Accounts - Change Key Vault

Serviço:: Azure NetApp Files

Versão da API:: 2025-12-01

Afeta volumes existentes criptografados com o Key Vault/HSM Gerenciado e novos volumes. Dá suporte ao HSM ao Key Vault, ao Key Vault ao HSM, ao HSM ao HSM e ao Key Vault ao Key Vault.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/changeKeyVault?api-version=2025-12-01

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
accountName	path	True	string pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]{0,127}$	O nome da conta do NetApp
resourceGroupName	path	True	string minLength: 1 maxLength: 90	O nome do grupo de recursos. O nome não diferencia maiúsculas de minúsculas.
subscriptionId	path	True	string (uuid)	A ID da assinatura de destino. O valor deve ser uma UUID.
api-version	query	True	string minLength: 1	A versão da API a ser usada para esta operação.

Corpo da solicitação

Nome	Obrigatório	Tipo	Description
keyName	True	string	O nome da chave que deve ser usada para criptografia.
keyVaultPrivateEndpoints	True	KeyVaultPrivateEndpoint[]	Pares de ID de rede virtual e ID de ponto de extremidade privado. Cada rede virtual que tem volumes criptografados com chaves gerenciadas pelo cliente precisa de seu próprio ponto de extremidade privado do cofre de chaves.
keyVaultUri	True	string (uri)	O URI do cofre de chaves/HSM gerenciado que deve ser usado para criptografia.
keyVaultResourceId		string (arm-id)	ID de recurso do Azure do cofre de chaves/HSM gerenciado que deve ser usado para criptografia.

Respostas

Nome

Tipo

Description

202 Accepted

Operação de recurso aceita.

Cabeçalhos

Location: string
Retry-After: integer

Other Status Codes

Uma resposta de erro inesperada.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory.

Tipo: oauth2
Flow: implicit
URL de Autorização: https://login.microsoftonline.com/common/oauth2/authorize

Escopos

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Accounts_ChangeKeyVault

Solicitação de exemplo

POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/changeKeyVault?api-version=2025-12-01

{
  "keyName": "rsakey",
  "keyVaultPrivateEndpoints": [
    {
      "privateEndpointId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1",
      "virtualNetworkId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1"
    }
  ],
  "keyVaultResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm",
  "keyVaultUri": "https://my-key-vault.managedhsm.azure.net"
}


import com.azure.resourcemanager.netapp.models.ChangeKeyVault;
import com.azure.resourcemanager.netapp.models.KeyVaultPrivateEndpoint;
import java.util.Arrays;

/**
 * Samples for Accounts ChangeKeyVault.
 */
public final class Main {
    /*
     * x-ms-original-file: 2025-12-01/Accounts_ChangeKeyVault.json
     */
    /**
     * Sample code: Accounts_ChangeKeyVault.
     * 
     * @param manager Entry point to NetAppFilesManager.
     */
    public static void accountsChangeKeyVault(com.azure.resourcemanager.netapp.NetAppFilesManager manager) {
        manager.accounts().changeKeyVault("myRG", "account1", new ChangeKeyVault()
            .withKeyVaultUri("fakeTokenPlaceholder").withKeyName("fakeTokenPlaceholder")
            .withKeyVaultResourceId("fakeTokenPlaceholder")
            .withKeyVaultPrivateEndpoints(Arrays.asList(new KeyVaultPrivateEndpoint().withVirtualNetworkId(
                "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1")
                .withPrivateEndpointId(
                    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1"))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.netapp import NetAppManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-netapp
# USAGE
    python accounts_change_key_vault.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetAppManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    client.accounts.begin_change_key_vault(
        resource_group_name="myRG",
        account_name="account1",
    ).result()


# x-ms-original-file: 2025-12-01/Accounts_ChangeKeyVault.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetapp_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/netapp/armnetapp/v9"
)

