Quickstart: Create a Managed HSM using an Azure Resource Manager template

Je li ova stranica od pomoći?

Imate dodatne povratne informacije?

Povratne informacije će biti poslane kompaniji Microsoft: pritiskom na dugme za slanje, vaše povratne informacije će se koristiti za unapređivanje proizvoda i usluga kompanije Microsoft. Pravila privatnosti.

Managed HSM is a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguards cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs.

This quickstart focuses on the process of deploying a Resource Manager template to create a Managed HSM. Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. If you want to learn more about developing Resource Manager templates, see Resource Manager documentation and the template reference.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

To complete the steps in this article, you must have the following items:

• A subscription to Microsoft Azure. If you don't have one, you can sign up for a free trial.
• The Azure CLI version 2.12.0 or later. Run az --version to find the version. If you need to install or upgrade, see Install the Azure CLI

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.

To start Azure Cloud Shell:

Option	Example/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell.
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser.
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal.

To run the code in this article in Azure Cloud Shell:

1. Start Cloud Shell.

2. Select the Copy button on a code block to copy the code.

3. Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.

4. Select Enter to run the code.

Sign in to Azure

To sign in to Azure using the CLI, you can type:

az login

For more information on login options via the CLI, see sign in with Azure CLI

Create a Managed HSM

The template used in this quickstart is from Azure Quickstart templates.

The Azure resource defined in the template:

• Microsoft.KeyVault/managedHSMs: create an Azure Key Vault Managed HSM.

More Azure Key Vault template samples can be found here.

The template requires the object ID associated with your account. To find it, use the Azure CLI az ad user show command, passing your email address to the --id parameter. You can limit the output to the object ID only with the --query parameter.

az ad user show --id <your-email-address> --query "objectId"

You may also need your tenant ID. To find it, use the Azure CLI az ad user show command. You can limit the output to the tenant ID only with the --query parameter.

az account show --query "tenantId"

1. Select the following image to sign in to Azure and open a template. The template creates a Managed HSM.

   

2. Select or enter the following values.

   Unless it is specified, use the default value to create the Managed HSM.

   • Subscription: Select an Azure subscription.
   • Resource group: Select Create new, enter a unique name for the resource group, and then select OK.
   • Location: Select a location. For example, West US 3.
   • managedHSMName: Enter a name for your Managed HSM.
   • Tenant ID: The template function automatically retrieves your tenant ID; don't change the default value. If there is no value, enter the Tenant ID that you retrieved in Prerequisites.
   • initialAdminObjectIds: Enter the Object ID that you retrieved in Prerequisites.

3. Select Purchase. After the Managed HSM has been deployed successfully, you get a notification:

The Azure portal is used to deploy the template. In addition to the Azure portal, you can also use the Azure PowerShell, Azure CLI, and REST API. To learn other deployment methods, see Deploy templates.

Next steps

In this quickstart, you created a Managed HSM. This Managed HSM will not be fully functional until it is activated. See Activate your Managed HSM to learn how to activate your HSM.

• Read an Overview of Managed HSM
• Learn about Managing keys in a Managed HSM
• Review Managed HSM best practices