keyvault.azure.com/v1api20210401preview
keyvault.azure.com/v1api20210401preview
Package v1api20210401preview contains API Schema definitions for the keyvault v1api20210401preview API group
APIVersion
(string alias)
| Value | Description |
|---|---|
"2021-04-01-preview" |
AccessPolicyEntry
(Appears on:VaultProperties)
An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.
| Field | Description |
|---|---|
applicationIdstring |
ApplicationId: Application ID of the client making request on behalf of a principal |
applicationIdFromConfiggenruntime.ConfigMapReference |
ApplicationIdFromConfig: Application ID of the client making request on behalf of a principal |
objectIdstring |
ObjectId: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. |
objectIdFromConfiggenruntime.ConfigMapReference |
ObjectIdFromConfig: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. |
permissionsPermissions |
Permissions: Permissions the identity has for keys, secrets and certificates. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
tenantIdFromConfiggenruntime.ConfigMapReference |
TenantIdFromConfig: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
AccessPolicyEntry_ARM
(Appears on:VaultProperties_ARM)
An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.
| Field | Description |
|---|---|
applicationIdstring |
ApplicationId: Application ID of the client making request on behalf of a principal |
objectIdstring |
ObjectId: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. |
permissionsPermissions_ARM |
Permissions: Permissions the identity has for keys, secrets and certificates. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
AccessPolicyEntry_STATUS
(Appears on:VaultProperties_STATUS)
An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.
| Field | Description |
|---|---|
applicationIdstring |
ApplicationId: Application ID of the client making request on behalf of a principal |
objectIdstring |
ObjectId: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. |
permissionsPermissions_STATUS |
Permissions: Permissions the identity has for keys, secrets and certificates. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
AccessPolicyEntry_STATUS_ARM
(Appears on:VaultProperties_STATUS_ARM)
An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault’s tenant ID.
| Field | Description |
|---|---|
applicationIdstring |
ApplicationId: Application ID of the client making request on behalf of a principal |
objectIdstring |
ObjectId: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. |
permissionsPermissions_STATUS_ARM |
Permissions: Permissions the identity has for keys, secrets and certificates. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
IPRule
(Appears on:NetworkRuleSet)
A rule governing the accessibility of a vault from a specific ip address or ip range.
| Field | Description |
|---|---|
valuestring |
Value: An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). |
IPRule_ARM
(Appears on:NetworkRuleSet_ARM)
A rule governing the accessibility of a vault from a specific ip address or ip range.
| Field | Description |
|---|---|
valuestring |
Value: An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). |
IPRule_STATUS
(Appears on:NetworkRuleSet_STATUS)
A rule governing the accessibility of a vault from a specific ip address or ip range.
| Field | Description |
|---|---|
valuestring |
Value: An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). |
IPRule_STATUS_ARM
(Appears on:NetworkRuleSet_STATUS_ARM)
A rule governing the accessibility of a vault from a specific ip address or ip range.
| Field | Description |
|---|---|
valuestring |
Value: An IPv4 address range in CIDR notation, such as ‘124.56.78.91’ (simple IP address) or ‘124.56.78.0/24’ (all addresses that start with 124.56.78). |
IdentityType_STATUS
(string alias)
(Appears on:SystemData_STATUS, SystemData_STATUS_ARM)
The type of identity.
| Value | Description |
|---|---|
"Application" |
|
"Key" |
|
"ManagedIdentity" |
|
"User" |
NetworkRuleSet
(Appears on:VaultProperties)
A set of rules governing the network accessibility of a vault.
| Field | Description |
|---|---|
bypassNetworkRuleSet_Bypass |
Bypass: Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. |
defaultActionNetworkRuleSet_DefaultAction |
DefaultAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
ipRules[]IPRule |
IpRules: The list of IP address rules. |
virtualNetworkRules[]VirtualNetworkRule |
VirtualNetworkRules: The list of virtual network rules. |
NetworkRuleSet_ARM
(Appears on:VaultProperties_ARM)
A set of rules governing the network accessibility of a vault.
| Field | Description |
|---|---|
bypassNetworkRuleSet_Bypass |
Bypass: Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. |
defaultActionNetworkRuleSet_DefaultAction |
DefaultAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
ipRules[]IPRule_ARM |
IpRules: The list of IP address rules. |
virtualNetworkRules[]VirtualNetworkRule_ARM |
VirtualNetworkRules: The list of virtual network rules. |
NetworkRuleSet_Bypass
(string alias)
(Appears on:NetworkRuleSet, NetworkRuleSet_ARM)
| Value | Description |
|---|---|
"AzureServices" |
|
"None" |
NetworkRuleSet_Bypass_STATUS
(string alias)
(Appears on:NetworkRuleSet_STATUS, NetworkRuleSet_STATUS_ARM)
| Value | Description |
|---|---|
"AzureServices" |
|
"None" |
NetworkRuleSet_DefaultAction
(string alias)
(Appears on:NetworkRuleSet, NetworkRuleSet_ARM)
| Value | Description |
|---|---|
"Allow" |
|
"Deny" |
NetworkRuleSet_DefaultAction_STATUS
(string alias)
(Appears on:NetworkRuleSet_STATUS, NetworkRuleSet_STATUS_ARM)
| Value | Description |
|---|---|
"Allow" |
|
"Deny" |
NetworkRuleSet_STATUS
(Appears on:VaultProperties_STATUS)
A set of rules governing the network accessibility of a vault.
| Field | Description |
|---|---|
bypassNetworkRuleSet_Bypass_STATUS |
Bypass: Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. |
defaultActionNetworkRuleSet_DefaultAction_STATUS |
DefaultAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
ipRules[]IPRule_STATUS |
IpRules: The list of IP address rules. |
virtualNetworkRules[]VirtualNetworkRule_STATUS |
VirtualNetworkRules: The list of virtual network rules. |
NetworkRuleSet_STATUS_ARM
(Appears on:VaultProperties_STATUS_ARM)
A set of rules governing the network accessibility of a vault.
| Field | Description |
|---|---|
bypassNetworkRuleSet_Bypass_STATUS |
Bypass: Tells what traffic can bypass network rules. This can be ‘AzureServices’ or ‘None’. If not specified the default is ‘AzureServices’. |
defaultActionNetworkRuleSet_DefaultAction_STATUS |
DefaultAction: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
ipRules[]IPRule_STATUS_ARM |
IpRules: The list of IP address rules. |
virtualNetworkRules[]VirtualNetworkRule_STATUS_ARM |
VirtualNetworkRules: The list of virtual network rules. |
Permissions
(Appears on:AccessPolicyEntry)
Permissions the identity has for keys, secrets, certificates and storage.
| Field | Description |
|---|---|
certificates[]Permissions_Certificates |
Certificates: Permissions to certificates |
keys[]Permissions_Keys |
Keys: Permissions to keys |
secrets[]Permissions_Secrets |
Secrets: Permissions to secrets |
storage[]Permissions_Storage |
Storage: Permissions to storage accounts |
Permissions_ARM
(Appears on:AccessPolicyEntry_ARM)
Permissions the identity has for keys, secrets, certificates and storage.
| Field | Description |
|---|---|
certificates[]Permissions_Certificates |
Certificates: Permissions to certificates |
keys[]Permissions_Keys |
Keys: Permissions to keys |
secrets[]Permissions_Secrets |
Secrets: Permissions to secrets |
storage[]Permissions_Storage |
Storage: Permissions to storage accounts |
Permissions_Certificates
(string alias)
(Appears on:Permissions, Permissions_ARM)
| Value | Description |
|---|---|
"backup" |
|
"create" |
|
"delete" |
|
"deleteissuers" |
|
"get" |
|
"getissuers" |
|
"import" |
|
"list" |
|
"listissuers" |
|
"managecontacts" |
|
"manageissuers" |
|
"purge" |
|
"recover" |
|
"restore" |
|
"setissuers" |
|
"update" |
Permissions_Certificates_STATUS
(string alias)
(Appears on:Permissions_STATUS, Permissions_STATUS_ARM)
| Value | Description |
|---|---|
"backup" |
|
"create" |
|
"delete" |
|
"deleteissuers" |
|
"get" |
|
"getissuers" |
|
"import" |
|
"list" |
|
"listissuers" |
|
"managecontacts" |
|
"manageissuers" |
|
"purge" |
|
"recover" |
|
"restore" |
|
"setissuers" |
|
"update" |
Permissions_Keys
(string alias)
(Appears on:Permissions, Permissions_ARM)
| Value | Description |
|---|---|
"backup" |
|
"create" |
|
"decrypt" |
|
"delete" |
|
"encrypt" |
|
"get" |
|
"import" |
|
"list" |
|
"purge" |
|
"recover" |
|
"release" |
|
"restore" |
|
"sign" |
|
"unwrapKey" |
|
"update" |
|
"verify" |
|
"wrapKey" |
Permissions_Keys_STATUS
(string alias)
(Appears on:Permissions_STATUS, Permissions_STATUS_ARM)
| Value | Description |
|---|---|
"backup" |
|
"create" |
|
"decrypt" |
|
"delete" |
|
"encrypt" |
|
"get" |
|
"import" |
|
"list" |
|
"purge" |
|
"recover" |
|
"release" |
|
"restore" |
|
"sign" |
|
"unwrapKey" |
|
"update" |
|
"verify" |
|
"wrapKey" |
Permissions_STATUS
(Appears on:AccessPolicyEntry_STATUS)
Permissions the identity has for keys, secrets, certificates and storage.
