure dedicated HSM.
az dedicated-hsm show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get a dedicated HSM
az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"Get a payment HSM
az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"Get a payment HSM with 2018-10-31Preview api version
az dedicated-hsm show --name "hsm1" --resource-group "hsm-group"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the dedicated HSM.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dedicated-hsm update
Update a dedicated HSM in the specified subscription.
az dedicated-hsm update [--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]
[--tags]Examples
Update an existing dedicated HSM
az dedicated-hsm update --name "hsm1" --tags Dept="hsm" Environment="dogfood" Slice="A" --resource-group "hsm-group"Update an existing payment HSM
az dedicated-hsm update --name "hsm1" --tags Dept="hsm" Environment="dogfood" Slice="A" --resource-group "hsm-group"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the dedicated HSM.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dedicated-hsm wait
Place the CLI in a waiting state until a condition of the dedicated-hsm is met.
az dedicated-hsm wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Examples
Pause executing next line of CLI script until the dedicated-hsm is successfully created.
az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --createdPause executing next line of CLI script until the dedicated-hsm is successfully updated.
az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --updatedPause executing next line of CLI script until the dedicated-hsm is successfully deleted.
az dedicated-hsm wait --name "hsm1" --resource-group "hsm-group" --deletedOptional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
The name of the dedicated HSM.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI