Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.keyvault.Key
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
The key resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-09-01.
Other available API versions: 2023-07-01, 2024-04-01-preview, 2024-11-01, 2024-12-01-preview.
Example Usage
Create a key
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var key = new AzureNative.KeyVault.Key("key", new()
{
KeyName = "sample-key-name",
Properties = new AzureNative.KeyVault.Inputs.KeyPropertiesArgs
{
Kty = AzureNative.KeyVault.JsonWebKeyType.RSA,
},
ResourceGroupName = "sample-group",
VaultName = "sample-vault-name",
});
});
package main
import (
keyvault "github.com/pulumi/pulumi-azure-native-sdk/keyvault/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keyvault.NewKey(ctx, "key", &keyvault.KeyArgs{
KeyName: pulumi.String("sample-key-name"),
Properties: &keyvault.KeyPropertiesArgs{
Kty: pulumi.String(keyvault.JsonWebKeyTypeRSA),
},
ResourceGroupName: pulumi.String("sample-group"),
VaultName: pulumi.String("sample-vault-name"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.keyvault.Key;
import com.pulumi.azurenative.keyvault.KeyArgs;
import com.pulumi.azurenative.keyvault.inputs.KeyPropertiesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new Key("key", KeyArgs.builder()
.keyName("sample-key-name")
.properties(KeyPropertiesArgs.builder()
.kty("RSA")
.build())
.resourceGroupName("sample-group")
.vaultName("sample-vault-name")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const key = new azure_native.keyvault.Key("key", {
keyName: "sample-key-name",
properties: {
kty: azure_native.keyvault.JsonWebKeyType.RSA,
},
resourceGroupName: "sample-group",
vaultName: "sample-vault-name",
});
import pulumi
import pulumi_azure_native as azure_native
key = azure_native.keyvault.Key("key",
key_name="sample-key-name",
properties={
"kty": azure_native.keyvault.JsonWebKeyType.RSA,
},
resource_group_name="sample-group",
vault_name="sample-vault-name")
resources:
key:
type: azure-native:keyvault:Key
properties:
keyName: sample-key-name
properties:
kty: RSA
resourceGroupName: sample-group
vaultName: sample-vault-name
Create Key Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);@overload
def Key(resource_name: str,
args: KeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Key(resource_name: str,
opts: Optional[ResourceOptions] = None,
properties: Optional[KeyPropertiesArgs] = None,
resource_group_name: Optional[str] = None,
vault_name: Optional[str] = None,
key_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)type: azure-native:keyvault:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var keyResource = new AzureNative.KeyVault.Key("keyResource", new()
{
Properties = new AzureNative.KeyVault.Inputs.KeyPropertiesArgs
{
Attributes = new AzureNative.KeyVault.Inputs.KeyAttributesArgs
{
Enabled = false,
Expires = 0,
Exportable = false,
NotBefore = 0,
},
CurveName = "string",
KeyOps = new[]
{
"string",
},
KeySize = 0,
Kty = "string",
ReleasePolicy = new AzureNative.KeyVault.Inputs.KeyReleasePolicyArgs
{
ContentType = "string",
Data = "string",
},
RotationPolicy = new AzureNative.KeyVault.Inputs.RotationPolicyArgs
{
Attributes = new AzureNative.KeyVault.Inputs.KeyRotationPolicyAttributesArgs
{
ExpiryTime = "string",
},
LifetimeActions = new[]
{
new AzureNative.KeyVault.Inputs.LifetimeActionArgs
{
Action = new AzureNative.KeyVault.Inputs.ActionArgs
{
Type = AzureNative.KeyVault.KeyRotationPolicyActionType.Rotate,
},
Trigger = new AzureNative.KeyVault.Inputs.TriggerArgs
{
TimeAfterCreate = "string",
TimeBeforeExpiry = "string",
},
},
},
},
},
ResourceGroupName = "string",
VaultName = "string",
KeyName = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewKey(ctx, "keyResource", &keyvault.KeyArgs{