| Field | Description |
|---|---|
certificates[]Permissions_Certificates_STATUS |
Certificates: Permissions to certificates |
keys[]Permissions_Keys_STATUS |
Keys: Permissions to keys |
secrets[]Permissions_Secrets_STATUS |
Secrets: Permissions to secrets |
storage[]Permissions_Storage_STATUS |
Storage: Permissions to storage accounts |
Permissions_STATUS_ARM
(Appears on:AccessPolicyEntry_STATUS_ARM)
Permissions the identity has for keys, secrets, certificates and storage.
| Field | Description |
|---|---|
certificates[]Permissions_Certificates_STATUS |
Certificates: Permissions to certificates |
keys[]Permissions_Keys_STATUS |
Keys: Permissions to keys |
secrets[]Permissions_Secrets_STATUS |
Secrets: Permissions to secrets |
storage[]Permissions_Storage_STATUS |
Storage: Permissions to storage accounts |
Permissions_Secrets
(string alias)
(Appears on:Permissions, Permissions_ARM)
| Value | Description |
|---|---|
"backup" |
|
"delete" |
|
"get" |
|
"list" |
|
"purge" |
|
"recover" |
|
"restore" |
|
"set" |
Permissions_Secrets_STATUS
(string alias)
(Appears on:Permissions_STATUS, Permissions_STATUS_ARM)
| Value | Description |
|---|---|
"backup" |
|
"delete" |
|
"get" |
|
"list" |
|
"purge" |
|
"recover" |
|
"restore" |
|
"set" |
Permissions_Storage
(string alias)
(Appears on:Permissions, Permissions_ARM)
| Value | Description |
|---|---|
"backup" |
|
"delete" |
|
"deletesas" |
|
"get" |
|
"getsas" |
|
"list" |
|
"listsas" |
|
"purge" |
|
"recover" |
|
"regeneratekey" |
|
"restore" |
|
"set" |
|
"setsas" |
|
"update" |
Permissions_Storage_STATUS
(string alias)
(Appears on:Permissions_STATUS, Permissions_STATUS_ARM)
| Value | Description |
|---|---|
"backup" |
|
"delete" |
|
"deletesas" |
|
"get" |
|
"getsas" |
|
"list" |
|
"listsas" |
|
"purge" |
|
"recover" |
|
"regeneratekey" |
|
"restore" |
|
"set" |
|
"setsas" |
|
"update" |
PrivateEndpointConnectionItem_STATUS
(Appears on:VaultProperties_STATUS)
Private endpoint connection item.
| Field | Description |
|---|---|
etagstring |
Etag: Modified whenever there is a change in the state of private endpoint connection. |
idstring |
Id: Id of private endpoint connection. |
privateEndpointPrivateEndpoint_STATUS |
PrivateEndpoint: Properties of the private endpoint object. |
privateLinkServiceConnectionStatePrivateLinkServiceConnectionState_STATUS |
PrivateLinkServiceConnectionState: Approval state of the private link connection. |
provisioningStatePrivateEndpointConnectionProvisioningState_STATUS |
ProvisioningState: Provisioning state of the private endpoint connection. |
PrivateEndpointConnectionItem_STATUS_ARM
(Appears on:VaultProperties_STATUS_ARM)
Private endpoint connection item.
