Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.keyvault.AccessPolicy
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
Key Vault Access Policy for managing policies on existing vaults.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:keyvault:AccessPolicy myresource1 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/accessPolicy/{policy.objectId}
Create AccessPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);@overload
def AccessPolicy(resource_name: str,
args: AccessPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy: Optional[AccessPolicyEntryArgs] = None,
resource_group_name: Optional[str] = None,
vault_name: Optional[str] = None)func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
public AccessPolicy(String name, AccessPolicyArgs args)
public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
type: azure-native:keyvault:AccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azure_nativeAccessPolicyResource = new AzureNative.KeyVault.AccessPolicy("azure-nativeAccessPolicyResource", new()
{
Policy = new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
{
ObjectId = "string",
Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
{
Certificates = new[]
{
"string",
},
Keys = new[]
{
"string",
},
Secrets = new[]
{
"string",
},
Storage = new[]
{
"string",
},
},
TenantId = "string",
ApplicationId = "string",
},
ResourceGroupName = "string",
VaultName = "string",
});
example, err := keyvault.NewAccessPolicy(ctx, "azure-nativeAccessPolicyResource", &keyvault.AccessPolicyArgs{
Policy: &keyvault.AccessPolicyEntryArgs{
ObjectId: pulumi.String("string"),
Permissions: &keyvault.PermissionsArgs{
Certificates: pulumi.StringArray{
pulumi.String("string"),
},
Keys: pulumi.StringArray{
pulumi.String("string"),
},
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Storage: pulumi.StringArray{
pulumi.String("string"),
},
},
TenantId: pulumi.String("string"),
ApplicationId: pulumi.String("string"),
},
ResourceGroupName: pulumi.String("string"),
VaultName: pulumi.String("string"),
})
var azure_nativeAccessPolicyResource = new AccessPolicy("azure-nativeAccessPolicyResource", AccessPolicyArgs.builder()
.policy(AccessPolicyEntryArgs.builder()
.objectId("string")
.permissions(PermissionsArgs.builder()
.certificates("string")
.keys("string")
.secrets("string")
.storage("string")
.build())
.tenantId("string")
.applicationId("string")
.build())
.resourceGroupName("string")
.vaultName("string")
.build());
azure_native_access_policy_resource = azure_native.keyvault.AccessPolicy("azure-nativeAccessPolicyResource",
policy={
"object_id": "string",
"permissions": {
"certificates": ["string"],
"keys": ["string"],
"secrets": ["string"],
"storage": ["string"],
},
"tenant_id": "string",
"application_id": "string",
},
resource_group_name="string",
vault_name="string")
const azure_nativeAccessPolicyResource = new azure_native.keyvault.AccessPolicy("azure-nativeAccessPolicyResource", {
policy: {
objectId: "string",
permissions: {
certificates: ["string"],
keys: ["string"],
secrets: ["string"],
storage: ["string"],
},
tenantId: "string",
applicationId: "string",
},
resourceGroupName: "string",
vaultName: "string",
});
type: azure-native:keyvault:AccessPolicy
properties:
policy:
applicationId: string
objectId: string
permissions:
certificates:
- string
keys:
- string
secrets:
- string
storage:
- string
tenantId: string
resourceGroupName: string
vaultName: string
AccessPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessPolicy resource accepts the following input properties:
- Policy
Pulumi.
Azure Native. Key Vault. Inputs. Access Policy Entry - The definition of the access policy.
- Resource
Group stringName - Name of the resource group that contains the vault.
- Vault
Name string - Name of the Key Vault.
- Policy
Access
Policy Entry Args - The definition of the access policy.
- Resource
Group stringName - Name of the resource group that contains the vault.
- Vault
Name string - Name of the Key Vault.
- policy
Access
Policy Entry - The definition of the access policy.
- resource
Group StringName - Name of the resource group that contains the vault.
- vault
Name String - Name of the Key Vault.
