The New-AzKeyVaultManagedHsm cmdlet creates a managed HSM in the specified resource group. To add,
remove, or list keys in the managed HSM, user should:
grant permissions by adding user ID to Administrator;
add role assignment for user like "Managed HSM Crypto User" and so on;
back up security domain data of a managed HSM using Export-AzKeyVaultSecurityDomain.
Name Resource Group Name Location SKU
---- ------------------- -------- ---
myhsm myrg1 eastus2euap StandardB1
This command creates a managed HSM named myhsm in the location eastus2euap. The command
adds the managed HSM to the resource group named myrg1. Because the command does not specify a
value for the SKU parameter, it creates a Standard_B1 managed HSM.
Name Resource Group Name Location SKU
---- ------------------- -------- ---
myhsm myrg1 eastus2euap CustomB32
This command creates a managed HSM, just like the previous example. However, it specifies a value of
CustomB32 for the SKU parameter to create a CustomB32 managed HSM.
Example 3: Create a managed HSM with an user assigned identity
Managed HSM Name : myhsm
Resource Group Name : myrg1
Location : eastus2euap
Resource ID : /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/bez-rg/pro
viders/Microsoft.KeyVault/managedHSMs/bezmhsm
HSM Pool URI :
Tenant ID : 00001111-aaaa-2222-bbbb-3333cccc4444
Initial Admin Object Ids : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
SKU : StandardB1
Soft Delete Enabled? : True
Enabled Purge Protection? : False
Soft Delete Retention Period (days) : 70
Public Network Access : Enabled
IdentityType : UserAssigned
UserAssignedIdentities : /subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName
Provisioning State : Succeeded
Status Message : The Managed HSM is provisioned and ready to use.
Security Domain ActivationStatus : Active
Security Domain ActivationStatusMessage : Your HSM has been activated and can be used for cryptographic operations.
Regions :
Tags
This command creates a managed HSM with an user assigned identity.
Parameters
-Administrator
Initial administrator object id for this managed HSM pool.
specifying whether protection against purge is enabled for this managed HSM pool. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible.
Specifies the Azure region in which to create the key vault.
Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.
Specifies a name of the managed HSM to create.
The name can be any combination of letters, digits, or hyphens.
The name must start and end with a letter or digit.
The name must be universally unique.
The ID of the subscription.
By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user.
Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
The set of user assigned identities associated with the managed HSM. Its value will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