Properties: &keyvault.KeyPropertiesArgs{
Attributes: &keyvault.KeyAttributesArgs{
Enabled: pulumi.Bool(false),
Expires: pulumi.Float64(0),
Exportable: pulumi.Bool(false),
NotBefore: pulumi.Float64(0),
},
CurveName: pulumi.String("string"),
KeyOps: pulumi.StringArray{
pulumi.String("string"),
},
KeySize: pulumi.Int(0),
Kty: pulumi.String("string"),
ReleasePolicy: &keyvault.KeyReleasePolicyArgs{
ContentType: pulumi.String("string"),
Data: pulumi.String("string"),
},
RotationPolicy: &keyvault.RotationPolicyArgs{
Attributes: &keyvault.KeyRotationPolicyAttributesArgs{
ExpiryTime: pulumi.String("string"),
},
LifetimeActions: keyvault.LifetimeActionArray{
&keyvault.LifetimeActionArgs{
Action: &keyvault.ActionArgs{
Type: keyvault.KeyRotationPolicyActionTypeRotate,
},
Trigger: &keyvault.TriggerArgs{
TimeAfterCreate: pulumi.String("string"),
TimeBeforeExpiry: pulumi.String("string"),
},
},
},
},
},
ResourceGroupName: pulumi.String("string"),
VaultName: pulumi.String("string"),
KeyName: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var keyResource = new Key("keyResource", KeyArgs.builder()
.properties(KeyPropertiesArgs.builder()
.attributes(KeyAttributesArgs.builder()
.enabled(false)
.expires(0)
.exportable(false)
.notBefore(0)
.build())
.curveName("string")
.keyOps("string")
.keySize(0)
.kty("string")
.releasePolicy(KeyReleasePolicyArgs.builder()
.contentType("string")
.data("string")
.build())
.rotationPolicy(RotationPolicyArgs.builder()
.attributes(KeyRotationPolicyAttributesArgs.builder()
.expiryTime("string")
.build())
.lifetimeActions(LifetimeActionArgs.builder()
.action(ActionArgs.builder()
.type("Rotate")
.build())
.trigger(TriggerArgs.builder()
.timeAfterCreate("string")
.timeBeforeExpiry("string")
.build())
.build())
.build())
.build())
.resourceGroupName("string")
.vaultName("string")
.keyName("string")
.tags(Map.of("string", "string"))
.build());
key_resource = azure_native.keyvault.Key("keyResource",
properties={
"attributes": {
"enabled": False,
"expires": 0,
"exportable": False,
"not_before": 0,
},
"curve_name": "string",
"key_ops": ["string"],
"key_size": 0,
"kty": "string",
"release_policy": {
"content_type": "string",
"data": "string",
},
"rotation_policy": {
"attributes": {
"expiry_time": "string",
},
"lifetime_actions": [{
"action": {
"type": azure_native.keyvault.KeyRotationPolicyActionType.ROTATE,
},
"trigger": {
"time_after_create": "string",
"time_before_expiry": "string",
},
}],
},
},
resource_group_name="string",
vault_name="string",
key_name="string",
tags={
"string": "string",
})
const keyResource = new azure_native.keyvault.Key("keyResource", {
properties: {
attributes: {
enabled: false,
expires: 0,
exportable: false,
notBefore: 0,
},
curveName: "string",
keyOps: ["string"],
keySize: 0,
kty: "string",
releasePolicy: {
contentType: "string",
data: "string",
},
rotationPolicy: {
attributes: {
expiryTime: "string",
},
lifetimeActions: [{
action: {
type: azure_native.keyvault.KeyRotationPolicyActionType.Rotate,
},
trigger: {
timeAfterCreate: "string",
timeBeforeExpiry: "string",
},
}],
},
},
resourceGroupName: "string",
vaultName: "string",
keyName: "string",
tags: {
string: "string",
},
});
type: azure-native:keyvault:Key
properties:
keyName: string
properties:
attributes:
enabled: false
expires: 0
exportable: false
notBefore: 0
curveName: string
keyOps:
- string
keySize: 0
kty: string
releasePolicy:
contentType: string
data: string
rotationPolicy:
attributes:
expiryTime: string
lifetimeActions:
- action:
type: Rotate
trigger:
timeAfterCreate: string
timeBeforeExpiry: string
resourceGroupName: string
tags:
string: string
vaultName: string
Key Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Key resource accepts the following input properties:
- Properties
Pulumi.
