keyvault

class pulumi_azure.keyvault.AccessPolicy(resource_name, opts=None, application_id=None, certificate_permissions=None, key_permissions=None, key_vault_id=None, object_id=None, resource_group_name=None, secret_permissions=None, tenant_id=None, vault_name=None, __name__=None, __opts__=None)

Manages a Key Vault Access Policy.

NOTE: It’s possible to define Key Vault Access Policies both within the azurerm_key_vault resource via the access_policy block and by using the azurerm_key_vault_access_policy resource. However it’s not possible to use both methods to manage Access Policies within a KeyVault, since there’ll be conflicts.

NOTE: Azure permits a maximum of 1024 Access Policies per Key Vault - more information can be found in this document.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • application_id (pulumi.Input[str]) – The object ID of an Application in Azure Active Directory.
  • certificate_permissions (pulumi.Input[list]) – List of certificate permissions, must be one or more from the following: backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers and update.
  • key_permissions (pulumi.Input[list]) – List of key permissions, must be one or more from the following: backup, create, decrypt, delete, encrypt, get, import, list, purge, recover, restore, sign, unwrapKey, update, verify and wrapKey.
  • object_id (pulumi.Input[str]) – The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.
  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the namespace. Changing this forces a new resource to be created.
  • secret_permissions (pulumi.Input[list]) – List of secret permissions, must be one or more from the following: backup, delete, get, list, purge, recover, restore and set.
  • tenant_id (pulumi.Input[str]) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.
  • vault_name (pulumi.Input[str]) – Specifies the name of the Key Vault resource. Changing this forces a new resource to be created.
application_id = None

The object ID of an Application in Azure Active Directory.

certificate_permissions = None

List of certificate permissions, must be one or more from the following: backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers and update.

key_permissions = None

List of key permissions, must be one or more from the following: backup, create, decrypt, delete, encrypt, get, import, list, purge, recover, restore, sign, unwrapKey, update, verify and wrapKey.

object_id = None

The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.

resource_group_name = None

The name of the resource group in which to create the namespace. Changing this forces a new resource to be created.

secret_permissions = None

List of secret permissions, must be one or more from the following: backup, delete, get, list, purge, recover, restore and set.

tenant_id = None

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.

vault_name = None

Specifies the name of the Key Vault resource. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.keyvault.Certifiate(resource_name, opts=None, certificate=None, certificate_policy=None, key_vault_id=None, name=None, tags=None, vault_uri=None, __name__=None, __opts__=None)

Manages a Key Vault Certificate.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • certificate (pulumi.Input[dict]) – A certificate block as defined below, used to Import an existing certificate.
  • certificate_policy (pulumi.Input[dict]) – A certificate_policy block as defined below.
  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Certificate should be created.
  • name (pulumi.Input[str]) – The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.
  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.
certificate = None

A certificate block as defined below, used to Import an existing certificate.

certificate_data = None

The raw Key Vault Certificate.

certificate_policy = None

A certificate_policy block as defined below.

key_vault_id = None

The ID of the Key Vault where the Certificate should be created.

name = None

The name of the Certificate Issuer. Possible values include Self, or the name of a certificate issuing authority supported by Azure. Changing this forces a new resource to be created.

secret_id = None

The ID of the associated Key Vault Secret.

tags = None

A mapping of tags to assign to the resource.

thumbprint = None

The X509 Thumbprint of the Key Vault Certificate returned as hex string.

version = None

The current version of the Key Vault Certificate.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.keyvault.GetAccessPolicyResult(certificate_permissions=None, key_permissions=None, secret_permissions=None, id=None)

A collection of values returned by getAccessPolicy.

certificate_permissions = None

the certificate permissions for the access policy

key_permissions = None

the key permissions for the access policy

secret_permissions = None

the secret permissions for the access policy

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.GetKeyResult(e=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, n=None, tags=None, vault_uri=None, version=None, id=None)

A collection of values returned by getKey.

e = None

The RSA public exponent of this Key Vault Key.

key_opts = None

A list of JSON web key operations assigned to this Key Vault Key

key_size = None

Specifies the Size of this Key Vault Key.

key_type = None

Specifies the Key Type of this Key Vault Key

n = None

The RSA modulus of this Key Vault Key.

tags = None

A mapping of tags assigned to this Key Vault Key.

version = None

The current version of the Key Vault Key.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.GetKeyVaultResult(access_policies=None, enabled_for_deployment=None, enabled_for_disk_encryption=None, enabled_for_template_deployment=None, location=None, network_acls=None, sku=None, tags=None, tenant_id=None, vault_uri=None, id=None)

A collection of values returned by getKeyVault.

access_policies = None

One or more access_policy blocks as defined below.

enabled_for_deployment = None

Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?

enabled_for_disk_encryption = None

Can Azure Disk Encryption retrieve secrets from the Key Vault?

enabled_for_template_deployment = None

Can Azure Resource Manager retrieve secrets from the Key Vault?