- policy
Access
Policy Entry - The definition of the access policy.
- resource
Group stringName - Name of the resource group that contains the vault.
- vault
Name string - Name of the Key Vault.
- policy
Access
Policy Entry Args - The definition of the access policy.
- resource_
group_ strname - Name of the resource group that contains the vault.
- vault_
name str - Name of the Key Vault.
- policy Property Map
- The definition of the access policy.
- resource
Group StringName - Name of the resource group that contains the vault.
- vault
Name String - Name of the Key Vault.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
AccessPolicyEntry, AccessPolicyEntryArgs
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
Pulumi.
Azure Native. Key Vault. Inputs. Permissions - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
- object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id string - Application ID of the client making request on behalf of a principal
- object_
id str - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Permissions
- Permissions the identity has for keys, secrets and certificates.
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application_
id str - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Property Map
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
CertificatePermissions, CertificatePermissionsArgs
- All
- all
- @Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Certificate
Permissions All - all
- Certificate
Permissions Get - get
- Certificate
Permissions List - list
- Certificate
Permissions Delete - delete
- Certificate
Permissions Create - create
- Certificate
Permissions Import - import
- Certificate
Permissions Update - update
- Certificate
Permissions Managecontacts - managecontacts
- Certificate
Permissions Getissuers - getissuers
- Certificate
Permissions Listissuers - listissuers
- Certificate
Permissions Setissuers - setissuers
- Certificate
Permissions Deleteissuers - deleteissuers
- Certificate
Permissions Manageissuers - manageissuers
- Certificate
Permissions Recover - recover
- Certificate
Permissions Purge - purge
- Certificate
Permissions Backup - backup
- Certificate
Permissions Restore - restore
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import_
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Create
- create
- Import
- import
- Update
- update
- Managecontacts
- managecontacts
- Getissuers
- getissuers
- Listissuers
- listissuers
- Setissuers
- setissuers
- Deleteissuers
- deleteissuers
- Manageissuers
- manageissuers
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- ALL
- all
- GET
- get
- LIST
- list
- DELETE
- delete
- CREATE
- create
- IMPORT_
- import
- UPDATE
- update
- MANAGECONTACTS
- managecontacts
- GETISSUERS
- getissuers
- LISTISSUERS
- listissuers
- SETISSUERS
- setissuers
- DELETEISSUERS
- deleteissuers
- MANAGEISSUERS
- manageissuers
- RECOVER
- recover
- PURGE
- purge
- BACKUP
- backup
- RESTORE
- restore
- "all"
- all
- "get"
- get
- "list"
- list
- "delete"
- delete
- "create"
- create
- "import"
- import
- "update"
- update
- "managecontacts"
- managecontacts
- "getissuers"
- getissuers
- "listissuers"
- listissuers
- "setissuers"
- setissuers
- "deleteissuers"
- deleteissuers
- "manageissuers"
- manageissuers
- "recover"
- recover
- "purge"
- purge
- "backup"
- backup
- "restore"
- restore
KeyPermissions, KeyPermissionsArgs
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- @Get
- get
- List
- list
- Create
- create
- Update
- update
- Import
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Release
- release
- Rotate
- rotate
- Getrotationpolicy
- getrotationpolicy
- Setrotationpolicy
- setrotationpolicy
- Key
Permissions All - all
- Key
