Editar

Compartilhar via


Import-AzKeyVaultSecurityDomain

Imports previously exported security domain data to a managed HSM.

Syntax

Import-AzKeyVaultSecurityDomain
      -Name <String>
      -Keys <KeyPath[]>
      -SecurityDomainPath <String>
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]
Import-AzKeyVaultSecurityDomain
      -Name <String>
      -SecurityDomainPath <String>
      [-ImportRestoredBlob]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]
Import-AzKeyVaultSecurityDomain
      -Name <String>
      -OutFile <String>
      [-Force]
      [-DownloadExchangeKey]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]
Import-AzKeyVaultSecurityDomain
      -InputObject <PSKeyVaultIdentityItem>
      -Keys <KeyPath[]>
      -SecurityDomainPath <String>
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]
Import-AzKeyVaultSecurityDomain
      -Keys <KeyPath[]>
      -SecurityDomainPath <String>
      -OutFile <String>
      -ExchangeKeyPath <String>
      [-Force]
      [-RestoreBlob]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]

Description

This cmdlet imports previously exported security domain data to a managed HSM.

Examples

Example 1: Import Security domain

$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -Keys $keys -SecurityDomainPath sd.ps.json

First, the keys need be provided to decrypt the security domain data. Then, The Import-AzKeyVaultSecurityDomain command restores previous backed up security domain data to a managed HSM using these keys.

Example 2: Import Security domain by separate steps

$exchangeKeyOutputPath = "ExchangeKey.cer"
$SecurityDomainRestoredBlob = "HsmRestoreBlob.json"
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -OutFile $exchangeKeyOutputPath -DownloadExchangeKey 
Import-AzKeyVaultSecurityDomain -Keys $keys -ExchangeKeyPath  $exchangeKeyPath -SecurityDomainPath sd.ps.json -OutFile sd_restored.ps.json -RestoreBlob
Import-AzKeyVaultSecurityDomain -Name testmhsm -SecurityDomainPath $SecurityDomainRestoredBlob -ImportRestoredBlob

First, an exchange key should be downloaded by adding -DownloadExchangeKey. Then, the security domain data should be decrypted locally using key pairs and encrypted using generated exchange key by adding -RestoreBlob. Finally, the restored security domain data can be imported to a managed HSM using -ImportRestoredBlob.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DownloadExchangeKey

When specified, an exchange key will be downloaded to specified path.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ExchangeKeyPath

Local path of exchange key used to encrypt the security domain data. Generated by running Import-AzKeyVaultSecurityDomain with -DownloadExchangeKey.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Force

Specify whether to overwrite existing file.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ImportRestoredBlob

When specified, SecurityDomainPath should be encrypted security domain data generated by Restore-AzKeyVaultSecurityDomainBlob.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Object representing a managed HSM.

Type:PSKeyVaultIdentityItem
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Keys

Information about the keys that are used to decrypt the security domain data. See examples for how it is constructed.

Type:KeyPath[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Name

Name of the managed HSM.

Type:String
Aliases:HsmName
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-OutFile

Local file path to store the security domain encrypted with the exchange key.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

When specified, a boolean will be returned when cmdlet succeeds.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RestoreBlob

When specified, the security domain data will be decrypted and encrypted using generated ExchangeKey locally.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SecurityDomainPath

Specify the path to the encrypted security domain data.

Type:String
Aliases:Path
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SubscriptionId

The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSKeyVaultIdentityItem

Outputs

Boolean