Create Key Vault with logging enabled

Stephane Lapointe tarafından
Son güncelleme tarihi: 20.02.2019

This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources.

Bu Azure Resource Manager (ARM) şablonu Microsoft tarafından değil bir topluluk üyesi tarafından oluşturulmuştur. Her bir ARM şablonu size Microsoft tarafından değil, bir lisans sözleşmesi altında sahibi tarafından lisanslanmıştır. Microsoft, topluluk üyeleri tarafından sağlanan ve lisanslanan ARM şablonlarından sorumlu değildir ve güvenlik, uyumluluk ve performans denetimi yapmaz. Topluluk ARM şablonları herhangi bir Microsoft destek programı veya hizmeti altında desteklenmez ve herhangi bir garanti olmaksızın OLDUĞU GİBİ kullanıma sunulur.

Parametreler

Parametre Adı Açıklama
keyVaultName Specifies the name of the key vault.
location Specifies the location for all resources.
enableVaultForDeployment Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enableVaultForTemplateDeployment Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
enableVaultForDiskEncryption Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
tenantId Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.
objectId Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets.
keysPermissions Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge.
secretsPermissions Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge.
vaultSku Specifies the SKU for the key vault
logsRetentionInDays Specifies the number of days that logs are gonna be kept. If you do not want to apply any retention policy and retain data forever, set value to 0.
protectWithLocks (açıklama yok)
_artifactsLocation The location of resources, such as templates and DSC modules, that the template depends on
_artifactsLocationSasToken Auto-generated token to access _artifactsLocation

Şablonu kullanın

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-key-vault-with-logging-create/azuredeploy.json
Azure PowerShell'i yükleme ve yapılandırma

Komut satırı

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-key-vault-with-logging-create/azuredeploy.json
Azure Platformlar Arası Komut Satırı Arabirimini Yükleme ve Yapılandırma