Azure Native. Key Vault. Inputs. Key Properties - The properties of the key to be created.
- Resource
Group stringName - The name of the resource group which contains the specified key vault.
- Vault
Name string - The name of the key vault which contains the key to be created.
- Key
Name string - The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Dictionary<string, string>
- The tags that will be assigned to the key.
- Properties
Key
Properties Args - The properties of the key to be created.
- Resource
Group stringName - The name of the resource group which contains the specified key vault.
- Vault
Name string - The name of the key vault which contains the key to be created.
- Key
Name string - The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- map[string]string
- The tags that will be assigned to the key.
- properties
Key
Properties - The properties of the key to be created.
- resource
Group StringName - The name of the resource group which contains the specified key vault.
- vault
Name String - The name of the key vault which contains the key to be created.
- key
Name String - The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Map<String,String>
- The tags that will be assigned to the key.
- properties
Key
Properties - The properties of the key to be created.
- resource
Group stringName - The name of the resource group which contains the specified key vault.
- vault
Name string - The name of the key vault which contains the key to be created.
- key
Name string - The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- {[key: string]: string}
- The tags that will be assigned to the key.
- properties
Key
Properties Args - The properties of the key to be created.
- resource_
group_ strname - The name of the resource group which contains the specified key vault.
- vault_
name str - The name of the key vault which contains the key to be created.
- key_
name str - The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Mapping[str, str]
- The tags that will be assigned to the key.
- properties Property Map
- The properties of the key to be created.
- resource
Group StringName - The name of the resource group which contains the specified key vault.
- vault
Name String - The name of the key vault which contains the key to be created.
- key
Name String - The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information.
- Map<String>
- The tags that will be assigned to the key.
Outputs
All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Uri string - The URI to retrieve the current version of the key.
- Key
Uri stringWith Version - The URI to retrieve the specific version of the key.
- Location string
- Azure location of the key vault resource.
- Name string
- Name of the key vault resource.
- Type string
- Resource type of the key vault resource.
- Attributes
Pulumi.
Azure Native. Key Vault. Outputs. Key Attributes Response - The attributes of the key.
- Curve
Name string - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- Key
Ops List<string> - Key
Size int - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- Kty string
- The type of the key. For valid values, see JsonWebKeyType.
- Release
Policy Pulumi.Azure Native. Key Vault. Outputs. Key Release Policy Response - Key release policy in response. It will be used for both output and input. Omitted if empty
- Rotation
Policy Pulumi.Azure Native. Key Vault. Outputs. Rotation Policy Response - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Uri string - The URI to retrieve the current version of the key.
- Key
Uri stringWith Version - The URI to retrieve the specific version of the key.
- Location string
- Azure location of the key vault resource.
- Name string
- Name of the key vault resource.
- Type string
- Resource type of the key vault resource.
- Attributes
Key
Attributes Response - The attributes of the key.
- Curve
Name string - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- Key
Ops []string - Key
Size int - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- Kty string
- The type of the key. For valid values, see JsonWebKeyType.
- Release
Policy KeyRelease Policy Response - Key release policy in response. It will be used for both output and input. Omitted if empty
- Rotation
Policy RotationPolicy Response - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- id String
- The provider-assigned unique ID for this managed resource.
- key
Uri String - The URI to retrieve the current version of the key.
- key
Uri StringWith Version - The URI to retrieve the specific version of the key.
- location String
- Azure location of the key vault resource.
- name String
- Name of the key vault resource.
- type String
- Resource type of the key vault resource.
- attributes
Key
Attributes Response - The attributes of the key.
- curve
Name String - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key
Ops List<String> - key
Size Integer - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty String
- The type of the key. For valid values, see JsonWebKeyType.
- release
Policy KeyRelease Policy Response - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation
Policy RotationPolicy Response - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- id string
- The provider-assigned unique ID for this managed resource.
- key
Uri string - The URI to retrieve the current version of the key.
