Share via

List all HSM active and deleted

hashimotor 20 Reputation points
2024-01-25T10:27:19.2166667+00:00

Hi, How to list all HSMs down which are actively used and associated with Key Vault, and which has been deleted but not purged? A list of Key vaults can be retrieved by Azure portal or CLI, but nowhere for HSMs.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,368 questions
0 comments
Accepted answer
  1. JamesTran-MSFT 36,796 Reputation points Microsoft Employee
    2024-01-26T19:04:55.7166667+00:00

    @hashimotor

    Thank you for your post and I apologize for the delayed response!

    When it comes to getting a list of all your Azure Key Vault Managed HSMs both in an active or deleted state (not purged), you can leverage the Az.KeyVault PowerShell commands.

    • Note: You can run these commands from Azure Cloud Shell or from Azure PowerShell on your desktop.

    Get all managed HSMs in your current subscription:

    Get-AzKeyVaultManagedHsm

Name    Resource Group Name Location SKU        ProvisioningState Security Domain ActivationStatus
----    ------------------- -------- ---        ----------------- --------------------------------
myhsm   test-rg              eastus   StandardB1 Succeeded         Active

    List deleted managed HSMs:

    Get-AzKeyVaultManagedHsm -InRemovedState

Name                     Location      DeletionDate           ScheduledPurgeDate    Purge Protection Enabled?
----                     --------      ------------           ------------------    -------------------------
xxxxxxxx-mhsm-4op2n2g4xe eastus2       12/30/2021 2:29:00 AM  3/30/2022 2:29:00 AM  True
xxxxxxx-mhsm-ertopo7tnxa westus        12/29/2021 11:48:42 PM 3/29/2022 11:48:42 PM True
xxxxxxx-mhsm-gg66fgctz67 westus        12/29/2021 11:48:42 PM 3/29/2022 11:48:42 PM False
xxxxxxx-mhsm-2m5jiop6mfo westcentralus 12/30/2021 12:26:14 AM 3/30/2022 12:26:14 AM True

    To check the status of soft-delete and purge protection for a managed HSM:

    Get-AzKeyVaultManagedHsm -Name "ContosoHSM"

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    1 deleted comment

    Comments have been turned off. Learn more

  2. Hervé Dafflon | Sweetsport 0 Reputation points
    2025-02-03T14:34:36.5233333+00:00

    This answer doesn't work the command is not recognized

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.