| Field | Description |
|---|---|
etagstring |
Etag: Modified whenever there is a change in the state of private endpoint connection. |
idstring |
Id: Id of private endpoint connection. |
propertiesPrivateEndpointConnectionProperties_STATUS_ARM |
Properties: Private endpoint connection properties. |
PrivateEndpointConnectionProperties_STATUS_ARM
(Appears on:PrivateEndpointConnectionItem_STATUS_ARM)
Properties of the private endpoint connection resource.
| Field | Description |
|---|---|
privateEndpointPrivateEndpoint_STATUS_ARM |
PrivateEndpoint: Properties of the private endpoint object. |
privateLinkServiceConnectionStatePrivateLinkServiceConnectionState_STATUS_ARM |
PrivateLinkServiceConnectionState: Approval state of the private link connection. |
provisioningStatePrivateEndpointConnectionProvisioningState_STATUS |
ProvisioningState: Provisioning state of the private endpoint connection. |
PrivateEndpointConnectionProvisioningState_STATUS
(string alias)
(Appears on:PrivateEndpointConnectionItem_STATUS, PrivateEndpointConnectionProperties_STATUS_ARM)
The current provisioning state.
| Value | Description |
|---|---|
"Creating" |
|
"Deleting" |
|
"Disconnected" |
|
"Failed" |
|
"Succeeded" |
|
"Updating" |
PrivateEndpointServiceConnectionStatus_STATUS
(string alias)
(Appears on:PrivateLinkServiceConnectionState_STATUS, PrivateLinkServiceConnectionState_STATUS_ARM)
The private endpoint connection status.
| Value | Description |
|---|---|
"Approved" |
|
"Disconnected" |
|
"Pending" |
|
"Rejected" |
PrivateEndpoint_STATUS
(Appears on:PrivateEndpointConnectionItem_STATUS)
Private endpoint object properties.
| Field | Description |
|---|---|
idstring |
Id: Full identifier of the private endpoint resource. |
PrivateEndpoint_STATUS_ARM
(Appears on:PrivateEndpointConnectionProperties_STATUS_ARM)
Private endpoint object properties.
| Field | Description |
|---|---|
idstring |
Id: Full identifier of the private endpoint resource. |
PrivateLinkServiceConnectionState_ActionsRequired_STATUS
(string alias)
(Appears on:PrivateLinkServiceConnectionState_STATUS, PrivateLinkServiceConnectionState_STATUS_ARM)
| Value | Description |
|---|---|
"None" |
PrivateLinkServiceConnectionState_STATUS
(Appears on:PrivateEndpointConnectionItem_STATUS)
An object that represents the approval state of the private link connection.
| Field | Description |
|---|---|
actionsRequiredPrivateLinkServiceConnectionState_ActionsRequired_STATUS |
ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer. |
descriptionstring |
Description: The reason for approval or rejection. |
statusPrivateEndpointServiceConnectionStatus_STATUS |
Status: Indicates whether the connection has been approved, rejected or removed by the key vault owner. |
PrivateLinkServiceConnectionState_STATUS_ARM
(Appears on:PrivateEndpointConnectionProperties_STATUS_ARM)
An object that represents the approval state of the private link connection.
| Field | Description |
|---|---|
actionsRequiredPrivateLinkServiceConnectionState_ActionsRequired_STATUS |
ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer. |
descriptionstring |
Description: The reason for approval or rejection. |
statusPrivateEndpointServiceConnectionStatus_STATUS |
Status: Indicates whether the connection has been approved, rejected or removed by the key vault owner. |
Sku
(Appears on:VaultProperties)
SKU details
| Field | Description |
|---|---|
familySku_Family |
Family: SKU family name |
nameSku_Name |
Name: SKU name to specify whether the key vault is a standard vault or a premium vault. |
Sku_ARM
(Appears on:VaultProperties_ARM)
SKU details
| Field | Description |
|---|---|
familySku_Family |
Family: SKU family name |
nameSku_Name |
Name: SKU name to specify whether the key vault is a standard vault or a premium vault. |
Sku_Family
(string alias)
| Value | Description |
|---|---|
"A" |
Sku_Family_STATUS
(string alias)
(Appears on:Sku_STATUS, Sku_STATUS_ARM)
| Value | Description |
|---|---|
"A" |
Sku_Name
(string alias)
| Value | Description |
|---|---|
"premium" |
|
"standard" |
Sku_Name_STATUS
(string alias)
(Appears on:Sku_STATUS, Sku_STATUS_ARM)
| Value | Description |
|---|---|
"premium" |
|
"standard" |
Sku_STATUS
(Appears on:VaultProperties_STATUS)
SKU details
| Field | Description |
|---|---|
familySku_Family_STATUS |
Family: SKU family name |
nameSku_Name_STATUS |
Name: SKU name to specify whether the key vault is a standard vault or a premium vault. |
Sku_STATUS_ARM
(Appears on:VaultProperties_STATUS_ARM)
SKU details
| Field | Description |
|---|---|
familySku_Family_STATUS |
Family: SKU family name |
nameSku_Name_STATUS |
Name: SKU name to specify whether the key vault is a standard vault or a premium vault. |
SystemData_STATUS
(Appears on:Vault_STATUS)
Metadata pertaining to creation and last modification of the key vault resource.