- key
Uri stringWith Version - The URI to retrieve the specific version of the key.
- location string
- Azure location of the key vault resource.
- name string
- Name of the key vault resource.
- type string
- Resource type of the key vault resource.
- attributes
Key
Attributes Response - The attributes of the key.
- curve
Name string - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key
Ops string[] - key
Size number - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty string
- The type of the key. For valid values, see JsonWebKeyType.
- release
Policy KeyRelease Policy Response - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation
Policy RotationPolicy Response - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- id str
- The provider-assigned unique ID for this managed resource.
- key_
uri str - The URI to retrieve the current version of the key.
- key_
uri_ strwith_ version - The URI to retrieve the specific version of the key.
- location str
- Azure location of the key vault resource.
- name str
- Name of the key vault resource.
- type str
- Resource type of the key vault resource.
- attributes
Key
Attributes Response - The attributes of the key.
- curve_
name str - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key_
ops Sequence[str] - key_
size int - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty str
- The type of the key. For valid values, see JsonWebKeyType.
- release_
policy KeyRelease Policy Response - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation_
policy RotationPolicy Response - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- id String
- The provider-assigned unique ID for this managed resource.
- key
Uri String - The URI to retrieve the current version of the key.
- key
Uri StringWith Version - The URI to retrieve the specific version of the key.
- location String
- Azure location of the key vault resource.
- name String
- Name of the key vault resource.
- type String
- Resource type of the key vault resource.
- attributes Property Map
- The attributes of the key.
- curve
Name String - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key
Ops List<String> - key
Size Number - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty String
- The type of the key. For valid values, see JsonWebKeyType.
- release
Policy Property Map - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation
Policy Property Map - Key rotation policy in response. It will be used for both output and input. Omitted if empty
Supporting Types
Action, ActionArgs
- Type
Pulumi.
Azure Native. Key Vault. Key Rotation Policy Action Type - The type of the action. The value should be compared case-insensitively.
- Type
Key
Rotation Policy Action Type - The type of the action. The value should be compared case-insensitively.
- type
Key
Rotation Policy Action Type - The type of the action. The value should be compared case-insensitively.
- type
Key
Rotation Policy Action Type - The type of the action. The value should be compared case-insensitively.
- type
Key
Rotation Policy Action Type - The type of the action. The value should be compared case-insensitively.
- type "Rotate" | "Notify"
- The type of the action. The value should be compared case-insensitively.
ActionResponse, ActionResponseArgs
- Type string
- The type of the action. The value should be compared case-insensitively.
- Type string
- The type of the action. The value should be compared case-insensitively.
- type String
- The type of the action. The value should be compared case-insensitively.
- type string
- The type of the action. The value should be compared case-insensitively.
- type str
- The type of the action. The value should be compared case-insensitively.
- type String
- The type of the action. The value should be compared case-insensitively.
JsonWebKeyCurveName, JsonWebKeyCurveNameArgs
- P_256
- P-256
- P_384
- P-384
- P_521
- P-521
- P_256K
- P-256K
- Json
Web Key Curve Name_P_256 - P-256
- Json
Web Key Curve Name_P_384 - P-384
- Json
Web Key Curve Name_P_521 - P-521
- Json
Web Key Curve Name_P_256K - P-256K
- P256
- P-256
- P384
- P-384
- P521
- P-521
- P256K
- P-256K
- P_256
- P-256
- P_384
- P-384
- P_521
- P-521
- P_256K
- P-256K
- P_256
- P-256
- P_384
- P-384
- P_521
- P-521
- P_256_K
- P-256K
- "P-256"
- P-256
- "P-384"
- P-384
- "P-521"
- P-521
- "P-256K"
- P-256K
JsonWebKeyOperation, JsonWebKeyOperationArgs