// Generated from example definition: 2025-12-01/Accounts_ChangeKeyVault.json
func ExampleAccountsClient_BeginChangeKeyVault() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetapp.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewAccountsClient().BeginChangeKeyVault(ctx, "myRG", "account1", &armnetapp.AccountsClientBeginChangeKeyVaultOptions{
		Body: &armnetapp.ChangeKeyVault{
			KeyName: to.Ptr("rsakey"),
			KeyVaultPrivateEndpoints: []*armnetapp.KeyVaultPrivateEndpoint{
				{
					PrivateEndpointID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1"),
					VirtualNetworkID:  to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1"),
				},
			},
			KeyVaultResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm"),
			KeyVaultURI:        to.Ptr("https://my-key-vault.managedhsm.azure.net"),
		}})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	_, err = poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetAppManagementClient } = require("@azure/arm-netapp");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to affects existing volumes that are encrypted with Key Vault/Managed HSM, and new volumes. Supports HSM to Key Vault, Key Vault to HSM, HSM to HSM and Key Vault to Key Vault.
 *
 * @summary affects existing volumes that are encrypted with Key Vault/Managed HSM, and new volumes. Supports HSM to Key Vault, Key Vault to HSM, HSM to HSM and Key Vault to Key Vault.
 * x-ms-original-file: 2025-12-01/Accounts_ChangeKeyVault.json
 */
async function accountsChangeKeyVault() {
  const credential = new DefaultAzureCredential();
  const subscriptionId = "00000000-0000-0000-0000-000000000000";
  const client = new NetAppManagementClient(credential, subscriptionId);
  await client.accounts.changeKeyVault("myRG", "account1", {
    body: {
      keyName: "rsakey",
      keyVaultPrivateEndpoints: [
        {
          privateEndpointId:
            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1",
          virtualNetworkId:
            "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1",
        },
      ],
      keyVaultResourceId:
        "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm",
      keyVaultUri: "https://my-key-vault.managedhsm.azure.net",
    },
  });
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.NetApp.Models;
using Azure.ResourceManager.NetApp;

// Generated from example definition: specification/netapp/resource-manager/Microsoft.NetApp/NetApp/stable/2025-12-01/examples/Accounts_ChangeKeyVault.json
// this example is just showing the usage of "Accounts_ChangeKeyVault" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetAppAccountResource created on azure
// for more information of creating NetAppAccountResource, please refer to the document of NetAppAccountResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "myRG";
string accountName = "account1";
ResourceIdentifier netAppAccountResourceId = NetAppAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
NetAppAccountResource netAppAccount = client.GetNetAppAccountResource(netAppAccountResourceId);

// invoke the operation
NetAppChangeKeyVault body = new NetAppChangeKeyVault(new Uri("https://my-key-vault.managedhsm.azure.net"), "rsakey", new NetAppKeyVaultPrivateEndpoint[]
{
new NetAppKeyVaultPrivateEndpoint
{
VirtualNetworkId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/vnet1"),
PrivateEndpointId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/privateEndpoints/privip1"),
}
})
{
    KeyVaultResourceId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.KeyVault/managedHSMs/my-hsm"),
};
await netAppAccount.ChangeKeyVaultAsync(WaitUntil.Completed, body: body);

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta de exemplo

Código de status:: 202

Location: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/a0216c17-f9d6-4b99-9faf-9ebd4883d0e4?api-version=2025-12-01&operationResultResponseType=Location

Definições

Nome	Description
ChangeKeyVault	Alterar solicitação do cofre de chaves
ErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
ErrorDetail	O detalhe do erro.
ErrorResponse	Resposta de erro
KeyVaultPrivateEndpoint	Pares de ID de rede virtual e ID de ponto de extremidade privado. Cada rede virtual que tem volumes criptografados com chaves gerenciadas pelo cliente precisa de seu próprio ponto de extremidade privado do cofre de chaves.

ChangeKeyVault

Objeto

Alterar solicitação do cofre de chaves

Nome	Tipo	Description
keyName	string	O nome da chave que deve ser usada para criptografia.
keyVaultPrivateEndpoints	KeyVaultPrivateEndpoint[]	Pares de ID de rede virtual e ID de ponto de extremidade privado. Cada rede virtual que tem volumes criptografados com chaves gerenciadas pelo cliente precisa de seu próprio ponto de extremidade privado do cofre de chaves.
keyVaultResourceId	string (arm-id)	ID de recurso do Azure do cofre de chaves/HSM gerenciado que deve ser usado para criptografia.
keyVaultUri	string (uri)	O URI do cofre de chaves/HSM gerenciado que deve ser usado para criptografia.

ErrorAdditionalInfo

Objeto

As informações adicionais do erro de gerenciamento de recursos.

Nome	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

ErrorDetail

Objeto

O detalhe do erro.

Nome	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	ErrorDetail[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ErrorResponse

Objeto

Resposta de erro

Nome	Tipo	Description
error	ErrorDetail	O objeto de erro.

KeyVaultPrivateEndpoint

Objeto

Pares de ID de rede virtual e ID de ponto de extremidade privado. Cada rede virtual que tem volumes criptografados com chaves gerenciadas pelo cliente precisa de seu próprio ponto de extremidade privado do cofre de chaves.

Nome	Tipo	Description
privateEndpointId	string (arm-id)	Identificador do ponto de extremidade privado para acessar o Azure Key Vault
virtualNetworkId	string (arm-id)	Identificador para a ID da rede virtual