Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.keyvault.getKeyVault
Explore with Pulumi AI
Use this data source to access information about an existing Key Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.keyvault.getKeyVault({
name: "mykeyvault",
resourceGroupName: "some-resource-group",
});
export const vaultUri = example.then(example => example.vaultUri);
import pulumi
import pulumi_azure as azure
example = azure.keyvault.get_key_vault(name="mykeyvault",
resource_group_name="some-resource-group")
pulumi.export("vaultUri", example.vault_uri)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
Name: "mykeyvault",
ResourceGroupName: "some-resource-group",
}, nil)
if err != nil {
return err
}
ctx.Export("vaultUri", example.VaultUri)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.KeyVault.GetKeyVault.Invoke(new()
{
Name = "mykeyvault",
ResourceGroupName = "some-resource-group",
});
return new Dictionary<string, object?>
{
["vaultUri"] = example.Apply(getKeyVaultResult => getKeyVaultResult.VaultUri),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
.name("mykeyvault")
.resourceGroupName("some-resource-group")
.build());
ctx.export("vaultUri", example.applyValue(getKeyVaultResult -> getKeyVaultResult.vaultUri()));
}
}
variables:
example:
fn::invoke:
function: azure:keyvault:getKeyVault
arguments:
name: mykeyvault
resourceGroupName: some-resource-group
outputs:
vaultUri: ${example.vaultUri}
Using getKeyVault
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKeyVault(args: GetKeyVaultArgs, opts?: InvokeOptions): Promise<GetKeyVaultResult>
function getKeyVaultOutput(args: GetKeyVaultOutputArgs, opts?: InvokeOptions): Output<GetKeyVaultResult>def get_key_vault(name: Optional[str] = None,
resource_group_name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKeyVaultResult
def get_key_vault_output(name: Optional[pulumi.Input[str]] = None,
resource_group_name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKeyVaultResult]func LookupKeyVault(ctx *Context, args *LookupKeyVaultArgs, opts ...InvokeOption) (*LookupKeyVaultResult, error)
func LookupKeyVaultOutput(ctx *Context, args *LookupKeyVaultOutputArgs, opts ...InvokeOption) LookupKeyVaultResultOutput> Note: This function is named LookupKeyVault in the Go SDK.
public static class GetKeyVault
{
public static Task<GetKeyVaultResult> InvokeAsync(GetKeyVaultArgs args, InvokeOptions? opts = null)
public static Output<GetKeyVaultResult> Invoke(GetKeyVaultInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKeyVaultResult> getKeyVault(GetKeyVaultArgs args, InvokeOptions options)
public static Output<GetKeyVaultResult> getKeyVault(GetKeyVaultArgs args, InvokeOptions options)
fn::invoke:
function: azure:keyvault/getKeyVault:getKeyVault
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
- Specifies the name of the Key Vault.
- Resource
Group stringName - The name of the Resource Group in which the Key Vault exists.
- Name string
- Specifies the name of the Key Vault.
- Resource
Group stringName - The name of the Resource Group in which the Key Vault exists.
- name String
- Specifies the name of the Key Vault.
- resource
Group StringName - The name of the Resource Group in which the Key Vault exists.
- name string
- Specifies the name of the Key Vault.
- resource
Group stringName - The name of the Resource Group in which the Key Vault exists.
- name str
- Specifies the name of the Key Vault.
- resource_
group_ strname - The name of the Resource Group in which the Key Vault exists.
- name String
- Specifies the name of the Key Vault.
- resource
Group StringName - The name of the Resource Group in which the Key Vault exists.
getKeyVault Result
The following output properties are available:
- Access
Policies List<GetKey Vault Access Policy> - One or more
access_policyblocks as defined below. - bool
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- Enabled
For boolDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- Enabled
For boolDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- Enabled
For boolTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- The Azure Region in which the Key Vault exists.
- Name string
- Network
Acls List<GetKey Vault Network Acl> - Public
Network boolAccess Enabled - Is public network access enabled on this Key Vault?
- Purge
Protection boolEnabled - Is purge protection enabled on this Key Vault?
- Resource
Group stringName - Sku
Name string - The Name of the SKU used for this Key Vault.
- Dictionary<string, string>
- A mapping of tags assigned to the Key Vault.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- Access
Policies []GetKey Vault Access Policy - One or more
access_policyblocks as defined below. - bool
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- Enabled
For boolDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- Enabled
For boolDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- Enabled
For boolTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- The Azure Region in which the Key Vault exists.
- Name string
- Network
Acls []GetKey Vault Network Acl - Public
Network boolAccess Enabled - Is public network access enabled on this Key Vault?
- Purge
Protection boolEnabled - Is purge protection enabled on this Key Vault?
- Resource
Group stringName - Sku
Name string - The Name of the SKU used for this Key Vault.
- map[string]string
- A mapping of tags assigned to the Key Vault.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- access
Policies List<GetKey Vault Access Policy> - One or more
access_policyblocks as defined below. - Boolean
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled
For BooleanDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled
For BooleanDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled
For BooleanTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- The Azure Region in which the Key Vault exists.
- name String
- network
Acls List<GetKey Vault Network Acl> - public
Network BooleanAccess Enabled - Is public network access enabled on this Key Vault?
- purge
Protection BooleanEnabled - Is purge protection enabled on this Key Vault?
- resource
Group StringName - sku
Name String - The Name of the SKU used for this Key Vault.
- Map<String,String>
- A mapping of tags assigned to the Key Vault.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
- access
Policies GetKey Vault Access Policy[] - One or more
access_policyblocks as defined below. - boolean
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled
For booleanDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled
For booleanDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled
For booleanTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id string
- The provider-assigned unique ID for this managed resource.
- location string
- The Azure Region in which the Key Vault exists.
- name string
- network
Acls GetKey Vault Network Acl[] - public
Network booleanAccess Enabled - Is public network access enabled on this Key Vault?
- purge
Protection booleanEnabled - Is purge protection enabled on this Key Vault?
- resource
Group stringName - sku
Name string - The Name of the SKU used for this Key Vault.
- {[key: string]: string}
- A mapping of tags assigned to the Key Vault.
- tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- access_
policies Sequence[GetKey Vault Access Policy] - One or more
access_policyblocks as defined below. - bool
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled_
for_ booldeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled_
for_ booldisk_ encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled_
for_ booltemplate_ deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id str
- The provider-assigned unique ID for this managed resource.
- location str
- The Azure Region in which the Key Vault exists.
- name str
- network_
acls Sequence[GetKey Vault Network Acl] - public_
network_ boolaccess_ enabled - Is public network access enabled on this Key Vault?
- purge_
protection_ boolenabled - Is purge protection enabled on this Key Vault?
- resource_
group_ strname - sku_
name str - The Name of the SKU used for this Key Vault.
- Mapping[str, str]
- A mapping of tags assigned to the Key Vault.
- tenant_
id str - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault_
uri str - The URI of the vault for performing operations on keys and secrets.
- access
Policies List<Property Map> - One or more
access_policyblocks as defined below. - Boolean
- Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
- enabled
For BooleanDeployment - Can Azure Virtual Machines retrieve certificates stored as secrets from the Key Vault?
- enabled
For BooleanDisk Encryption - Can Azure Disk Encryption retrieve secrets from the Key Vault?
- enabled
For BooleanTemplate Deployment - Can Azure Resource Manager retrieve secrets from the Key Vault?
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- The Azure Region in which the Key Vault exists.
- name String
- network
Acls List<Property Map> - public
Network BooleanAccess Enabled - Is public network access enabled on this Key Vault?
- purge
Protection BooleanEnabled - Is purge protection enabled on this Key Vault?
- resource
Group StringName - sku
Name String - The Name of the SKU used for this Key Vault.
- Map<String>
- A mapping of tags assigned to the Key Vault.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
Supporting Types
GetKeyVaultAccessPolicy
- Application
Id string - The Object ID of a Azure Active Directory Application.
- Certificate
Permissions List<string> - A list of certificate permissions applicable to this Access Policy.
- Key
Permissions List<string> - A list of key permissions applicable to this Access Policy.
- Object
Id string - An Object ID of a User, Service Principal or Security Group.
- Secret
Permissions List<string> - A list of secret permissions applicable to this Access Policy.
- Storage
Permissions List<string> - A list of storage permissions applicable to this Access Policy.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- Application
Id string - The Object ID of a Azure Active Directory Application.
- Certificate
Permissions []string - A list of certificate permissions applicable to this Access Policy.
- Key
Permissions []string - A list of key permissions applicable to this Access Policy.
- Object
Id string - An Object ID of a User, Service Principal or Security Group.
- Secret
Permissions []string - A list of secret permissions applicable to this Access Policy.
- Storage
Permissions []string - A list of storage permissions applicable to this Access Policy.
- Tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application
Id String - The Object ID of a Azure Active Directory Application.
- certificate
Permissions List<String> - A list of certificate permissions applicable to this Access Policy.
- key
Permissions List<String> - A list of key permissions applicable to this Access Policy.
- object
Id String - An Object ID of a User, Service Principal or Security Group.
- secret
Permissions List<String> - A list of secret permissions applicable to this Access Policy.
- storage
Permissions List<String> - A list of storage permissions applicable to this Access Policy.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application
Id string - The Object ID of a Azure Active Directory Application.
- certificate
Permissions string[] - A list of certificate permissions applicable to this Access Policy.
- key
Permissions string[] - A list of key permissions applicable to this Access Policy.
- object
Id string - An Object ID of a User, Service Principal or Security Group.
- secret
Permissions string[] - A list of secret permissions applicable to this Access Policy.
- storage
Permissions string[] - A list of storage permissions applicable to this Access Policy.
- tenant
Id string - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application_
id str - The Object ID of a Azure Active Directory Application.
- certificate_
permissions Sequence[str] - A list of certificate permissions applicable to this Access Policy.
- key_
permissions Sequence[str] - A list of key permissions applicable to this Access Policy.
- object_
id str - An Object ID of a User, Service Principal or Security Group.
- secret_
permissions Sequence[str] - A list of secret permissions applicable to this Access Policy.
- storage_
permissions Sequence[str] - A list of storage permissions applicable to this Access Policy.
- tenant_
id str - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
- application
Id String - The Object ID of a Azure Active Directory Application.
- certificate
Permissions List<String> - A list of certificate permissions applicable to this Access Policy.
- key
Permissions List<String> - A list of key permissions applicable to this Access Policy.
- object
Id String - An Object ID of a User, Service Principal or Security Group.
- secret
Permissions List<String> - A list of secret permissions applicable to this Access Policy.
- storage
Permissions List<String> - A list of storage permissions applicable to this Access Policy.
- tenant
Id String - The Azure Active Directory Tenant ID used to authenticate requests for this Key Vault.
GetKeyVaultNetworkAcl
- Bypass string
- Default
Action string - Ip
Rules List<string> - Virtual
Network List<string>Subnet Ids
- Bypass string
- Default
Action string - Ip
Rules []string - Virtual
Network []stringSubnet Ids
- bypass String
- default
Action String - ip
Rules List<String> - virtual
Network List<String>Subnet Ids
- bypass string
- default
Action string - ip
Rules string[] - virtual
Network string[]Subnet Ids
- bypass str
- default_
action str - ip_
rules Sequence[str] - virtual_
network_ Sequence[str]subnet_ ids
- bypass String
- default
Action String - ip
Rules List<String> - virtual
Network List<String>Subnet Ids
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.