Microsoft.KeyVault vaults/keys 2020-04-01-preview
Bicep resource definition
The vaults/keys resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For guidance on using key vaults for secure values, see Manage secrets by using Bicep.
For a quickstart on creating a secret, see Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template.
For a quickstart on creating a key, see Quickstart: Create an Azure key vault and a key by using ARM template.
Resource format
To create a Microsoft.KeyVault/vaults/keys resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.KeyVault/vaults/keys@2020-04-01-preview' = {
name: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
parent: resourceSymbolicName
properties: {
attributes: {
enabled: bool
exp: int
nbf: int
}
curveName: 'string'
keyOps: [
'string'
]
keySize: int
kty: 'string'
}
}
Property values
vaults/keys
Name | Description | Value |
---|---|---|
name | The resource name See how to set names and types for child resources in Bicep. |
string (required) |
tags | The tags that will be assigned to the key. | Dictionary of tag names and values. See Tags in templates |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: vaults |
properties | The properties of the key to be created. | KeyProperties (required) |
KeyProperties
Name | Description | Value |
---|---|---|
attributes | The attributes of the key. | KeyAttributes |
curveName | The elliptic curve name. For valid values, see JsonWebKeyCurveName. | 'P-256' 'P-256K' 'P-384' 'P-521' |
keyOps | String array containing any of: 'decrypt' 'encrypt' 'import' 'sign' 'unwrapKey' 'verify' 'wrapKey' |
|
keySize | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | int |
kty | The type of the key. For valid values, see JsonWebKeyType. | 'EC' 'EC-HSM' 'RSA' 'RSA-HSM' |
KeyAttributes
Name | Description | Value |
---|---|---|
enabled | Determines whether or not the object is enabled. | bool |
exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create a Key in Azure KeyVault |
This module allows you to create a key in an existing KeyVault. |
Azure Storage Account Encryption with customer-managed key |
This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
ARM template resource definition
The vaults/keys resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For guidance on using key vaults for secure values, see Manage secrets by using Bicep.
For a quickstart on creating a secret, see Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template.
For a quickstart on creating a key, see Quickstart: Create an Azure key vault and a key by using ARM template.
Resource format
To create a Microsoft.KeyVault/vaults/keys resource, add the following JSON to your template.
{
"type": "Microsoft.KeyVault/vaults/keys",
"apiVersion": "2020-04-01-preview",
"name": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"properties": {
"attributes": {
"enabled": "bool",
"exp": "int",
"nbf": "int"
},
"curveName": "string",
"keyOps": [ "string" ],
"keySize": "int",
"kty": "string"
}
}
Property values
vaults/keys
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.KeyVault/vaults/keys' |
apiVersion | The resource api version | '2020-04-01-preview' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
tags | The tags that will be assigned to the key. | Dictionary of tag names and values. See Tags in templates |
properties | The properties of the key to be created. | KeyProperties (required) |
KeyProperties
Name | Description | Value |
---|---|---|
attributes | The attributes of the key. | KeyAttributes |
curveName | The elliptic curve name. For valid values, see JsonWebKeyCurveName. | 'P-256' 'P-256K' 'P-384' 'P-521' |
keyOps | String array containing any of: 'decrypt' 'encrypt' 'import' 'sign' 'unwrapKey' 'verify' 'wrapKey' |
|
keySize | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | int |
kty | The type of the key. For valid values, see JsonWebKeyType. | 'EC' 'EC-HSM' 'RSA' 'RSA-HSM' |
KeyAttributes
Name | Description | Value |
---|---|---|
enabled | Determines whether or not the object is enabled. | bool |
exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create a Key in Azure KeyVault |
This module allows you to create a key in an existing KeyVault. |
Azure Storage Account Encryption with customer-managed key |
This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
Terraform (AzAPI provider) resource definition
The vaults/keys resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/vaults/keys resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.KeyVault/vaults/keys@2020-04-01-preview"
name = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
attributes = {
enabled = bool
exp = int
nbf = int
}
curveName = "string"
keyOps = [
"string"
]
keySize = int
kty = "string"
}
})
}
Property values
vaults/keys
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.KeyVault/vaults/keys@2020-04-01-preview" |
name | The resource name | string (required) |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: vaults |
tags | The tags that will be assigned to the key. | Dictionary of tag names and values. |
properties | The properties of the key to be created. | KeyProperties (required) |
KeyProperties
Name | Description | Value |
---|---|---|
attributes | The attributes of the key. | KeyAttributes |
curveName | The elliptic curve name. For valid values, see JsonWebKeyCurveName. | "P-256" "P-256K" "P-384" "P-521" |
keyOps | String array containing any of: "decrypt" "encrypt" "import" "sign" "unwrapKey" "verify" "wrapKey" |
|
keySize | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | int |
kty | The type of the key. For valid values, see JsonWebKeyType. | "EC" "EC-HSM" "RSA" "RSA-HSM" |
KeyAttributes
Name | Description | Value |
---|---|---|
enabled | Determines whether or not the object is enabled. | bool |
exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |