Microsoft.KeyVault managedHSMs 2020-04-01-preview

The managedHSMs resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.KeyVault/managedHSMs resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.KeyVault/managedHSMs@2020-04-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  sku: {
    family: 'B'
    name: 'string'
  properties: {
    createMode: 'string'
    enablePurgeProtection: bool
    enableSoftDelete: bool
    initialAdminObjectIds: [ 'string' ]
    softDeleteRetentionInDays: int
    tenantId: 'string'

Property values


Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
name The resource name string (required)
location The supported Azure location where the managed HSM Pool should be created. string
tags Resource tags Dictionary of tag names and values. See Tags in templates
sku SKU details ManagedHsmSku
properties Properties of the managed HSM Pool ManagedHsmProperties


Name Description Value
createMode The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. 'default'
enablePurgeProtection Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible. bool
enableSoftDelete Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. If it's not set to any value(true or false) when creating new managed HSM pool, it will be set to true by default. Once set to true, it cannot be reverted to false. bool
initialAdminObjectIds Array of initial administrators object ids for this managed hsm pool. string[]
softDeleteRetentionInDays softDelete data retention days. It accepts }=7 and {=90. int
tenantId The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool. string


Name Description Value
family SKU Family of the managed HSM Pool 'B'
name SKU of the managed HSM Pool 'Custom_B32'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create an Azure Key Vault Managed HSM

Deploy to Azure
This template creates an Azure Key Vault Managed HSM.