Skip navigation

Create Key Vault with logging

Last updated: 15/02/2017

This template creates a Key Vault and a storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources.

This Azure Resource Manager (ARM) template was created by a member of the community and not by Microsoft. Each ARM template is licensed to you under a licence agreement by its owner, not Microsoft. Microsoft is not responsible for ARM templates provided and licensed by community members and does not screen for security, compatibility or performance. Community ARM templates are not supported under any Microsoft support programme or service, and are made available AS IS without warranty of any kind.


Parameter Name Description
keyVaultName KeyVault name
accessPolicies Access policies object {"tenantId":"","objectId":"","permissions":{"keys":[""],"secrets":[""]}}
logsRetentionInDays Specifies the number of days that logs are gonna be kept. If you do not want to apply any retention policy and retain data forever, set value to 0.
enableVaultForDeployment Specifies if the vault is enabled for deployment by script or compute (VM, Service Fabric, ...)
enableVaultForTemplateDeployment Specifies if the vault is enabled for a template deployment
enableVaultForDiskEncryption Specifies if the azure platform has access to the vault for enabling disk encryption scenarios.
vaultSku Specifies the SKU for the vault
protectWithLocks (no description available)
location Location for all resources.

Use the template


New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri
Installing and configuring Azure PowerShell

Command line

azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri
Installing and configuring the Azure cross-platform command-line interface