location = None

The Azure Region in which the Key Vault exists.

sku = None

A sku block as described below.

tags = None

A mapping of tags assigned to the Key Vault.

tenant_id = None

The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.

vault_uri = None

The URI of the vault for performing operations on keys and secrets.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.GetSecretResult(content_type=None, key_vault_id=None, tags=None, value=None, vault_uri=None, version=None, id=None)

A collection of values returned by getSecret.

content_type = None

The content type for the Key Vault Secret.

tags = None

Any tags assigned to this resource.

value = None

The value of the Key Vault Secret.

version = None

The current version of the Key Vault Secret.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.keyvault.Key(resource_name, opts=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, name=None, tags=None, vault_uri=None, __name__=None, __opts__=None)

Manages a Key Vault Key.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • key_opts (pulumi.Input[list]) – A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.
  • key_size (pulumi.Input[float]) – Specifies the Size of the Key to create in bytes. For example, 1024 or 2048. Changing this forces a new resource to be created.
  • key_type (pulumi.Input[str]) – Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.
  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Key should be created.
  • name (pulumi.Input[str]) – Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.
  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.
e = None

The RSA public exponent of this Key Vault Key.

key_opts = None

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

key_size = None

Specifies the Size of the Key to create in bytes. For example, 1024 or 2048. Changing this forces a new resource to be created.

key_type = None

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

key_vault_id = None

The ID of the Key Vault where the Key should be created.

n = None

The RSA modulus of this Key Vault Key.

name = None

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

tags = None

A mapping of tags to assign to the resource.

version = None

The current version of the Key Vault Key.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.keyvault.KeyVault(resource_name, opts=None, access_policies=None, enabled_for_deployment=None, enabled_for_disk_encryption=None, enabled_for_template_deployment=None, location=None, name=None, network_acls=None, resource_group_name=None, sku=None, tags=None, tenant_id=None, __name__=None, __opts__=None)

Manages a Key Vault.

NOTE: It’s possible to define Key Vault Access Policies both within the azurerm_key_vault resource via the access_policy block and by using the azurerm_key_vault_access_policy resource. However it’s not possible to use both methods to manage Access Policies within a KeyVault, since there’ll be conflicts.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • access_policies (pulumi.Input[list]) – An access policy block as described below. A maximum of 16 may be declared.
  • enabled_for_deployment (pulumi.Input[bool]) – Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false.
  • enabled_for_disk_encryption (pulumi.Input[bool]) – Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false.
  • enabled_for_template_deployment (pulumi.Input[bool]) – Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false.
  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
  • name (pulumi.Input[str]) – Specifies the name of the Key Vault. Changing this forces a new resource to be created.
  • network_acls (pulumi.Input[dict]) – A network_acls block as defined below.
  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.
  • sku (pulumi.Input[dict]) – An SKU block as described below.
  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.
  • tenant_id (pulumi.Input[str]) – The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
access_policies = None

An access policy block as described below. A maximum of 16 may be declared.

enabled_for_deployment = None

Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false.

enabled_for_disk_encryption = None

Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false.

enabled_for_template_deployment = None

Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false.

location = None

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

name = None

Specifies the name of the Key Vault. Changing this forces a new resource to be created.

network_acls = None

A network_acls block as defined below.

resource_group_name = None

The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.

sku = None

An SKU block as described below.

tags = None

A mapping of tags to assign to the resource.

tenant_id = None

The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.

vault_uri = None

The URI of the Key Vault, used for performing operations on keys and secrets.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.keyvault.Secret(resource_name, opts=None, content_type=None, key_vault_id=None, name=None, tags=None, value=None, vault_uri=None, __name__=None, __opts__=None)

Manages a Key Vault Secret.

Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • content_type (pulumi.Input[str]) – Specifies the content type for the Key Vault Secret.
  • key_vault_id (pulumi.Input[str]) – The ID of the Key Vault where the Secret should be created.
  • name (pulumi.Input[str]) – Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.
  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.
  • value (pulumi.Input[str]) – Specifies the value of the Key Vault Secret.
content_type = None

Specifies the content type for the Key Vault Secret.

key_vault_id = None

The ID of the Key Vault where the Secret should be created.

name = None

Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created.

tags = None

A mapping of tags to assign to the resource.

value = None

Specifies the value of the Key Vault Secret.

version = None

The current version of the Key Vault Secret.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_azure.keyvault.get_access_policy(name=None, opts=None)

Use this data source to access information about the permissions from the Management Key Vault Templates.

pulumi_azure.keyvault.get_key(key_vault_id=None, name=None, vault_uri=None, opts=None)

Use this data source to access information about an existing Key Vault Key.

Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.
pulumi_azure.keyvault.get_key_vault(name=None, resource_group_name=None, opts=None)

Use this data source to access information about an existing Key Vault.

pulumi_azure.keyvault.get_secret(key_vault_id=None, name=None, vault_uri=None, opts=None)

Use this data source to access information about an existing Key Vault Secret.

Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.