- Encrypt
- encrypt
- Decrypt
- decrypt
- Sign
- sign
- Verify
- verify
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Import
- import
- Release
- release
- Json
Web Key Operation Encrypt - encrypt
- Json
Web Key Operation Decrypt - decrypt
- Json
Web Key Operation Sign - sign
- Json
Web Key Operation Verify - verify
- Json
Web Key Operation Wrap Key - wrapKey
- Json
Web Key Operation Unwrap Key - unwrapKey
- Json
Web Key Operation Import - import
- Json
Web Key Operation Release - release
- Encrypt
- encrypt
- Decrypt
- decrypt
- Sign
- sign
- Verify
- verify
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Import_
- import
- Release
- release
- Encrypt
- encrypt
- Decrypt
- decrypt
- Sign
- sign
- Verify
- verify
- Wrap
Key - wrapKey
- Unwrap
Key - unwrapKey
- Import
- import
- Release
- release
- ENCRYPT
- encrypt
- DECRYPT
- decrypt
- SIGN
- sign
- VERIFY
- verify
- WRAP_KEY
- wrapKey
- UNWRAP_KEY
- unwrapKey
- IMPORT_
- import
- RELEASE
- release
- "encrypt"
- encrypt
- "decrypt"
- decrypt
- "sign"
- sign
- "verify"
- verify
- "wrap
Key" - wrapKey
- "unwrap
Key" - unwrapKey
- "import"
- import
- "release"
- release
JsonWebKeyType, JsonWebKeyTypeArgs
- EC
- EC
- EC_HSM
- EC-HSM
- RSA
- RSA
- RSA_HSM
- RSA-HSM
- Json
Web Key Type EC - EC
- Json
Web Key Type_EC_HSM - EC-HSM
- Json
Web Key Type RSA - RSA
- Json
Web Key Type_RSA_HSM - RSA-HSM
- EC
- EC
- ECHSM
- EC-HSM
- RSA
- RSA
- RSAHSM
- RSA-HSM
- EC
- EC
- EC_HSM
- EC-HSM
- RSA
- RSA
- RSA_HSM
- RSA-HSM
- EC
- EC
- E_C_HSM
- EC-HSM
- RSA
- RSA
- RS_A_HSM
- RSA-HSM
- "EC"
- EC
- "EC-HSM"
- EC-HSM
- "RSA"
- RSA
- "RSA-HSM"
- RSA-HSM
KeyAttributes, KeyAttributesArgs
- Enabled bool
- Determines whether or not the object is enabled.
- Expires double
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- Exportable bool
- Indicates if the private key can be exported.
- Not
Before double - Not before date in seconds since 1970-01-01T00:00:00Z.
- Enabled bool
- Determines whether or not the object is enabled.
- Expires float64
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- Exportable bool
- Indicates if the private key can be exported.
- Not
Before float64 - Not before date in seconds since 1970-01-01T00:00:00Z.
- enabled Boolean
- Determines whether or not the object is enabled.
- expires Double
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable Boolean
- Indicates if the private key can be exported.
- not
Before Double - Not before date in seconds since 1970-01-01T00:00:00Z.
- enabled boolean
- Determines whether or not the object is enabled.
- expires number
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable boolean
- Indicates if the private key can be exported.
- not
Before number - Not before date in seconds since 1970-01-01T00:00:00Z.
- enabled bool
- Determines whether or not the object is enabled.
- expires float
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable bool
- Indicates if the private key can be exported.
- not_
before float - Not before date in seconds since 1970-01-01T00:00:00Z.
- enabled Boolean
- Determines whether or not the object is enabled.
- expires Number
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable Boolean
- Indicates if the private key can be exported.
- not
Before Number - Not before date in seconds since 1970-01-01T00:00:00Z.
KeyAttributesResponse, KeyAttributesResponseArgs
- Created double
- Creation time in seconds since 1970-01-01T00:00:00Z.
- Recovery
Level string - The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
- Updated double
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- Enabled bool
- Determines whether or not the object is enabled.
- Expires double
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- Exportable bool
- Indicates if the private key can be exported.
- Not
Before double - Not before date in seconds since 1970-01-01T00:00:00Z.
- Created float64
- Creation time in seconds since 1970-01-01T00:00:00Z.
- Recovery
Level string - The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
- Updated float64
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- Enabled bool
- Determines whether or not the object is enabled.
- Expires float64
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- Exportable bool
- Indicates if the private key can be exported.
- Not
Before float64 - Not before date in seconds since 1970-01-01T00:00:00Z.
- created Double
- Creation time in seconds since 1970-01-01T00:00:00Z.
- recovery
Level String - The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
- updated Double
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled Boolean
- Determines whether or not the object is enabled.
- expires Double
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable Boolean
- Indicates if the private key can be exported.
- not
Before Double - Not before date in seconds since 1970-01-01T00:00:00Z.
- created number
- Creation time in seconds since 1970-01-01T00:00:00Z.
- recovery
Level string - The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
- updated number
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled boolean
- Determines whether or not the object is enabled.
- expires number
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable boolean
- Indicates if the private key can be exported.
- not
Before number - Not before date in seconds since 1970-01-01T00:00:00Z.
- created float
- Creation time in seconds since 1970-01-01T00:00:00Z.
- recovery_
level str - The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
- updated float
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled bool
- Determines whether or not the object is enabled.
- expires float
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable bool
- Indicates if the private key can be exported.
- not_
before float - Not before date in seconds since 1970-01-01T00:00:00Z.
- created Number
- Creation time in seconds since 1970-01-01T00:00:00Z.
- recovery
Level String - The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
- updated Number
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- enabled Boolean
- Determines whether or not the object is enabled.
- expires Number
- Expiry date in seconds since 1970-01-01T00:00:00Z.
- exportable Boolean
- Indicates if the private key can be exported.
- not
Before Number - Not before date in seconds since 1970-01-01T00:00:00Z.
KeyProperties, KeyPropertiesArgs
- Attributes
Pulumi.
Azure Native. Key Vault. Inputs. Key Attributes - The attributes of the key.
- Curve
Name string | Pulumi.Azure Native. Key Vault. Json Web Key Curve Name - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- Key
Ops List<Union<string, Pulumi.Azure Native. Key Vault. Json Web Key Operation>> - Key
Size int - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- Kty
string | Pulumi.
Azure Native. Key Vault. Json Web Key Type - The type of the key. For valid values, see JsonWebKeyType.
- Release
Policy Pulumi.Azure Native. Key Vault. Inputs. Key Release Policy - Key release policy in response. It will be used for both output and input. Omitted if empty
- Rotation
Policy Pulumi.Azure Native. Key Vault. Inputs. Rotation Policy - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- Attributes
Key
Attributes - The attributes of the key.
- Curve
Name string | JsonWeb Key Curve Name - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- Key
Ops []string - Key
Size int - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- Kty
string | Json
Web Key Type - The type of the key. For valid values, see JsonWebKeyType.
- Release
Policy KeyRelease Policy - Key release policy in response. It will be used for both output and input. Omitted if empty
- Rotation
Policy RotationPolicy - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- attributes
Key
Attributes - The attributes of the key.
- curve
Name String | JsonWeb Key Curve Name - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key
Ops List<Either<String,JsonWeb Key Operation>> - key
Size Integer - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty
String | Json
Web Key Type - The type of the key. For valid values, see JsonWebKeyType.
- release
Policy KeyRelease Policy - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation
Policy RotationPolicy - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- attributes
Key
Attributes - The attributes of the key.
- curve
Name string | JsonWeb Key Curve Name - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key
Ops (string | JsonWeb Key Operation)[] - key
Size number - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty
string | Json
Web Key Type - The type of the key. For valid values, see JsonWebKeyType.
- release
Policy KeyRelease Policy - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation
Policy RotationPolicy - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- attributes
Key
Attributes - The attributes of the key.
- curve_
name str | JsonWeb Key Curve Name - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key_
ops Sequence[Union[str, JsonWeb Key Operation]] - key_
size int - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty
str | Json
Web Key Type - The type of the key. For valid values, see JsonWebKeyType.
- release_
policy KeyRelease Policy - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation_
policy RotationPolicy - Key rotation policy in response. It will be used for both output and input. Omitted if empty
- attributes Property Map
- The attributes of the key.
- curve
Name String | "P-256" | "P-384" | "P-521" | "P-256K" - The elliptic curve name. For valid values, see JsonWebKeyCurveName.
