Microsoft.KeyVault vaults/keys 2020-04-01-preview
Remarks
For guidance on using key vaults for secure values, see Manage secrets by using Bicep.
For a quickstart on creating a secret, see Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template.
For a quickstart on creating a key, see Quickstart: Create an Azure key vault and a key by using ARM template.
Bicep resource definition
The vaults/keys resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/vaults/keys resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.KeyVault/vaults/keys@2020-04-01-preview' = {
parent: resourceSymbolicName
name: 'string'
properties: {
attributes: {
enabled: bool
exp: int
nbf: int
}
curveName: 'string'
keyOps: [
'string'
]
keySize: int
kty: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
KeyAttributes
| Name | Description | Value |
|---|---|---|
| enabled | Determines whether or not the object is enabled. | bool |
| exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
| nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
KeyCreateParametersTags
| Name | Description | Value |
|---|
KeyProperties
| Name | Description | Value |
|---|---|---|
| attributes | The attributes of the key. | KeyAttributes |
| curveName | The elliptic curve name. For valid values, see JsonWebKeyCurveName. | 'P-256' 'P-256K' 'P-384' 'P-521' |
| keyOps | String array containing any of: 'decrypt' 'encrypt' 'import' 'sign' 'unwrapKey' 'verify' 'wrapKey' |
|
| keySize | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | int |
| kty | The type of the key. For valid values, see JsonWebKeyType. | 'EC' 'EC-HSM' 'RSA' 'RSA-HSM' |
Microsoft.KeyVault/vaults/keys
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]{1,127}$ (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: vaults |
| properties | The properties of the key to be created. | KeyProperties (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Azure Storage Account Encryption with customer-managed key | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
ARM template resource definition
The vaults/keys resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/vaults/keys resource, add the following JSON to your template.
{
"type": "Microsoft.KeyVault/vaults/keys",
"apiVersion": "2020-04-01-preview",
"name": "string",
"properties": {
"attributes": {
"enabled": "bool",
"exp": "int",
"nbf": "int"
},
"curveName": "string",
"keyOps": [ "string" ],
"keySize": "int",
"kty": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
KeyAttributes
| Name | Description | Value |
|---|---|---|
| enabled | Determines whether or not the object is enabled. | bool |
| exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
| nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
KeyCreateParametersTags
| Name | Description | Value |
|---|
KeyProperties
| Name | Description | Value |
|---|---|---|
| attributes | The attributes of the key. | KeyAttributes |
| curveName | The elliptic curve name. For valid values, see JsonWebKeyCurveName. | 'P-256' 'P-256K' 'P-384' 'P-521' |
| keyOps | String array containing any of: 'decrypt' 'encrypt' 'import' 'sign' 'unwrapKey' 'verify' 'wrapKey' |
|
| keySize | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | int |
| kty | The type of the key. For valid values, see JsonWebKeyType. | 'EC' 'EC-HSM' 'RSA' 'RSA-HSM' |
Microsoft.KeyVault/vaults/keys
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2020-04-01-preview' |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]{1,127}$ (required) |
| properties | The properties of the key to be created. | KeyProperties (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.KeyVault/vaults/keys' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Azure Storage Account Encryption with customer-managed key |
This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
| Create a Key in Azure KeyVault |
This module allows you to create a key in an existing KeyVault. |
Terraform (AzAPI provider) resource definition
The vaults/keys resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KeyVault/vaults/keys resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.KeyVault/vaults/keys@2020-04-01-preview"
name = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
attributes = {
enabled = bool
exp = int
nbf = int
}
curveName = "string"
keyOps = [
"string"
]
keySize = int
kty = "string"
}
})
}
Property values
KeyAttributes
| Name | Description | Value |
|---|---|---|
| enabled | Determines whether or not the object is enabled. | bool |
| exp | Expiry date in seconds since 1970-01-01T00:00:00Z. | int |
| nbf | Not before date in seconds since 1970-01-01T00:00:00Z. | int |
KeyCreateParametersTags
| Name | Description | Value |
|---|
KeyProperties
| Name | Description | Value |
|---|---|---|
| attributes | The attributes of the key. | KeyAttributes |
| curveName | The elliptic curve name. For valid values, see JsonWebKeyCurveName. | 'P-256' 'P-256K' 'P-384' 'P-521' |
| keyOps | String array containing any of: 'decrypt' 'encrypt' 'import' 'sign' 'unwrapKey' 'verify' 'wrapKey' |
|
| keySize | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | int |
| kty | The type of the key. For valid values, see JsonWebKeyType. | 'EC' 'EC-HSM' 'RSA' 'RSA-HSM' |
Microsoft.KeyVault/vaults/keys
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]{1,127}$ (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: vaults |
| properties | The properties of the key to be created. | KeyProperties (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.KeyVault/vaults/keys@2020-04-01-preview" |