Create a Key Vault

Sean Barnes 提供
上次更新时间: 2017/9/8

This template creates a Key Vault and assigns permissions to the supplied objectId (principal).

此 Azure Resource Manager (ARM) 模板由社区的某个成员(而不是由 Microsoft)创建。每个 ARM 模板都根据其所有者(不是 Microsoft)的许可协议向你授予许可。Microsoft 不对由社区成员提供并授予许可的 ARM 模板负责,并且不针对安全性、兼容性和性能进行筛选。社区 ARM 模板不由任何 Microsoft 支持计划或服务提供支持,按“原样”提供,没有任何种类的担保。

参数

参数名 说明
keyVaultName Name of the Vault
tenantId Tenant Id of the subscription. Get using Get-AzureRmSubscription cmdlet or Get Subscription API
objectId Object Id of the AD user. Get using Get-AzureRmADUser or Get-AzureRmADServicePrincipal cmdlets
keysPermissions Permissions to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify.
secretsPermissions Permissions to secrets in the vault. Valid values are: all, get, set, list, and delete.
skuName SKU for the vault
enableVaultForDeployment Specifies if the vault is enabled for a VM deployment
enableVaultForDiskEncryption Specifies if the azure platform has access to the vault for enabling disk encryption scenarios.
enabledForTemplateDeployment Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.

使用模板

PowerShell

New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/101-key-vault-create/azuredeploy.json
安装和配置 Azure PowerShell

命令行

azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/101-key-vault-create/azuredeploy.json
安装和配置 Azure 跨平台命令行界面