- key
Ops List<String | "encrypt" | "decrypt" | "sign" | "verify" | "wrapKey" | "unwrap Key" | "import" | "release"> - key
Size Number - The key size in bits. For example: 2048, 3072, or 4096 for RSA.
- kty String | "EC" | "EC-HSM" | "RSA" | "RSA-HSM"
- The type of the key. For valid values, see JsonWebKeyType.
- release
Policy Property Map - Key release policy in response. It will be used for both output and input. Omitted if empty
- rotation
Policy Property Map - Key rotation policy in response. It will be used for both output and input. Omitted if empty
KeyReleasePolicy, KeyReleasePolicyArgs
- Content
Type string - Content type and version of key release policy
- Data string
- Blob encoding the policy rules under which the key can be released.
- Content
Type string - Content type and version of key release policy
- Data string
- Blob encoding the policy rules under which the key can be released.
- content
Type String - Content type and version of key release policy
- data String
- Blob encoding the policy rules under which the key can be released.
- content
Type string - Content type and version of key release policy
- data string
- Blob encoding the policy rules under which the key can be released.
- content_
type str - Content type and version of key release policy
- data str
- Blob encoding the policy rules under which the key can be released.
- content
Type String - Content type and version of key release policy
- data String
- Blob encoding the policy rules under which the key can be released.
KeyReleasePolicyResponse, KeyReleasePolicyResponseArgs
- Content
Type string - Content type and version of key release policy
- Data string
- Blob encoding the policy rules under which the key can be released.
- Content
Type string - Content type and version of key release policy
- Data string
- Blob encoding the policy rules under which the key can be released.
- content
Type String - Content type and version of key release policy
- data String
- Blob encoding the policy rules under which the key can be released.
- content
Type string - Content type and version of key release policy
- data string
- Blob encoding the policy rules under which the key can be released.
- content_
type str - Content type and version of key release policy
- data str
- Blob encoding the policy rules under which the key can be released.
- content
Type String - Content type and version of key release policy
- data String
- Blob encoding the policy rules under which the key can be released.
KeyRotationPolicyActionType, KeyRotationPolicyActionTypeArgs
- Rotate
- RotateRotate the key based on the key policy.
- Notify
- NotifyTrigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
- Key
Rotation Policy Action Type Rotate - RotateRotate the key based on the key policy.
- Key
Rotation Policy Action Type Notify - NotifyTrigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
- Rotate
- RotateRotate the key based on the key policy.
- Notify
- NotifyTrigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
- Rotate
- RotateRotate the key based on the key policy.
- Notify
- NotifyTrigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
- ROTATE
- RotateRotate the key based on the key policy.
- NOTIFY
- NotifyTrigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
- "Rotate"
- RotateRotate the key based on the key policy.
- "Notify"
- NotifyTrigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.
KeyRotationPolicyAttributes, KeyRotationPolicyAttributesArgs
- Expiry
Time string - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- Expiry
Time string - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- expiry
Time String - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- expiry
Time string - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- expiry_
time str - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- expiry
Time String - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
KeyRotationPolicyAttributesResponse, KeyRotationPolicyAttributesResponseArgs
- Created double
- Creation time in seconds since 1970-01-01T00:00:00Z.
- Updated double
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- Expiry
Time string - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- Created float64
- Creation time in seconds since 1970-01-01T00:00:00Z.
- Updated float64
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- Expiry
Time string - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- created Double
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated Double
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- expiry
Time String - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- created number
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated number
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- expiry
Time string - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- created float
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated float
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- expiry_
time str - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
- created Number
- Creation time in seconds since 1970-01-01T00:00:00Z.
- updated Number
- Last updated time in seconds since 1970-01-01T00:00:00Z.
- expiry
Time String - The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.
LifetimeAction, LifetimeActionArgs
- Action
Pulumi.
Azure Native. Key Vault. Inputs. Action - The action of key rotation policy lifetimeAction.
- Trigger
Pulumi.
Azure Native. Key Vault. Inputs. Trigger - The trigger of key rotation policy lifetimeAction.
- action Property Map
- The action of key rotation policy lifetimeAction.
- trigger Property Map
- The trigger of key rotation policy lifetimeAction.
