The Azure Quickstart templates are currently available in English

Create a KeyVault

Data ultimo aggiornamento: 01/10/2020

This module allows you to create a KeyVault.

Questo modello di Azure Resource Manager è stato creato da un membro della community e non da Microsoft. Ogni modello di Azure Resource Manager viene concesso in licenza ai sensi di un contratto di licenza a cura del proprietario e non di Microsoft. Microsoft non è responsabile dei modelli di Azure Resource Manager forniti e concessi in licenza da membri della community e non ne verifica la sicurezza, la compatibilità o le prestazioni. I modelli di Azure Resource Manager della community non sono supportati nell'ambito di alcun programma o servizio di supporto tecnico Microsoft e vengono resi disponibili COSÌ COME SONO senza garanzie di alcun tipo.


Nome parametro Descrizione
vaultName Specifies the name of the KeyVault, this value must be globally unique.
location Specifies the Azure location where the key vault should be created.
enabledForDeployment Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
enablePurgeProtection Property specifying whether protection against purge is enabled for this vault. This property does not accept false but enabled here to allow for this to be optional, if false, the property will not be set.
enableRbacAuthorization Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored.
enableSoftDelete Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
softDeleteRetentionInDays softDelete data retention days, only used if enableSoftDelete is true. It accepts >=7 and <=90.
tenantId Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.
networkRuleBypassOptions Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
NetworkRuleAction The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules An array of IPv4 addresses or rangea in CIDR notation, e.g. '' (simple IP address) or '' (all addresses that start with 124.56.78).
accessPolicies An complex object array that contains the complete definition of the access policy.
virtualNetworkRules An array for resourceIds for the virtualNetworks allowed to access the vault.
skuName Specifies whether the key vault is a standard vault or a premium vault.
tags Tags to be assigned to the KeyVault.

Usa il modello


New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri
Installare e configurare Azure PowerShell

Riga di comando

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri
Installare e configurare l'interfaccia della riga di comando multipiattaforma di Azure