Permissions Encrypt - encrypt
- Key
Permissions Decrypt - decrypt
- Key
Permissions Wrap Key - wrapKey
- Key
Permissions Unwrap Key - unwrapKey
- Key
Permissions Sign - sign
- Key
Permissions Verify - verify
- Key
Permissions Get - get
- Key
Permissions List - list
- Key
Permissions Create - create
- Key
Permissions Update - update
- Key
Permissions Import - import
- Key
Permissions Delete - delete
- Key
Permissions Backup - backup
- Key
Permissions Restore - restore
- Key
Permissions Recover - recover
- Key
Permissions Purge - purge
- Key
Permissions Release - release
- Key
Permissions Rotate - rotate
- Key
Permissions Getrotationpolicy - getrotationpolicy
- Key
Permissions Setrotationpolicy - setrotationpolicy
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- Get
- get
- List
- list
- Create
- create
- Update
- update
- Import_
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Release
- release
- Rotate
- rotate
- Getrotationpolicy
- getrotationpolicy
- Setrotationpolicy
- setrotationpolicy
- All
- all
- Encrypt
- encrypt
- Decrypt
- decrypt
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Sign
- sign
- Verify
- verify
- Get
- get
- List
- list
- Create
- create
- Update
- update
- Import
- import
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Release
- release
- Rotate
- rotate
- Getrotationpolicy
- getrotationpolicy
- Setrotationpolicy
- setrotationpolicy
- ALL
- all
- ENCRYPT
- encrypt
- DECRYPT
- decrypt
- WRAP_KEY
- wrapKey
- UNWRAP_KEY
- unwrapKey
- SIGN
- sign
- VERIFY
- verify
- GET
- get
- LIST
- list
- CREATE
- create
- UPDATE
- update
- IMPORT_
- import
- DELETE
- delete
- BACKUP
- backup
- RESTORE
- restore
- RECOVER
- recover
- PURGE
- purge
- RELEASE
- release
- ROTATE
- rotate
- GETROTATIONPOLICY
- getrotationpolicy
- SETROTATIONPOLICY
- setrotationpolicy
- "all"
- all
- "encrypt"
- encrypt
- "decrypt"
- decrypt
- "wrap
Key" - wrapKey
- "unwrap
Key" - unwrapKey
- "sign"
- sign
- "verify"
- verify
- "get"
- get
- "list"
- list
- "create"
- create
- "update"
- update
- "import"
- import
- "delete"
- delete
- "backup"
- backup
- "restore"
- restore
- "recover"
- recover
- "purge"
- purge
- "release"
- release
- "rotate"
- rotate
- "getrotationpolicy"
- getrotationpolicy
- "setrotationpolicy"
- setrotationpolicy
Permissions, PermissionsArgs
- Certificates
List<Union<string, Pulumi.
Azure Native. Key Vault. Certificate Permissions>> - Permissions to certificates
- Keys
List<Union<string, Pulumi.
Azure Native. Key Vault. Key Permissions>> - Permissions to keys
- Secrets
List<Union<string, Pulumi.
Azure Native. Key Vault. Secret Permissions>> - Permissions to secrets
- Storage
List<Union<string, Pulumi.
Azure Native. Key Vault. Storage Permissions>> - Permissions to storage accounts
- Certificates []string
- Permissions to certificates
- Keys []string
- Permissions to keys
- Secrets []string
- Permissions to secrets
- Storage []string
- Permissions to storage accounts
- certificates
List<Either<String,Certificate
Permissions>> - Permissions to certificates
- keys
List<Either<String,Key
Permissions>> - Permissions to keys
- secrets
List<Either<String,Secret
Permissions>> - Permissions to secrets
- storage
List<Either<String,Storage
Permissions>> - Permissions to storage accounts
- certificates
(string | Certificate
Permissions)[] - Permissions to certificates
- keys
(string | Key
Permissions)[] - Permissions to keys
- secrets
(string | Secret
Permissions)[] - Permissions to secrets
- storage
(string | Storage
Permissions)[] - Permissions to storage accounts
- certificates
Sequence[Union[str, Certificate
Permissions]] - Permissions to certificates
- keys
Sequence[Union[str, Key
Permissions]] - Permissions to keys
- secrets
Sequence[Union[str, Secret