LifetimeActionResponse, LifetimeActionResponseArgs
- Action
Pulumi.
Azure Native. Key Vault. Inputs. Action Response - The action of key rotation policy lifetimeAction.
- Trigger
Pulumi.
Azure Native. Key Vault. Inputs. Trigger Response - The trigger of key rotation policy lifetimeAction.
- Action
Action
Response - The action of key rotation policy lifetimeAction.
- Trigger
Trigger
Response - The trigger of key rotation policy lifetimeAction.
- action
Action
Response - The action of key rotation policy lifetimeAction.
- trigger
Trigger
Response - The trigger of key rotation policy lifetimeAction.
- action
Action
Response - The action of key rotation policy lifetimeAction.
- trigger
Trigger
Response - The trigger of key rotation policy lifetimeAction.
- action
Action
Response - The action of key rotation policy lifetimeAction.
- trigger
Trigger
Response - The trigger of key rotation policy lifetimeAction.
- action Property Map
- The action of key rotation policy lifetimeAction.
- trigger Property Map
- The trigger of key rotation policy lifetimeAction.
RotationPolicy, RotationPolicyArgs
- Attributes
Pulumi.
Azure Native. Key Vault. Inputs. Key Rotation Policy Attributes - The attributes of key rotation policy.
- Lifetime
Actions List<Pulumi.Azure Native. Key Vault. Inputs. Lifetime Action> - The lifetimeActions for key rotation action.
- Attributes
Key
Rotation Policy Attributes - The attributes of key rotation policy.
- Lifetime
Actions []LifetimeAction - The lifetimeActions for key rotation action.
- attributes
Key
Rotation Policy Attributes - The attributes of key rotation policy.
- lifetime
Actions List<LifetimeAction> - The lifetimeActions for key rotation action.
- attributes
Key
Rotation Policy Attributes - The attributes of key rotation policy.
- lifetime
Actions LifetimeAction[] - The lifetimeActions for key rotation action.
- attributes
Key
Rotation Policy Attributes - The attributes of key rotation policy.
- lifetime_
actions Sequence[LifetimeAction] - The lifetimeActions for key rotation action.
- attributes Property Map
- The attributes of key rotation policy.
- lifetime
Actions List<Property Map> - The lifetimeActions for key rotation action.
RotationPolicyResponse, RotationPolicyResponseArgs
- Attributes
Pulumi.
Azure Native. Key Vault. Inputs. Key Rotation Policy Attributes Response - The attributes of key rotation policy.
- Lifetime
Actions List<Pulumi.Azure Native. Key Vault. Inputs. Lifetime Action Response> - The lifetimeActions for key rotation action.
- Attributes
Key
Rotation Policy Attributes Response - The attributes of key rotation policy.
- Lifetime
Actions []LifetimeAction Response - The lifetimeActions for key rotation action.
- attributes
Key
Rotation Policy Attributes Response - The attributes of key rotation policy.
- lifetime
Actions List<LifetimeAction Response> - The lifetimeActions for key rotation action.
- attributes
Key
Rotation Policy Attributes Response - The attributes of key rotation policy.
- lifetime
Actions LifetimeAction Response[] - The lifetimeActions for key rotation action.
- attributes
Key
Rotation Policy Attributes Response - The attributes of key rotation policy.
- lifetime_
actions Sequence[LifetimeAction Response] - The lifetimeActions for key rotation action.
- attributes Property Map
- The attributes of key rotation policy.
- lifetime
Actions List<Property Map> - The lifetimeActions for key rotation action.
Trigger, TriggerArgs
- Time
After stringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- Time
Before stringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- Time
After stringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- Time
Before stringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
After StringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
Before StringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
After stringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
Before stringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time_
after_ strcreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time_
before_ strexpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
After StringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
Before StringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
TriggerResponse, TriggerResponseArgs
- Time
After stringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- Time
Before stringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- Time
After stringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- Time
Before stringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
After StringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
Before StringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
After stringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
Before stringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time_
after_ strcreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time_
before_ strexpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
After StringCreate - The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
- time
Before StringExpiry - The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:keyvault:Key sample-key-name /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/keys/{keyName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi