This module allows you to create a KeyVault.
This Azure Resource Manager (ARM) template was created by a member of the community and not by Microsoft. Each ARM template is licensed to you under a licence agreement by its owner, not Microsoft. Microsoft is not responsible for ARM templates provided and licensed by community members and does not screen for security, compatibility or performance. Community ARM templates are not supported under any Microsoft support programme or service and are made available AS IS without warranty of any kind.
Parameters
| Parameter Name | Description |
|---|---|
| vaultName | Specifies the name of the KeyVault, this value must be globally unique. |
| location | Specifies the Azure location where the key vault should be created. |
| enabledForDeployment | Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. |
| enabledForDiskEncryption | Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. |
| enabledForTemplateDeployment | Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault. |
| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. This property does not accept false but enabled here to allow for this to be optional, if false, the property will not be set. |
| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. |
| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. |
| softDeleteRetentionInDays | softDelete data retention days, only used if enableSoftDelete is true. It accepts >=7 and <=90. |
| tenantId | Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet. |
| networkRuleBypassOptions | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. |
| NetworkRuleAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. |
| ipRules | An array of IPv4 addresses or rangea in CIDR notation, e.g. '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). |
| accessPolicies | An complex object array that contains the complete definition of the access policy. |
| virtualNetworkRules | An array for resourceIds for the virtualNetworks allowed to access the vault. |
| skuName | Specifies whether the key vault is a standard vault or a premium vault. |
| tags | Tags to be assigned to the KeyVault. |
Use the template
PowerShell
New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstall and configure Azure PowerShell
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/modules/Microsoft.KeyVault/vaults/1.0/azuredeploy.json
Command line
az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstall and Configure the Azure Cross-Platform Command-Line Interface
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/modules/Microsoft.KeyVault/vaults/1.0/azuredeploy.json