| Field | Description |
|---|---|
createdAtstring |
CreatedAt: The timestamp of the key vault resource creation (UTC). |
createdBystring |
CreatedBy: The identity that created the key vault resource. |
createdByTypeIdentityType_STATUS |
CreatedByType: The type of identity that created the key vault resource. |
lastModifiedAtstring |
LastModifiedAt: The timestamp of the key vault resource last modification (UTC). |
lastModifiedBystring |
LastModifiedBy: The identity that last modified the key vault resource. |
lastModifiedByTypeIdentityType_STATUS |
LastModifiedByType: The type of identity that last modified the key vault resource. |
SystemData_STATUS_ARM
(Appears on:Vault_STATUS_ARM)
Metadata pertaining to creation and last modification of the key vault resource.
| Field | Description |
|---|---|
createdAtstring |
CreatedAt: The timestamp of the key vault resource creation (UTC). |
createdBystring |
CreatedBy: The identity that created the key vault resource. |
createdByTypeIdentityType_STATUS |
CreatedByType: The type of identity that created the key vault resource. |
lastModifiedAtstring |
LastModifiedAt: The timestamp of the key vault resource last modification (UTC). |
lastModifiedBystring |
LastModifiedBy: The identity that last modified the key vault resource. |
lastModifiedByTypeIdentityType_STATUS |
LastModifiedByType: The type of identity that last modified the key vault resource. |
Vault
Generator information: - Generated from: /keyvault/resource-manager/Microsoft.KeyVault/preview/2021-04-01-preview/keyvault.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
metadataKubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||
specVault_Spec |
|
||||||||||
statusVault_STATUS |
VaultProperties
(Appears on:Vault_Spec)
Properties of the vault
| Field | Description |
|---|---|
accessPolicies[]AccessPolicyEntry |
AccessPolicies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use
the same tenant ID as the key vault’s tenant ID. When |
createModeVaultProperties_CreateMode |
CreateMode: The vault’s create mode to indicate whether the vault need to be recovered or not. |
enablePurgeProtectionbool |
EnablePurgeProtection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. |
enableRbacAuthorizationbool |
EnableRbacAuthorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. |
enableSoftDeletebool |
EnableSoftDelete: Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. If it’s not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. |
enabledForDeploymentbool |
EnabledForDeployment: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
enabledForDiskEncryptionbool |
EnabledForDiskEncryption: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
enabledForTemplateDeploymentbool |
EnabledForTemplateDeployment: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
networkAclsNetworkRuleSet |
NetworkAcls: Rules governing the accessibility of the key vault from specific network locations. |
provisioningStateVaultProperties_ProvisioningState |
ProvisioningState: Provisioning state of the vault. |
skuSku |
Sku: SKU details |
softDeleteRetentionInDaysint |
SoftDeleteRetentionInDays: softDelete data retention days. It accepts >=7 and <=90. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
tenantIdFromConfiggenruntime.ConfigMapReference |
TenantIdFromConfig: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
vaultUristring |
VaultUri: The URI of the vault for performing operations on keys and secrets. |
VaultProperties_ARM
(Appears on:Vault_Spec_ARM)
Properties of the vault
| Field | Description |
|---|---|
accessPolicies[]AccessPolicyEntry_ARM |
AccessPolicies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use
the same tenant ID as the key vault’s tenant ID. When |
createModeVaultProperties_CreateMode |
CreateMode: The vault’s create mode to indicate whether the vault need to be recovered or not. |
enablePurgeProtectionbool |
EnablePurgeProtection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. |
enableRbacAuthorizationbool |
EnableRbacAuthorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. |
enableSoftDeletebool |
EnableSoftDelete: Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. If it’s not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. |
enabledForDeploymentbool |
EnabledForDeployment: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
enabledForDiskEncryptionbool |
EnabledForDiskEncryption: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
enabledForTemplateDeploymentbool |
EnabledForTemplateDeployment: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
networkAclsNetworkRuleSet_ARM |
NetworkAcls: Rules governing the accessibility of the key vault from specific network locations. |
provisioningStateVaultProperties_ProvisioningState |
ProvisioningState: Provisioning state of the vault. |
skuSku_ARM |
Sku: SKU details |
softDeleteRetentionInDaysint |
SoftDeleteRetentionInDays: softDelete data retention days. It accepts >=7 and <=90. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
vaultUristring |
VaultUri: The URI of the vault for performing operations on keys and secrets. |
VaultProperties_CreateMode
(string alias)
(Appears on:VaultProperties, VaultProperties_ARM)
| Value | Description |
|---|---|
"createOrRecover" |
|
"default" |
|
"purgeThenCreate" |
|
"recover" |
VaultProperties_CreateMode_STATUS
(string alias)
(Appears on:VaultProperties_STATUS, VaultProperties_STATUS_ARM)
| Value | Description |
|---|---|
"createOrRecover" |
|
"default" |
|
"purgeThenCreate" |
|
"recover" |
VaultProperties_ProvisioningState
(string alias)
(Appears on:VaultProperties, VaultProperties_ARM)
| Value | Description |
|---|---|
"RegisteringDns" |
|
"Succeeded" |
VaultProperties_ProvisioningState_STATUS
(string alias)
(Appears on:VaultProperties_STATUS, VaultProperties_STATUS_ARM)
| Value | Description |
|---|---|
"RegisteringDns" |
|
"Succeeded" |
VaultProperties_STATUS
(Appears on:Vault_STATUS)
Properties of the vault
| Field | Description |
|---|---|
accessPolicies[]AccessPolicyEntry_STATUS |
AccessPolicies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use
the same tenant ID as the key vault’s tenant ID. When |
createModeVaultProperties_CreateMode_STATUS |
CreateMode: The vault’s create mode to indicate whether the vault need to be recovered or not. |
enablePurgeProtectionbool |
EnablePurgeProtection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. |
enableRbacAuthorizationbool |
EnableRbacAuthorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. |
enableSoftDeletebool |
EnableSoftDelete: Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. If it’s not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. |
enabledForDeploymentbool |
EnabledForDeployment: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
enabledForDiskEncryptionbool |
EnabledForDiskEncryption: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
enabledForTemplateDeploymentbool |
EnabledForTemplateDeployment: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
hsmPoolResourceIdstring |
HsmPoolResourceId: The resource id of HSM Pool. |
networkAclsNetworkRuleSet_STATUS |
NetworkAcls: Rules governing the accessibility of the key vault from specific network locations. |
privateEndpointConnections[]PrivateEndpointConnectionItem_STATUS |
PrivateEndpointConnections: List of private endpoint connections associated with the key vault. |
provisioningStateVaultProperties_ProvisioningState_STATUS |
ProvisioningState: Provisioning state of the vault. |
skuSku_STATUS |
Sku: SKU details |
softDeleteRetentionInDaysint |
SoftDeleteRetentionInDays: softDelete data retention days. It accepts >=7 and <=90. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
vaultUristring |
VaultUri: The URI of the vault for performing operations on keys and secrets. |
VaultProperties_STATUS_ARM
(Appears on:Vault_STATUS_ARM)
Properties of the vault
| Field | Description |
|---|---|
accessPolicies[]AccessPolicyEntry_STATUS_ARM |
AccessPolicies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use
the same tenant ID as the key vault’s tenant ID. When |
createModeVaultProperties_CreateMode_STATUS |
CreateMode: The vault’s create mode to indicate whether the vault need to be recovered or not. |
enablePurgeProtectionbool |
EnablePurgeProtection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. |
enableRbacAuthorizationbool |
EnableRbacAuthorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. |
enableSoftDeletebool |
EnableSoftDelete: Property to specify whether the ‘soft delete’ functionality is enabled for this key vault. If it’s not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. |
enabledForDeploymentbool |
EnabledForDeployment: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
enabledForDiskEncryptionbool |
EnabledForDiskEncryption: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
enabledForTemplateDeploymentbool |
EnabledForTemplateDeployment: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
hsmPoolResourceIdstring |
HsmPoolResourceId: The resource id of HSM Pool. |
networkAclsNetworkRuleSet_STATUS_ARM |
NetworkAcls: Rules governing the accessibility of the key vault from specific network locations. |
privateEndpointConnections[]PrivateEndpointConnectionItem_STATUS_ARM |
PrivateEndpointConnections: List of private endpoint connections associated with the key vault. |
provisioningStateVaultProperties_ProvisioningState_STATUS |
ProvisioningState: Provisioning state of the vault. |
skuSku_STATUS_ARM |
Sku: SKU details |
softDeleteRetentionInDaysint |
SoftDeleteRetentionInDays: softDelete data retention days. It accepts >=7 and <=90. |
tenantIdstring |
TenantId: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
vaultUristring |
VaultUri: The URI of the vault for performing operations on keys and secrets. |
Vault_STATUS
(Appears on:Vault)
Resource information with extended details.
| Field | Description |
|---|---|
conditions[]genruntime/conditions.Condition |
Conditions: The observed state of the resource |
idstring |
Id: Fully qualified identifier of the key vault resource. |
locationstring |
Location: Azure location of the key vault resource. |
namestring |
Name: Name of the key vault resource. |
propertiesVaultProperties_STATUS |
Properties: Properties of the vault |
systemDataSystemData_STATUS |
SystemData: System metadata for the key vault. |
tagsmap[string]string |
Tags: Tags assigned to the key vault resource. |
typestring |
Type: Resource type of the key vault resource. |
Vault_STATUS_ARM
Resource information with extended details.
| Field | Description |
|---|---|
idstring |
Id: Fully qualified identifier of the key vault resource. |
locationstring |
Location: Azure location of the key vault resource. |
namestring |
Name: Name of the key vault resource. |
propertiesVaultProperties_STATUS_ARM |
Properties: Properties of the vault |
systemDataSystemData_STATUS_ARM |
SystemData: System metadata for the key vault. |
tagsmap[string]string |
Tags: Tags assigned to the key vault resource. |
typestring |
Type: Resource type of the key vault resource. |
Vault_Spec
(Appears on:Vault)
| Field | Description |
|---|---|
azureNamestring |
AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. |
locationstring |
Location: The supported Azure location where the key vault should be created. |
ownergenruntime.KnownResourceReference |
Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource |
propertiesVaultProperties |
Properties: Properties of the vault |
tagsmap[string]string |
Tags: The tags that will be assigned to the key vault. |
Vault_Spec_ARM
| Field | Description |
|---|---|
locationstring |
Location: The supported Azure location where the key vault should be created. |
namestring |
|
propertiesVaultProperties_ARM |
Properties: Properties of the vault |
tagsmap[string]string |
Tags: The tags that will be assigned to the key vault. |
VirtualNetworkRule
(Appears on:NetworkRuleSet)
A rule governing the accessibility of a vault from a specific virtual network.
| Field | Description |
|---|---|
ignoreMissingVnetServiceEndpointbool |
IgnoreMissingVnetServiceEndpoint: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. |
referencegenruntime.ResourceReference |
Reference: Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. |
VirtualNetworkRule_ARM
(Appears on:NetworkRuleSet_ARM)
A rule governing the accessibility of a vault from a specific virtual network.
| Field | Description |
|---|---|
idstring |
|
ignoreMissingVnetServiceEndpointbool |
IgnoreMissingVnetServiceEndpoint: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. |
VirtualNetworkRule_STATUS
(Appears on:NetworkRuleSet_STATUS)
A rule governing the accessibility of a vault from a specific virtual network.
| Field | Description |
|---|---|
idstring |
Id: Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. |
ignoreMissingVnetServiceEndpointbool |
IgnoreMissingVnetServiceEndpoint: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. |
VirtualNetworkRule_STATUS_ARM
(Appears on:NetworkRuleSet_STATUS_ARM)
A rule governing the accessibility of a vault from a specific virtual network.
| Field | Description |
|---|---|
idstring |
Id: Full resource id of a vnet subnet, such as ‘/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1’. |
ignoreMissingVnetServiceEndpointbool |
IgnoreMissingVnetServiceEndpoint: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. |