The Azure Quickstart templates are currently available in English

Create a KeyVault

게시자: Brian Moore
마지막 업데이트: 2020-10-01

This module allows you to create a KeyVault.

이 Azure Resource Manager 템플릿은 Microsoft가 아니라 커뮤니티 구성원에 의해 만들어졌습니다. 각 Resource Manager 템플릿은 Microsoft가 아닌 해당 소유자의 사용권 계약에 의거하여 사용이 허가됩니다. Microsoft는 커뮤니티 구성원에 의해 제공 및 라이선스가 부여된 Resource Manager 템플릿에 대해 책임이 없으며, 보안, 호환성 또는 성능을 검사하지 않습니다. 커뮤니티 Resource Manager 템플릿은 Microsoft 지원 프로그램 또는 서비스에서 지원되지 않고, 어떠한 보증도 없이 있는 그대로 제공됩니다.

매개 변수

매개 변수 이름 설명
vaultName Specifies the name of the KeyVault, this value must be globally unique.
location Specifies the Azure location where the key vault should be created.
enabledForDeployment Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
enablePurgeProtection Property specifying whether protection against purge is enabled for this vault. This property does not accept false but enabled here to allow for this to be optional, if false, the property will not be set.
enableRbacAuthorization Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored.
enableSoftDelete Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
softDeleteRetentionInDays softDelete data retention days, only used if enableSoftDelete is true. It accepts >=7 and <=90.
tenantId Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.
networkRuleBypassOptions Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
NetworkRuleAction The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules An array of IPv4 addresses or rangea in CIDR notation, e.g. '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
accessPolicies An complex object array that contains the complete definition of the access policy.
virtualNetworkRules An array for resourceIds for the virtualNetworks allowed to access the vault.
skuName Specifies whether the key vault is a standard vault or a premium vault.
tags Tags to be assigned to the KeyVault.

템플릿 사용

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/modules/Microsoft.KeyVault/vaults/1.0/azuredeploy.json
Azure PowerShell 설치 및 구성

명령줄

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/modules/Microsoft.KeyVault/vaults/1.0/azuredeploy.json
Azure 크로스 플랫폼 명령줄 인터페이스 설치 및 구성