Permissions]] - Permissions to secrets
- storage
Sequence[Union[str, Storage
Permissions]] - Permissions to storage accounts
- certificates List<String | "all" | "get" | "list" | "delete" | "create" | "import" | "update" | "managecontacts" | "getissuers" | "listissuers" | "setissuers" | "deleteissuers" | "manageissuers" | "recover" | "purge" | "backup" | "restore">
- Permissions to certificates
- keys
List<String | "all" | "encrypt" | "decrypt" | "wrap
Key" | "unwrap Key" | "sign" | "verify" | "get" | "list" | "create" | "update" | "import" | "delete" | "backup" | "restore" | "recover" | "purge" | "release" | "rotate" | "getrotationpolicy" | "setrotationpolicy"> - Permissions to keys
- secrets List<String | "all" | "get" | "list" | "set" | "delete" | "backup" | "restore" | "recover" | "purge">
- Permissions to secrets
- storage List<String | "all" | "get" | "list" | "delete" | "set" | "update" | "regeneratekey" | "recover" | "purge" | "backup" | "restore" | "setsas" | "listsas" | "getsas" | "deletesas">
- Permissions to storage accounts
SecretPermissions, SecretPermissionsArgs
- All
- all
- @Get
- get
- List
- list
- @Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- Secret
Permissions All - all
- Secret
Permissions Get - get
- Secret
Permissions List - list
- Secret
Permissions Set - set
- Secret
Permissions Delete - delete
- Secret
Permissions Backup - backup
- Secret
Permissions Restore - restore
- Secret
Permissions Recover - recover
- Secret
Permissions Purge - purge
- All
- all
- Get
- get
- List
- list
- Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- All
- all
- Get
- get
- List
- list
- Set
- set
- Delete
- delete
- Backup
- backup
- Restore
- restore
- Recover
- recover
- Purge
- purge
- ALL
- all
- GET
- get
- LIST
- list
- SET
- set
- DELETE
- delete
- BACKUP
- backup
- RESTORE
- restore
- RECOVER
- recover
- PURGE
- purge
- "all"
- all
- "get"
- get
- "list"
- list
- "set"
- set
- "delete"
- delete
- "backup"
- backup
- "restore"
- restore
- "recover"
- recover
- "purge"
- purge
StoragePermissions, StoragePermissionsArgs
- All
- all
- @Get
- get
- List
- list
- Delete
- delete
- @Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- Storage
Permissions All - all
- Storage
Permissions Get - get
- Storage
Permissions List - list
- Storage
Permissions Delete - delete
- Storage
Permissions Set - set
- Storage
Permissions Update - update
- Storage
Permissions Regeneratekey - regeneratekey
- Storage
Permissions Recover - recover
- Storage
Permissions Purge - purge
- Storage
Permissions Backup - backup
- Storage
Permissions Restore - restore
- Storage
Permissions Setsas - setsas
- Storage
Permissions Listsas - listsas
- Storage
Permissions Getsas - getsas
- Storage
Permissions Deletesas - deletesas
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- All
- all
- Get
- get
- List
- list
- Delete
- delete
- Set
- set
- Update
- update
- Regeneratekey
- regeneratekey
- Recover
- recover
- Purge
- purge
- Backup
- backup
- Restore
- restore
- Setsas
- setsas
- Listsas
- listsas
- Getsas
- getsas
- Deletesas
- deletesas
- ALL
- all
- GET
- get
- LIST
- list
- DELETE
- delete
- SET
- set
- UPDATE
- update
- REGENERATEKEY
- regeneratekey
- RECOVER
- recover
- PURGE
- purge
- BACKUP
- backup
- RESTORE
- restore
- SETSAS
- setsas
- LISTSAS
- listsas
- GETSAS
- getsas
- DELETESAS
- deletesas
- "all"
- all
- "get"
- get
- "list"
- list
- "delete"
- delete
- "set"
- set
- "update"
- update
- "regeneratekey"
- regeneratekey
- "recover"
- recover
- "purge"
- purge
- "backup"
- backup
- "restore"
- restore
- "setsas"
- setsas
- "listsas"
- listsas
- "getsas"
- getsas
- "deletesas"
- deletesas
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi