The Azure Quickstart templates are currently available in English

Create Key Vault with logging enabled

Stephane Lapointe 提供
上次更新日期: 2019/2/20

This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources.

此 Azure Resource Manager (ARM) 範本是由社群成員 (而非 Microsoft) 建立。每個 ARM 範本都是由其擁有者 (而非 Microsoft) 依據授權合約授權給您。Microsoft 並不負責社群成員所提供和授權的 ARM 範本,而不會為了安全性、相容性或效能進行篩選。社群 ARM 範本並未依據任何 Microsoft 支援方案或服務提供支援,而且會在沒有任何擔保的情況下依現況提供。

參數

參數名稱 說明
keyVaultName Specifies the name of the key vault.
location Specifies the location for all resources.
enableVaultForDeployment Specifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enableVaultForTemplateDeployment Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
enableVaultForDiskEncryption Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
tenantId Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Get it by using Get-AzSubscription cmdlet.
objectId Specifies the object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. Get it by using Get-AzADUser or Get-AzADServicePrincipal cmdlets.
keysPermissions Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge.
secretsPermissions Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge.
vaultSku Specifies the SKU for the key vault
logsRetentionInDays Specifies the number of days that logs are gonna be kept. If you do not want to apply any retention policy and retain data forever, set value to 0.
protectWithLocks (沒有可用的說明)
_artifactsLocation The location of resources, such as templates and DSC modules, that the template depends on
_artifactsLocationSasToken Auto-generated token to access _artifactsLocation

使用範本

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-key-vault-with-logging-create/azuredeploy.json
安裝和設定 Azure PowerShell

命令列

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-key-vault-with-logging-create/azuredeploy.json
安裝和設定 Azure 跨平台命令列介面