Update-AzKeyVaultManagedHsm
Update the state of an Azure managed HSM.
Syntax
Update-AzKeyVaultManagedHsm
-Name <String>
-ResourceGroupName <String>
[-EnablePurgeProtection]
[-PublicNetworkAccess <String>]
[-UserAssignedIdentity <String[]>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Update-AzKeyVaultManagedHsm
-InputObject <PSManagedHsm>
[-EnablePurgeProtection]
[-PublicNetworkAccess <String>]
[-UserAssignedIdentity <String[]>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Update-AzKeyVaultManagedHsm
-ResourceId <String>
[-EnablePurgeProtection]
[-PublicNetworkAccess <String>]
[-UserAssignedIdentity <String[]>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Description
This cmdlet updates the state of an Azure managed HSM.
Examples
Example 1: Update a managed Hsm directly
Update-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName -Tag @{testKey="testValue"} | Format-List
Managed HSM Name : testmhsm
Resource Group Name : testmhsm
Location : eastus2euap
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testmhsm/provid
ers/Microsoft.KeyVault/managedHSMs/testmhsm
HSM Pool URI :
Tenant ID : xxxxxx-xxxx-xxxx-xxxxxxxxxxxx
Initial Admin Object Ids : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
SKU : StandardB1
Soft Delete Enabled? : True
Enabled Purge Protection? : False
Soft Delete Retention Period (days) : 90
Provisioning State : Provisioning
Status Message : Resource creation in progress. Starting service...
Tags :
Name Value
==== =====
testKey testValued
Updates tags for the managed Hsm named $hsmName
in resource group $resourceGroupName
.
Example 2: Update a managed Hsm using piping
Get-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName | Update-AzKeyVaultManagedHsm -Tag @{testKey="testValue"}
Updates tags for the managed Hsm using piping syntax.
Example 3: Enable purge protection for a managed Hsm
Update-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName -EnablePurgeProtection | Format-List
Managed HSM Name : testmhsm
Resource Group Name : test-rg
Location : eastus
Resource ID : /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourceGroups/test-rg/provide
rs/Microsoft.KeyVault/managedHSMs/testmhsm
HSM Pool URI :
Tenant ID : aaaabbbb-0000-cccc-1111-dddd2222eeee
Initial Admin Object Ids : {xxxxxx9e-5be9-4f43-abd2-xxxxxxxxxxxx}
SKU : StandardB1
Soft Delete Enabled? : True
Enabled Purge Protection? : True
Soft Delete Retention Period (days) : 70
Provisioning State : Succeeded
Status Message : The Managed HSM is provisioned and ready to use.
Tags :
Enables purge protection for the managed Hsm named $hsmName
in resource group $resourceGroupName
.
Example 4: Update user assigned identity for a managed Hsm
Update-AzKeyVaultManagedHsm -Name testmhsm -ResourceGroupName test-rg -UserAssignedIdentity /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bez-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/bez-id02 | Format-List
Managed HSM Name : testmshm
Resource Group Name : test-rg
Location : eastus2euap
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg/pro
viders/Microsoft.KeyVault/managedHSMs/testmhsm
HSM Pool URI :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Initial Admin Object Ids : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
SKU : StandardB1
Soft Delete Enabled? : True
Enabled Purge Protection? : False
Soft Delete Retention Period (days) : 70
Public Network Access : Enabled
IdentityType : UserAssigned
UserAssignedIdentities : /subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName
Provisioning State : Succeeded
Status Message : The Managed HSM is provisioned and ready to use.
Security Domain ActivationStatus : Active
Security Domain ActivationStatusMessage : Your HSM has been activated and can be used for cryptographic operations.
Regions :
Tags
This command adds an user assigned identity for the managed Hsm named testmshm
in resource group test-rg
.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EnablePurgeProtection
specifying whether protection against purge is enabled for this managed HSM pool. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Managed HSM object.
Type: | PSManagedHsm |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
Name of the managed HSM.
Type: | String |
Aliases: | HsmName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PublicNetworkAccess
Controls permission for data plane traffic coming from public networks while private endpoint is enabled.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
Name of the resource group.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceId
Resource ID of the managed HSM.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Tag
A hash table which represents resource tags.
Type: | Hashtable |
Aliases: | Tags |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-UserAssignedIdentity
The set of user assigned identities associated with the managed HSM. Its value will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |